Proposal: Internal and External Interfaces

jen20 · September 1, 2015, 9:09pm

We had some discussions internally about simplifying the current situation of having both internal and external network interfaces, and replacing them with a single interface. Is anyone actually using these in a manner which doesn’t bind them to the same network interface at the moment?

Thanks,

James

Neil_Barnwell · April 22, 2016, 10:29am

Is there any documentation on how this is meant to be used? I know there are examples, which use different ports for internal/external http/tcp comms, but there’s nothing that explains how that could be used. I.e. if the internal and external IP are the same, should the internal and external ports be the same?

Greg_Young1 · April 22, 2016, 10:33am

Neil its basically just a segregation of traffic. Client traffic is on
external replication traffic etc is on internal. This allows you to:

a) use separate nics
b) use separate interfaces (eg lock down internal traffic)
c) lock down public interfaces (certain messages are only accepted
over internal vs external)

"if the internal and external IP are the same, should the internal and
external ports be the same?"

No even if the ips are the same they should still be different ports.

Greg_Young1 · April 22, 2016, 10:33am

And damn Neil thats twice in the last week or so I have seen you
respond to an email that was 6+ months old

Neil_Barnwell · April 22, 2016, 11:50am

I know, I know. Last time it was an accident, this time I thought it better to continue a thread rather than start a new one. Damn sure that if I’d started a new one the first three replies would be “see this old post over here”. This is the internet, after all.

Thank you for the reply, though. I think it might benefit from some docs, tbh. More for our sysadmins than anything. Otherwise we’re all just using the documentation “parrot-fashion” without any real understanding of how firewall rules, reverse proxies, etc might fit around GES.

Greg_Young1 · April 22, 2016, 11:53am

I'll add something today.

Greg_Young1 · April 22, 2016, 12:26pm

In short its better for security, its better for scalability, its
better for isolation.

Its a pain in the ass. Today I would just use one port for everything
as thats what most everyone wants and the setup is way simpler.

Greg_Young1 · April 22, 2016, 1:14pm

How is this @Neil
http://docs.geteventstore.com/server/3.5.0/ports-and-networking/ ?

Neil_Barnwell · April 22, 2016, 1:32pm

Bloody excellent. Only one suggestion - you might want to link to the “AdminOnExt” and “GossipOnExt” arguments (http://docs.geteventstore.com/server/3.5.0/command-line-arguments/) where relevant.

Great stuff.

Greg_Young1 · April 22, 2016, 4:13pm

done.

Please let us know any other spots you think docs can improve.