All-
We've been discussing how to handle tracking addresses on private
subnets vs public addresses. This summarises current thinking.
In general, the usual sensors at an entity on a private network report
*private* subnet info. (If hostnames are transparent or there is no
penalty for accessing over public IP, using those values is a handy
shortcut, but of course that's not universally the case.)
Then for external access:
0) Brooklyn and other java code paths use BrooklynAccessUtils. This
ensures deployments act as normal (a) within a subnet (using the subnet
addresses), and (b) from Brooklyn; but without opening unnecessary
public ports.
TODO: BAU opens ports at Docker for Brooklyn as needed
If other entities outwith the subnet need access however, a bit more is
needed:
1) Another entity (e.g. SubnetTier, or the root, or an ad hoc entity)
reports contact information for that entity on another network (such as
public internet but not necessarily).
TODO: YAML support for setting up enrichers for creating forwarded
access and publishing forwarded sensors. For IP/hostname/port/URL
sensors, e.g. `root.url` at a root might pick up `root.url` from a load
balancer, and (as often there are multiple such entities) for pools, and
for "anycast" (e.g. Cassandra, where the port number cannot be changed,
so if there is only one public IP there can be only one forwarded entity)
2) Selected forwarded IP/hostname/port/URL sensors are published on the
entities themselves, with a different sensor name, e.g.
`mapped.http.port` (current) or (better?) `network.public.http.port` or
`network.net123.http.hostAndPort`. (Could use same TODO as #1.)
3) A sensor containing a special data type which is a map of network ID
and corresponding contact information could be used. Again, TODO with
YAML support for defining and enricher to publishing this and keep it up
to date.
We prefer 1 and 2, because 3 requires the client to parse the map and
understand network IDs. We want to make 1 and 2 as easy as possible to
set up (with a one-line "forward all ports and urls".)
Best
Alex
END
