[
https://issues.apache.org/jira/browse/IGNITE-22937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Roman Puchkovskiy updated IGNITE-22937:
---------------------------------------
Description:
We have a mechanism that disallows to nodes to establish a connection if they
have different clusterIds attached to them (see IGNITE-22804). This is needed
to do CMG/MG disaster recovery as safely as possible.
A non-initialized node does not have a clusterId attached to it, so it is
allowed to establish a connection with any node. It might happen that such a
node establishes a connection with 2 nodes which have different clusterIds (one
of them might be from the old incarnation of the cluster, before CMG/MG repair,
and another is from the new incarnation, after repair). After it gets
initialized, it might get partition data from one of these nodes, and then it
could transfer that data to another node. As a result, the nodes from different
incarnations will (indirectly) communicate, which we should prohibit.
To avoid this, we should close all physical connections at the moment a node
gets initialized. It will try to reestablish the connections, but this time it
will have a clusterId, so it will not be able to connect nodes from a different
incarnation of the cluster.
> Close all physical connections after initializing a node
> --------------------------------------------------------
>
> Key: IGNITE-22937
> URL: https://issues.apache.org/jira/browse/IGNITE-22937
> Project: Ignite
> Issue Type: Improvement
> Reporter: Roman Puchkovskiy
> Priority: Major
> Labels: ignite-3
>
> We have a mechanism that disallows to nodes to establish a connection if they
> have different clusterIds attached to them (see IGNITE-22804). This is needed
> to do CMG/MG disaster recovery as safely as possible.
> A non-initialized node does not have a clusterId attached to it, so it is
> allowed to establish a connection with any node. It might happen that such a
> node establishes a connection with 2 nodes which have different clusterIds
> (one of them might be from the old incarnation of the cluster, before CMG/MG
> repair, and another is from the new incarnation, after repair). After it gets
> initialized, it might get partition data from one of these nodes, and then it
> could transfer that data to another node. As a result, the nodes from
> different incarnations will (indirectly) communicate, which we should
> prohibit.
> To avoid this, we should close all physical connections at the moment a node
> gets initialized. It will try to reestablish the connections, but this time
> it will have a clusterId, so it will not be able to connect nodes from a
> different incarnation of the cluster.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
