Firewalls

Mar 21, 2012 at 3:05 PM

A few users have asked me how to deal with firewalls, and I've revised the documentation.  Basically you need to unblock what could be quite a few port numbers.  Isis uses ISIS_PORTNO for IP multicast, ISIS_PORTNOp for UDP and TCP, and sets ISIS_PORTNOa=ISIS_PORTNOp+1 and then uses it for UDP and TCP as well.  But if you run multiple copies of an application that uses Isis on the same node, sharing one IP address, they conflict when trying to use ISIS_PORTNOp and ISIS_PORTNOa, and solve this by incrementing both by 2's until they find an unused sequence (e.g. if the original values were (12345,12346) they next try (12347,12348), etc).  If a firewall blocks point to point traffic between the various pairs of port numbers that result, the system will not be stable and will probably poison some applications or even shut down entirely.