Cause of file transfer error.
321 views
Skip to first unread message
Wei Shi
Dec 9, 2019, 2:14:07 PM12/9/19
to User Discuss
While transferring files using Globus, I encountered following errors:
Error (session setup)
Endpoint: My WSCCI000 (f0718f48-b7a0-11e9-9394-02ff96a5aa76)
Server: Globus Connect
Command: SITE UPRT Ep5O zc646OmjOw74IRlvKQnGxI 1,2013266431,172.17.0.2,44167,host 2,1677721855,141.214.17.123,64569,srflx
Message: Fatal FTP response
---
Details: 500 globus_xio: ICE negotiation failed.\r\n
Endpoint: My WSCCI000 (f0718f48-b7a0-11e9-9394-02ff96a5aa76)
Server: Globus Connect
Command: SITE UPRT Ep5O zc646OmjOw74IRlvKQnGxI 1,2013266431,172.17.0.2,44167,host 2,1677721855,141.214.17.123,64569,srflx
Message: Fatal FTP response
---
Details: 500 globus_xio: ICE negotiation failed.\r\n
Any idea? Where can I look into more detailed error message?
Stephen Rosen
Dec 9, 2019, 3:38:50 PM12/9/19
to User Discuss
Hi Wei,
The requirement for Outbound UDP 32768-65535 refers to the use of ephemeral ports.
"ICE negotiation failed" refers to Globus Connect Personal's use of the STUN and ICE protocols to do "NAT hole punching".
In short, these are protocols for traversing a NAT device, typically something like a home router, and establishing peer-to-peer connections between two Globus Connect Personal endpoints.
If you're getting errors related to this, it strongly suggests that your network topology does not allow ICE to create a connection between the Globus Connect Personal endpoints you're using.
If you're testing a new setup, you can try to test transfers with Globus Tutorial Endpoint 1, Globus Tutorial Endpoint 2, or any other Globus Connect Server endpoint, you'll find that you've eliminated this source of potential errors. That's because Globus Connect Personal will simply make outbound connections to Globus Connect Server and doesn't need to try to use ICE.
In order for two Globus Connect Personal Endpoints to connect to one another using ICE, they need to be able to communicate with one another using UDP on ephemeral ports.
You can see a detailed document on the ports which are needed by Globus Connect Personal here:
The requirement for Outbound UDP 32768-65535 refers to the use of ephemeral ports.
If you have more questions, please don't hesitate to ask, but I hope this helps you get started.
Best regards,
-Stephen
Wei Shi
Dec 9, 2019, 9:58:53 PM12/9/19
to User Discuss
Thank you Stephen.
I was able to transfer files to EP1 without problem. Also as you pointed out, the issue was related to UDP ports on Windows 10 firewall. After opening inbound UDP ports in Windows 10 firewall, I was able to transfer files between docker container and Windows 10 desktop.
Here are my setups:
A: Globus connect personal on Windows 10
B: Globus connect personal on Docker Debian container hosted by Windows 10
C: Globus connect personal on Mac
D: Globus connect personal on Docker Debian container hosted by Mac
Files can be transferred bidirectional:
AB; AC; AD; BC; CD
Files cannot be transferred between two docker container.
The error message is:
Error (session setup)
Endpoint: my-mac1-laptop (c4a44304-1aee-11ea-9701-021304b0cca7)
Server: Globus Connect
Command: SITE UPRT R0c2 W6kZtCJwqolpNuutIaht6A 1,2013266431,172.22.0.1,34409,host 2,2013266431,172.21.0.1,39868,host 3,2013266431,172.20.0.1,44276,host 4,2013266431,172.19.0.1,44965,host 5,2013266431,172.18.0.1,49406,host 6,2013266431,172.17.0.1,59919,host 7,2013266431,192.168.65.3,51406,host 8,2013266431,10.0.75.2,47602,host 9,1677721855,141.214.17.234,63999,srflx 10,1677721855,141.214.17.234,64000,srflx 11,1677721855,141.214.17.234,64001,srflx 12,1677721855,141.214.17.234,64002,srflx 13,1677721855,141.214.17.234,64004,srflx 14,1677721855,141.214.17.234,64003,srflx 15,1677721855,141.214.17.234,29001,srflx
Endpoint: my-mac1-laptop (c4a44304-1aee-11ea-9701-021304b0cca7)
Server: Globus Connect
Command: SITE UPRT R0c2 W6kZtCJwqolpNuutIaht6A 1,2013266431,172.22.0.1,34409,host 2,2013266431,172.21.0.1,39868,host 3,2013266431,172.20.0.1,44276,host 4,2013266431,172.19.0.1,44965,host 5,2013266431,172.18.0.1,49406,host 6,2013266431,172.17.0.1,59919,host 7,2013266431,192.168.65.3,51406,host 8,2013266431,10.0.75.2,47602,host 9,1677721855,141.214.17.234,63999,srflx 10,1677721855,141.214.17.234,64000,srflx 11,1677721855,141.214.17.234,64001,srflx 12,1677721855,141.214.17.234,64002,srflx 13,1677721855,141.214.17.234,64004,srflx 14,1677721855,141.214.17.234,64003,srflx 15,1677721855,141.214.17.234,29001,srflx
Message: Fatal FTP response
---
Details: 500 globus_xio: ICE negotiation failed.\r\n
Same ICE related.
I've already tried option: "--network host" on both contain to open all ports. Any suggestions?
Thanks,
Wei
Michael Link
Dec 12, 2019, 11:36:17 AM12/12/19
to user-d...@globus.org
Hi Wei,
As Stephen says, some networks are incompatible with the ICE connection
that GCP->GCP transfers use. In particular, success is unlikely when
both endpoints are behind a symmetric NAT.
Based on your debug output, it appears that there are multiple layers of
NAT. If you can configure Docker to use bridged networking you may have
more success.
Mike
As Stephen says, some networks are incompatible with the ICE connection
that GCP->GCP transfers use. In particular, success is unlikely when
both endpoints are behind a symmetric NAT.
Based on your debug output, it appears that there are multiple layers of
NAT. If you can configure Docker to use bridged networking you may have
more success.
Mike
Reply all
Reply to author
Forward
0 new messages