node connectivity and security

wde wde at free.fr
Fri Feb 12 13:21:51 EST 2010


If I am right, the riak network layer is based on the erlang clustering system. 

To build the TCP connections between your nodes, you have to open the TCP port 4369 and a dynamic TCP ports range that you can specify by editing the file vm.args :

 add something like

 -kernel inet_dist_listen_min 4000 inet_dist_listen_max 4005

to restrict the range  to 4000 to 4005 for example. 

The range size depends of the size of your cluster (how many servers run riak).

I think that, you also have to open the port defined by the riak_handoff_port paramater in your configuration file.


Concerning security, erlang cluster securiy is mainly based on the shared secret : the cookie, that you define in your riak configuration file. 
There is no other authentication system, and communications between nodes are not encrypted. 


In WAN environment, I think that the real problem (as always) is the latency introduced by the network. I have no experience with riak in this context.
I starts to read the code, some timeouts seems to be hard coded, but it's nothing to change ;p



let me know if i'm wrong.
















>When the various nodes are in the same datacenter.... connectivity is a
>no-brainer. Can anyone comment on their experiences over a WAN connection?
>I'm curious about the security and privacy issues? Or is the simple answer
>IPSEC/VPN?
>
>/r
>
>_______________________________________________
>riak-users mailing list
>riak-users at lists.basho.com
>http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>






More information about the riak-users mailing list