[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CONDUIT #PGY-808322]: Upcoming NCEP CONDUIT maintenance

Subject: [CONDUIT #PGY-808322]: Upcoming NCEP CONDUIT maintenance
Date: Thu, 05 Jun 2014 16:09:51 -0600

Hi Kyle,

re: LDM access to ncepldm4.woc.noaa.gov from atm.ucar.edu and daffy.ucar.edu

> There shouldn't be anything blocking you at that point and I do see
> connections on the LDM servers coming in from the new IP address provided.

Just to make sure we are talking about the same thing:

128.117.12.35   <-> atm.ucar.edu
128.117.140.208 <-> daffy.unidata.ucar.edu

Also, if the problem was lack of an appropriate ALLOW for either
machine in the ~ldm/etc/ldmd.conf file on ncepldm4.woc.noaa.gov (meaning
on any of the real servers that comprise this cluster), then we would
expect a completely different response to:

notifyme -vl- -f CONDUIT -h ncepldm4.woc.noaa.gov

The lack of a response strongly suggests to me that the connection attempt
is being blocked by a firewall.

re:
> Can you do a telnet or netcat to port 388 successfully?

% telnet ncepldm4.woc.noaa.gov 388
Trying 140.172.17.205...
^C

Hold on, the telnet attempt from daffy returned:

% telnet ncepldm4.woc.noaa.gov 388
Trying 140.172.17.205...
telnet: connect to address 140.172.17.205: No route to host

This does not seem like a problem on our end.

By the way for backtracking:

- we have defined set of aliases for our different subnets as
  follows (from our /etc/hosts):

128.117.130.220 conduit1.unidata.ucar.edu       conduit1        # Virtual 
interface - Conduit reception
128.117.140.220 conduit.unidata.ucar.edu        conduit         # Virtual 
Interface - Conduit reception
128.117.149.220 conduit3.unidata.ucar.edu       conduit3        # Virtual 
Interface - Conduit reception
128.117.156.220 conduit2.unidata.ucar.edu       conduit2        # Virtual 
Interface - Conduit reception

  Given this, and since I am under the impression that the firewall was
  opened for one of these and not daffy.unidata.ucar.edu (128.117.140.208),
  it is possible that the access for REQUESTs on the Boulder firewall
  are incorrect.  BUT, this comment does not apply to the inability of
  atm.ucar.edu to REQUEST (or telnet to port 388) data from ncepldm4.

Perhaps it would be a good idea to talk about this tomorrow? (I have to leave
in a few minutes, and our system administrator just left for the day)

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: PGY-808322
Department: Support CONDUIT
Priority: Normal
Status: Closed

Prev by Date: [CONDUIT #PGY-808322]: Upcoming NCEP CONDUIT maintenance
Next by Date: [CONDUIT #PGY-808322]: Upcoming NCEP CONDUIT maintenance
Previous by thread: [CONDUIT #PGY-808322]: Upcoming NCEP CONDUIT maintenance
Next by thread: [CONDUIT #PGY-808322]: Upcoming NCEP CONDUIT maintenance
Index(es):
- Date
- Thread