Opening ports for a host

RESOLVED INVALID

Status

RESOLVED INVALID
3 years ago
3 years ago

People

(Reporter: dragana, Assigned: dcurado)

Tracking

other
Bug Flags:
sec-review -

Details

(Reporter)

Description

3 years ago
For network test that we want to do we will need a host in DC that is listening to some ports. So i would need the ports to be open for access from the Internet.

For the beginning only me and maybe a couple of other people we be accessing this test.

the host is network-tests1.dmz.scl3.mozilla.com
the ports: 61590, 2708, 891, 443, 80
both for UDP and TCP.

The application running on the host will send and receive a large amount of data (the data is just random bites) and measure and log throughput.
(Assignee)

Comment 1

3 years ago
Can you tell us more?
What software is this?
What problem are we solving with it?
When you say "large amount of data", can you please be more specific?
Please understand that you are asking to test software that produces large amounts
of traffic, open to the Internet... on a production network.
Have you considered running this in a lab environment first, rather than on our production network?
Thanks.

As you are requesting ports be open to the Internet, I will ask OpSec to review your request and
bless your request with their approval.
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
Flags: sec-review?(mpurzynski)
Can you tell us a little more about the application and intended use? I agree with Dave here, running something we don't know anything about (apart from things that make me worry about stability) as a part of a production network seems difficult.
Flags: sec-review?(mpurzynski) → sec-review-
(Reporter)

Comment 3

3 years ago

Protocols like QUIC uses udp instead of tcp and these tests are suppose to collect some data about what we can expect if we use udp for web surfing.

There are 2 kind of tests:
1) reachability tests - is it possible to connect to a port using tcp and udp (this test will send just about 1kB in both direction)
2) test if it is possible to achieve the same rate using udp as it is using tcp (there are some networks where udp is throttled) (because we are testing rate here we will need to get tcp to its steady-state behavior and this can take couple of seconds depending on bandwidth available - so the test is going to send data as fast as possible for couple of seconds)
 

The point of this test is to test experience of the real users and therefore there will be a adon asking users if they want to do the tests.

For these tests we need the host that the addon is going to connect to and I wanted to use this vpn for that for the beginning. I don't know our IT infrastructure so I do not know where is the best place to put this service.I have talked with Chris Knowles about what are options and he suggested to start with a vpn to prepare the tests.  If you have better suggestion I am ok with anything.


The software that is going to run on the vpn is written by me. It is not finished jet.
the code is at:
https://github.com/ddragana/network_tests_012015/tree/master/server

but as this is a work in progress there is a big update coming this week. And the code still needs to be reviewed :)

If you need any additional question just contact me again, we can also talk over vidyo.
(Assignee)

Comment 4

3 years ago
I am lost.
I know about QUIC.
I don't know what you mean by saying you when you say "start with a vpn" -- what VPN?
Do you mean you'll have our own employees test this using the OpenVPN?

Maybe we should back up and start again?

 - you're writing a firefox addon, which is supposed to use QUIC, so you can
   test what the throughput looks like.  Right?
 - Who is going to get this addon?
 - When the end user activates the test, what destination IP are the packets going to go to?
 - How much TCP and/or QUIC traffic will each user generate?
 - How many simultaneous end users will be running tests?

Not clear to me that using our production network is the right place for this, but 
maybe we can help figure this out.

Thanks
Neither am I. This sounds like a perfect usage case for the IT AWS - an experimental service with (yet) unknown capacity needs, isolated from production.

Cloud should allow for a nice and easy scaling up and down, should you need it, and a rapid deployment.
(Reporter)

Comment 6

3 years ago

(In reply to Michal Purzynski [:michal`] (use NEEDINFO) from comment #5)
> Neither am I. This sounds like a perfect usage case for the IT AWS - an
> experimental service with (yet) unknown capacity needs, isolated from
> production.
> 
> Cloud should allow for a nice and easy scaling up and down, should you need
> it, and a rapid deployment.

I do not know out IT infrastructure at all, but maybe you are right to put this away from the production network. I will answer he other comment shortly.
(Reporter)

Comment 7

3 years ago
(In reply to Dave Curado :dcurado from comment #4)
> I am lost.
> I know about QUIC.
> I don't know what you mean by saying you when you say "start with a vpn" --
> what VPN?
> Do you mean you'll have our own employees test this using the OpenVPN?
> 
> Maybe we should back up and start again?
> 
>  - you're writing a firefox addon, which is supposed to use QUIC, so you can
>    test what the throughput looks like.  Right?

no I have not implemented QUIC just a simple application that sends random data using tcp and udp

the addon and the server side are in:
https://github.com/ddragana/network_tests_012015 (but this needs to be updated)

We just want to test what to expect if we have something like QUIC.

>  - Who is going to get this addon?

For the beginning I will need a host to test the application to ask couple of people to use it, and this will be used by the must a couple (10) of people running 1-2 tests each. This is what I am talking about here.

I will need to talk  to somebody about how to make this work if we put this in nightly or aurora and beta (but not right away some time in the future). From Michal comment probably AWS is better place, so I will go back to to them.

So I will close this bug, because for testing I already have something in place and I will see into using IT AWS for wider tests.
 
>  - When the end user activates the test, what destination IP are the packets
> going to go to?

I need the a host with a public ip address that is going to run the server side and that is what we are talking about here (Maybe I haven't understood Chris correctly, I understood that it is not possible to make network-tests1.dmz.scl3.mozilla.com accessible from public Internet, maybe I am wrong.)

>  - How much TCP and/or QUIC traffic will each user generate?

for about 60-90 second sending by the maximal TCP rate and this depends on the path throughput. (60-90s could change when I have run some test to see what is the optimal value, but I will not increase it too much)
Each user doing the test only once.



Thanks for you help and sorry for bothering you. It is the best to ask IT AWS people again.
(Reporter)

Updated

3 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.