brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Heneveld <>
Subject brooklyn advanced networking summary
Date Wed, 03 Dec 2014 17:14:36 GMT


We've been discussing how to handle tracking addresses on private 
subnets vs public addresses.  This summarises current thinking.

In general, the usual sensors at an entity on a private network report 
*private* subnet info.  (If hostnames are transparent or there is no 
penalty for accessing over public IP, using those values is a handy 
shortcut, but of course that's not universally the case.)

Then for external access:

0) Brooklyn and other java code paths use BrooklynAccessUtils.  This 
ensures deployments act as normal (a) within a subnet (using the subnet 
addresses), and (b) from Brooklyn; but without opening unnecessary 
public ports.
     TODO: BAU opens ports at Docker for Brooklyn as needed

If other entities outwith the subnet need access however, a bit more is 

1) Another entity (e.g. SubnetTier, or the root, or an ad hoc entity) 
reports contact information for that entity on another network (such as 
public internet but not necessarily).
     TODO:  YAML support for setting up enrichers for creating forwarded 
access and publishing forwarded sensors.  For IP/hostname/port/URL 
sensors, e.g. `root.url` at a root might pick up `root.url` from a load 
balancer, and (as often there are multiple such entities) for pools, and 
for "anycast" (e.g. Cassandra, where the port number cannot be changed, 
so if there is only one public IP there can be only one forwarded entity)

2) Selected forwarded IP/hostname/port/URL sensors are published on the 
entities themselves, with a different sensor name, e.g. 
`mapped.http.port` (current) or (better?) `network.public.http.port` or 
`network.net123.http.hostAndPort`.  (Could use same TODO as #1.)

3) A sensor containing a special data type which is a map of network ID 
and corresponding contact information could be used.  Again, TODO with 
YAML support for defining and enricher to publishing this and keep it up 
to date.

We prefer 1 and 2, because 3 requires the client to parse the map and 
understand network IDs.  We want to make 1 and 2 as easy as possible to 
set up (with a one-line "forward all ports and urls".)



View raw message