perfSONAR User Q&A and Other Discussion

[Winnie Lacesso <>]

Good afternoon!

Thank you very much for the info+pointer Shawn!

On Mon, 9 Feb 2015, Shawn McKee wrote:
> We have a prototype instance of the monitoring at
> https://maddash.aglt2.org/WLCGperfSONAR/check_mk/index.py?start_url=%2FWLCGperfSONAR%2Fcheck_mk%2Fview.py%3Fview_name%3Dhosts%26host%3Dbris
> 
> If you try that URL you will see your sites ARE all green

Hurrah!

> It seems like the OSG subnet 129.79.53.0/24 may still be blocked? 

Well this is what iptables has (both Bw & Lat):

root@lcgnetmon02>
 iptables -nL | grep 443         
ACCEPT     tcp  --  129.79.53.0/24       0.0.0.0/0           tcp dpt:443 
ACCEPT     tcp  --  137.138.0.0/17       0.0.0.0/0           tcp dpt:443 
ACCEPT     tcp  --  192.41.231.110       0.0.0.0/0           tcp dpt:443 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 
80,443 

Is only port 443 needed (< 1024) or is the check querying other < 1024 ports? 

On this subnet, ports > 1024 are not firewalled, so if 192.41 can get all the
info & go green, 129.79 should be able to.

> Are there any messages in /var/log/message regarding IPTABLE drops?

No, but I don't think dropped packets are logged (I could be wrong about
that; I think log of stuff from iptables is only logging mangled fragments, I
could be wrong about that). 129.79.53 does not appear in 
/var/log/messages, although lots of others are:

Feb 10 13:46:47 lcgnetmon kernel: [iptables]: IN=eth0 OUT= 
MAC=00:30:48:55:a0:78:00:24:38:8a:bc:00:08:00 SRC=85.25.103.50 
DST=137.222.171.35 LEN=40 TOS=0x10 PREC=0x00 TTL=113 ID=4963 PROTO=TCP 
SPT=36459 DPT=9600 WINDOW=37104 RES=0x00 SYN URGP=0 

Germany poking at 9600 = MICROMUSE-NCPW, BOO! 

Feb 10 13:48:15 lcgnetmon kernel: [iptables]: IN=eth0 OUT= 
MAC=00:30:48:55:a0:78:00:24:38:8a:bc:00:08:00 SRC=94.242.254.112 
DST=137.222.171.35 LEN=435 TOS=0x00 PREC=0x00 TTL=52 ID=54145 DF PROTO=UDP 
SPT=5067 DPT=5060 LEN=415 

Lithuania poking at 5060 = SIP, BOO!

Feb 10 13:44:52 lcgnetmon kernel: [iptables]: IN=eth0 OUT= 
MAC=00:30:48:55:a0:78:00:24:38:8a:bc:00:08:00 SRC=193.136.75.146 
DST=137.222.171.35 LEN=40 TOS=0x00 PREC=0x00 TTL=5 ID=40688 PROTO=UDP 
SPT=48889 DPT=33485 LEN=20 

Portuguese perfsonar server

Feb 10 13:48:10 lcgnetmon02 kernel: [iptables]: IN=eth0 OUT= 
MAC=00:14:22:0a:88:96:00:24:38:8a:bc:00:08:00 SRC=206.12.9.1 
DST=137.222.171.39 LEN=40 TOS=0x00 PREC=0x00 TTL=3 ID=29756 PROTO=UDP 
SPT=54715 DPT=33498 LEN=20

triumf.ca perfsonar......


Lots logged in /var/log/httpd/*log files from 129.79.53:

/var/log/httpd/ssl_access_log:129.79.53.161 - - [10/Feb/2015:09:47:30 +0000] 
"GET /toolkit/ HTTP/1.1" 200 15736
/var/log/httpd/ssl_access_log:129.79.53.159 - - [10/Feb/2015:12:36:23 +0000] 
"GET /toolkit HTTP/1.1" 301 344

/var/log/httpd/ssl_request_log:[10/Feb/2015:12:36:23 +0000] 129.79.53.159 
TLSv1 ECDHE-RSA-AES256-SHA "GET /toolkit HTTP/1.1" 344
/var/log/httpd/ssl_request_log:[10/Feb/2015:12:36:23 +0000] 129.79.53.159 
TLSv1 ECDHE-RSA-AES256-SHA "GET /toolkit/ HTTP/1.1" 15710

/var/log/httpd/access_log:129.79.53.159 - - [09/Feb/2015:14:12:11 +0000] "GET 
/toolkit/?format=json HTTP/1.1" 200 1770 "-" "PycURL/7.19.7"

That's the same on both Bw & Lat boxen. So 129.79.53 can get thru.

> I just refreshed the tests on pfomd.grid.iu.edu but I am still seeing 
> some problems.

Can you ditto again? All those 2014-12-25 dates are way old.

Thank you most kindly for your patient help!