Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
dmz_port.png 54.9 kB 2 25-Oct-2018 04:31 Ben Spink
png
dmz_publickey.png 13.9 kB 1 25-Oct-2018 04:31 Ben Spink
png
dmz_selector.png 30.3 kB 1 25-Oct-2018 04:31 Ben Spink
png
dmz_user.png 57.6 kB 3 25-Oct-2018 04:31 Ben Spink

This page (revision-31) was last changed on 24-Mar-2020 03:28 by Ben Spink

This page was created on 25-Oct-2018 04:31 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 80 added 11 lines
\\
----\\
(Internal details of the protocols methodologies)\\
!DMZv1 protocol methodology:
Opens a read and write socket. Two sockets for all queue messages between servers. Initiated from internal server to DMZ. Then it opens 50 data sockets for whenever they might be needed, they are available for quick usage not needing any additional delay to request one. This would be for things like a login, dir listings, upload, download...etc. All user protocol type interactions. We only let these sockets remain unused for a maximum of 8 seconds, then we discard them to make sure a firewall hasn't possible dropped a socket and we go to use it and don't realize its been killed by the firewall. When he socket count drops below 50, we add more. So its a continuous cycle of adding and dropping sockets and discarding sockets that are used and so on. *LOTS* of new socket activity.\\
!DMZv2 methodology
This protocol was discontinued. It attempted to route DMZv1 through a SSH tunnel between servers which revealed inefficiencies and bugs in SSH tunneling.\\
!DMZv3 methodology:
There are 4 sockets. Read/write tunnel sockets for system type actions, and read/write tunnel sockets for data type actions. No other sockets are created. All other activity is tunneled inside of those 4 sockets between the Internal and DMZ host. the tunnel is not a reverse tunnel, so architecturally it functions the same as the way DMZv1 does. v3 has the DMZv1 protocol running inside of it, but it doesn't discard sockets since it knows it can trust the tunnel not to timeout or discard sockets. So that part of the protocol still functions the same. DMZv3 also handles disconnections on the sockets. If any of the 4 sockets get disconnected, it re-establishes the connection and resends any part of the tunneled messages that didn't make it across. So its added automatic retry and robustness to this. The dmz_tmp folder for this tunneling is due to the fact we can't stop or slow down the entire socket in the event one of the destination sockets on t he other side can't accept the data or has timed out. We instead buffer this to disk temporarily and then consume it the first moment we can. The expectation here is that the DMZ's internal communication pipe is faster than the internal or external communications that clients are doing.\\
Version Date Modified Size Author Changes ... Change note
31 24-Mar-2020 03:28 7.887 kB Ben Spink to previous
30 26-Feb-2020 16:31 5.528 kB Halmágyi Árpád to previous | to last
29 21-Jan-2020 11:00 5.527 kB Halmágyi Árpád to previous | to last
28 21-Feb-2019 19:23 5.416 kB Ada Csaba to previous | to last
27 21-Feb-2019 19:23 5.414 kB Ada Csaba to previous | to last
26 25-Oct-2018 04:31 4.72 kB Ben Spink to previous | to last
25 25-Oct-2018 04:31 4.639 kB Ben Spink to previous | to last
24 25-Oct-2018 04:31 4.654 kB Ben Spink to previous | to last
23 25-Oct-2018 04:31 4.644 kB Ben Spink to previous | to last
22 25-Oct-2018 04:31 4.648 kB Halmágyi Árpád to previous | to last
21 25-Oct-2018 04:31 4.64 kB Ben Spink to previous | to last
« This page (revision-31) was last changed on 24-Mar-2020 03:28 by Ben Spink
G’day (anonymous guest)
CrushFTP9 | What's New
JSPWiki v2.8.2