On 05/09/2016 07:52 AM, Sebastian Laskawiec wrote: > Hey Radim! > > Comments inlined. > > Thanks > Sebastian > > On Mon, May 9, 2016 at 12:55 PM, Radim Vansa <rva...@redhat.com > <mailto:rva...@redhat.com>> wrote: > > As for the questions: > * Is SSL required for SNI? I can imagine that multi-tenancy would make > sense even in situations when the connection does not need to be > encrypted. Moreover, if we plan to eventually have HR clients with > async > API (and using async I/O), SSL is even more PITA. Btw., do we have any > numbers how much SSL affects perf? (that's a question for QA, though) > > > Unfortunately no. SNI is an extension of TLS [2] which is an upgrade > of SSL. In Java SNI Host names are specified in SSLParameters [3]. > > Of course SSL slows things down a bit, that's why we also need a > "switch-to-tenant" command which would be used by the clients who do > not want SSL. However if someone uses SNI and SSL (and only then) we > can switch him to proper tenant automatically (because we have enough > information at that point).
So you can initiate connection with SSL (+SNI) and then downgrade it to plain-text? > > * I don't think that dynamic switching of tenants would make sense, > since that would require to invalidate all RemoteCache instances, near > caches, connection pools, everything. So it's the same as starting > from > scratch. > > > Frankly I also have a mixed feelings about this feature. I think it > would be much nicer if we switched to another tenant by doing > disconnect/connect sequence (and not switching dynamically). > > > R. > > > > > > On 04/29/2016 05:29 PM, Sebastian Laskawiec wrote: > > Dear Community, > > > > Please have a look at the design of Multi tenancy support for > > Infinispan [1]. I would be more than happy to get some feedback > from you. > > > > Highlights: > > > > * The implementation will be based on a Router (which will be > built > > based on Netty) > > * Multiple Hot Rod and REST servers will be attached to the router > > which in turn will be attached to the endpoint > > * The router will operate on a binary protocol when using Hot Rod > > clients and path-based routing when using REST > > * Memcached will be out of scope > > * The router will support SSL+SNI > > > > Thanks > > Sebastian > > > > [1] > > > > https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server > > [2] https://tools.ietf.org/html/rfc6066#page-6 > [3] > https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#getServerNames-- > > > > > > > > _______________________________________________ > > infinispan-dev mailing list > > infinispan-dev@lists.jboss.org > <mailto:infinispan-dev@lists.jboss.org> > > https://lists.jboss.org/mailman/listinfo/infinispan-dev > > > -- > Radim Vansa <rva...@redhat.com <mailto:rva...@redhat.com>> > JBoss Performance Team > > _______________________________________________ > infinispan-dev mailing list > infinispan-dev@lists.jboss.org <mailto:infinispan-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/infinispan-dev > > > > > _______________________________________________ > infinispan-dev mailing list > infinispan-dev@lists.jboss.org > https://lists.jboss.org/mailman/listinfo/infinispan-dev -- Radim Vansa <rva...@redhat.com> JBoss Performance Team _______________________________________________ infinispan-dev mailing list infinispan-dev@lists.jboss.org https://lists.jboss.org/mailman/listinfo/infinispan-dev
