IPsec and Riak

Dennis Forbes dforbes at yafla.com
Mon Oct 8 15:04:11 EDT 2012


Operating under the assumption that the local network may be hostile, for
communications between the nodes of the cluster I would like to use IPsec
PSK restrictioned access and encryption to restrict cluster communications
to members of the cluster. Per
http://wiki.basho.com/Network-Security-and-Firewall-Configurations.html,
that would be ports 4369, 8099, and then the Erlang inter-node set. I have
different IPSec rules restricting the PB/web APIs to the service layer, and
would like to restrict such that the two do not mix.

It's the range set that are the problem as the IPsec rules, to my
knowledge, have to be defined universally or by port. On that Basho page
they list how to restrict it, however their restricted example still
includes an untenable 2000 ports that Erlang may listen on.

I apologize if this question has been posed before, but what is the minimum
set of ports? What are the compromises if I set it to, for instance, a
single port (a range of 7999-7999)?

Thank you,
Dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20121008/ae95e7cf/attachment.html>


More information about the riak-users mailing list