Operating under the assumption that the local network may be hostile, for communications between the nodes of the cluster I would like to use IPsec PSK restrictioned access and encryption to restrict cluster communications to members of the cluster. Per http://wiki.basho.com/Network-Security-and-Firewall-Configurations.html, that would be ports 4369, 8099, and then the Erlang inter-node set. I have different IPSec rules restricting the PB/web APIs to the service layer, and would like to restrict such that the two do not mix.
It's the range set that are the problem as the IPsec rules, to my knowledge, have to be defined universally or by port. On that Basho page they list how to restrict it, however their restricted example still includes an untenable 2000 ports that Erlang may listen on. I apologize if this question has been posed before, but what is the minimum set of ports? What are the compromises if I set it to, for instance, a single port (a range of 7999-7999)? Thank you, Dennis
_______________________________________________ riak-users mailing list [email protected] http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
