Error while Transferring data between Internet and Intranet
65 views
Skip to first unread message
Wei Shi
Dec 16, 2019, 2:45:36 PM12/16/19
to User Discuss
Hi,
I am testing to use my account to transfer data between my two computers. My Windows 10 desktop is within university intranet, and my MacPro is outside university intranet.
When I went to globus.org and open my account, I was able to see both endpoints online. But when I tried to transfer file, I would get following error:
------------------------------------------------------------------------------------
Error (session setup)
Endpoint: shiweimac (8023eaf2-b85d-11e9-98d7-0a63aa6b37da)
Server: Globus Connect
Command: SITE UPRT 34pb gRGS6iVlvub2PuFaG4uPdm 1,2013266431,10.21.232.44,52838,host 2,2013266431,10.0.75.1,52839,host 3,2013266431,172.18.66.97,52840,host 4,2013266431,192.168.137.1,52841,host 5,1677721855,141.214.17.234,61266,srflx
Message: Fatal FTP response
---
Details: 500 globus_xio: ICE negotiation failed.\r\n
Endpoint: shiweimac (8023eaf2-b85d-11e9-98d7-0a63aa6b37da)
Server: Globus Connect
Command: SITE UPRT 34pb gRGS6iVlvub2PuFaG4uPdm 1,2013266431,10.21.232.44,52838,host 2,2013266431,10.0.75.1,52839,host 3,2013266431,172.18.66.97,52840,host 4,2013266431,192.168.137.1,52841,host 5,1677721855,141.214.17.234,61266,srflx
Message: Fatal FTP response
---
Details: 500 globus_xio: ICE negotiation failed.\r\n
--------------------------------------------------------
If I logged in my MacPro through university VPN, then I was able to transfer data without issue.
I saw there were some discussions before (https://groups.google.com/a/globus.org/forum/#!topic/user-discuss/xP2rI-tNdPE), but the solution is not very obvious. My question is, why globus can detect the GCP client, but it failed to transfer data? Is there a solution to transfer data across the VPN?
Thanks,
Wei
Stephen Rosen
Dec 16, 2019, 3:21:26 PM12/16/19
to User Discuss
Hi Wei,
Globus Connect Personal clients connect to Globus services through a different mechanism from their peer-to-peer connections.
Because Globus operates central services, connections are much simpler in that case -- the firewall, NAT device, and any other components in the network path from your Globus Connect Personal endpoint to Globus' servers simply need to allow outbound connections to be established.
Connections in the peer-to-peer context, between two Globus Connect Personal endpoints, are significantly more complicated. The network needs to allow for "connectionless" UDP packets to flow back and forth between both endpoints, and the protocol for establishing connectivity between the endpoints, ICE, needs a suitable network environment in which the endpoints can advertise themselves to one another.
If you place one Endpoint within a University network or any other centrally-administered organization's network (National Lab networks, Corporate networks, etc), your Endpoint's connectivity is subject to the firewalls, routing, and other network policies set by that University or organization.
In many cases, organizations will, by policy, forbid exactly the type of usage that you are attempting -- connecting an internal device to a peer on the public Internet.
By extension, that explains why connecting both ends to the University network, via their VPN, allows the connections.
The network situation is dramatically different in this case -- both peers are "inside" the network.
Firewalls, routers, and other devices are able to understand this distinction.
If you want to connect Globus Connect Personal from within your university intranet to Globus Connect Personal endpoints outside of that network, you should contact your network administrators and explain your use-case to them.
They will be best equipped to either make suitable accommodations, direct you to their documentation about using services like Globus, or explain why they forbid this specific usage.
In many cases where Globus usage is more "grassroots" -- i.e. there is no organization-level subscription -- network admins may not be familiar with Globus software. If your network team has questions, the best forum for them to contact us is via sup...@globus.org . We have often helped organizations and sites develop their usage policies around Globus starting with our support team.
Best regards,
-Stephen
Wei Shi
Dec 16, 2019, 3:51:05 PM12/16/19
to User Discuss
Thank you Stephen.
I believe we have organizational subscription. There must be Globus services server already established within our intranet.
If I want to use Globus services, could you point me the documents that I can follow and setup the connections?
Thanks again,
Wei
Greg Nawrocki
Dec 16, 2019, 3:58:16 PM12/16/19
to user-d...@globus.org, shi...@umich.edu, Todd Raeker
Wei,
If you are interested in the nuances of the Globus Installation at the University of Michigan it would be best to contact the primary Globus Support Contact - Todd Raeker <rae...@umich.edu> (also cc-ed on this message) who can further assist you.
—Greg
Greg Nawrocki
University of Chicago
Globus
401 N Michigan Ave. - 9th Floor
Chicago, IL 60611
Reply all
Reply to author
Forward
0 new messages