Hi, Just wondering if any one has run zookeeper ensemble over SSH tunnels. We are moving to a model where we are securing all communication between our cluster to be over SSH tunnel including the zookepeer ports (client, election and leader sync ports). With this, I notice that the convergence when one of the nodes is shut down takes a much longer time than when we run without the SSH tunnels. One of the issues I notice in this configuration is as follows: - Typically, if zookeeper is brought down on one of the nodes, the connection to the zookeeper ports are RST with "Connection Refused". With the SSH tunnel, because SSH is acting as a TCP proxy, the connection is created and then torn down quite immediately. With this behavior, it somehow gets into a state where it has to go thru a longer timeout before it converges.
Have any of you seen this behavior before? Is there any tuning that we can do to improve this behavior? Thanks, Anand.
