[zeromq-dev] 0MQ and Firewalls

Steven McCoy steven.mccoy at miru.hk
Tue Oct 5 06:55:35 CEST 2010


On 5 October 2010 10:01, John McLaughlin - PTIR <john.mclaughlin at promise.com
> wrote:

>  My assumptions are:
>
>    1. Further, I assume #5 above, PGM (server publishing) would not work
>    through a firewall.
>
> PGM can work fine through a configured firewall, if you really would want
to is another question.  The firewall will slow down all packets and you
will need some pretty good hardware to keep up with the high packet rate
when at full speed.  29 West has some good information on firewalls and
multicast performance.

If we're talking about core routers then with IPv4 by default you are not
going to have any multicast routing and so it needs to be added.  You would
also need to allow unicast traffic from receiver to source unless you have a
PGM Router Assist enabled router with it enabled.

It is a complicated topic and needs significant planning from your network
team to determine the scope of the multicast traffic and your site routing
policies.  You might also need to bring in your vendor to determine whether
you need to upgrade your network hardware to sufficiently support your
requirements.

The 0MQ documentation includes some notes on using 0MQ devices to simplify
routing and thereby simplify firewall configuration by deploying PGM to TCP
forwarders.

PGM and NAT is another question, I don't think you will find multicast and
UDP unicast is going to work too well there unless you are using a
uni-directional broadcast with no back channel and presumably FEC for
repairs.

-- 
Steve-o
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20101005/94d289ef/attachment.htm>


More information about the zeromq-dev mailing list