Return-Path: 
 <user-return-43428-apmail-cassandra-user-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-user-archive@www.apache.org
Delivered-To: apmail-cassandra-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 667BF175ED
	for <apmail-cassandra-user-archive@www.apache.org>;
 Mon, 27 Oct 2014 22:02:37 +0000 (UTC)
Received: (qmail 82268 invoked by uid 500); 27 Oct 2014 22:02:34 -0000
Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org
Received: (qmail 82237 invoked by uid 500); 27 Oct 2014 22:02:34 -0000
Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@cassandra.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@cassandra.apache.org>
List-Post: <mailto:user@cassandra.apache.org>
List-Id: <user.cassandra.apache.org>
Reply-To: user@cassandra.apache.org
Delivered-To: mailing list user@cassandra.apache.org
Received: (qmail 82225 invoked by uid 99); 27 Oct 2014 22:02:34 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Oct 2014 22:02:34 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jared.biel@bolderthinking.com
 designates 209.85.216.176 as permitted sender)
Received: from [209.85.216.176] (HELO mail-qc0-f176.google.com)
 (209.85.216.176)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Oct 2014 22:02:08 +0000
Received: by mail-qc0-f176.google.com with SMTP id x3so2057045qcv.7
        for <user@cassandra.apache.org>; Mon, 27 Oct 2014 15:02:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bolderthinking.com; s=google;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=BB/ek+gTGfJ2ZkUn4dVB9sxOhZBGD2EtFN36Z1xdoC4=;
        b=kHRnK4NDBVp9P7AmgIsi8Ol7qLx95H4xc/bG/W81X9LjOU5xBcUNY9RHHJgccW+pnt
         NGDQRIvd+qSxCCPb2AVzBPxxp/GJCvKxWY+iqc65sIa3Dcj30neen9eOkepnxaWBRfpp
         x9N7r5/5Y9YmhXBDviPgKkG4Lq5e8dErQxPH4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type;
        bh=BB/ek+gTGfJ2ZkUn4dVB9sxOhZBGD2EtFN36Z1xdoC4=;
        b=NaOB8mhYiATiVG4Xu7L/ruqFqE5qw0E8ZE1fRdxEncTQ/Dd9lKMWUSEiMMvzong/Rk
         inprzgKONox49eLHnqjj5D130qiFmYp4QMYMb82CoVnO9CiYFzA/r2zo7l7/FXKNQj0S
         sQNBdO/Bjdcnk8oHHjgeCRqWbUcdzZ1vylj47ewm9g9ofrRxX2JMxBggzCEtrY3Hu2/f
         y28N5S3WYLzf1EHRJ4Cv3HCfdze2dClTi9M3ETiaQ6aPm9sGoCdq0oKXsryMJuzs+LyW
         JRixjfscfJkpmEaO6+UVhK2oNtGBfAuXBpFFWNWWTv0kMfUwUu4+6I8Irr9CD+HlUVwx
         g6pg==
X-Gm-Message-State: 
 ALoCoQlF8RNO9vuCKYPy4J2HoejY4CxwJCkWWOi5oCktmE4lmASLjY+5KZt48BAdma4Xb5ebSXgw
MIME-Version: 1.0
X-Received: by 10.224.28.133 with SMTP id m5mr36802588qac.7.1414447326360;
 Mon, 27 Oct 2014 15:02:06 -0700 (PDT)
Received: by 10.229.161.200 with HTTP; Mon, 27 Oct 2014 15:02:06 -0700 (PDT)
In-Reply-To: 
 <CAL48JWmzJ9SLfBuTEak2_UrzxViLJs0gozn34jyhAxO-Q5mrgQ@mail.gmail.com>
References: 
 <CA+VSrLpESyjbh7v095+_X81xbgETyfyCYTmwNBbud3Y58O+gBQ@mail.gmail.com>
	<CA+VSrLpXgTeVqP2_XCzTmdRkEOtLrhxzMXpO_DS=XX2qwtd_Xw@mail.gmail.com>
	<CAL48JWmzJ9SLfBuTEak2_UrzxViLJs0gozn34jyhAxO-Q5mrgQ@mail.gmail.com>
Date: Mon, 27 Oct 2014 22:02:06 +0000
Message-ID: 
 <CAHoS6UZAhYxOt9iNLOuuGY1bkQBk-B=PEUfzBwCEMtxmu17dTA@mail.gmail.com>
Subject: Re: Multi Datacenter / MultiRegion on AWS Best practice ?
From: Jared Biel <jared.biel@bolderthinking.com>
To: user@cassandra.apache.org
Content-Type: multipart/alternative; boundary=001a11c1db70710e6405066eaebf
X-Virus-Checked: Checked by ClamAV on apache.org

--001a11c1db70710e6405066eaebf
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

If you decide to go the iptables route, you could try neti
<https://github.com/Instagram/neti> (blog post here
<http://instagram-engineering.tumblr.com/post/100758229719/migrating-from-a=
ws-to-aws>
.)


On 27 October 2014 16:44, Juho M=C3=A4kinen <juho.makinen@gmail.com> wrote:

> Hi!
>
>
>> 2014-10-23 11:16 GMT+02:00 Alain RODRIGUEZ <arodrime@gmail.com>:
>>>
>>> We are currently wondering about the best way to configure network
>>> architecture to have a Cassandra cluster multi DC.
>>>
>>> On solution 2, we would need to open IPs one by one on 3 ports (7000,
>>> 9042, 9160) at least. 100 entries in a security group would allow us to
>>> have a maximum of ~30 nodes
>>>
>>
> You can also allow those ports from everywhere and then use local iptable=
s
> to limit the access to only those IPs which you are actually using. You'l=
l
> most certainly need some kind of configuration management system for this
> (Chef, puppet, salt-stack etc).
>

--001a11c1db70710e6405066eaebf
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">If you decide to go the iptables route, you could try <a h=
ref=3D"https://github.com/Instagram/neti">neti</a>=C2=A0(<a href=3D"http://=
instagram-engineering.tumblr.com/post/100758229719/migrating-from-aws-to-aw=
s">blog post here</a>.)<div class=3D"gmail_extra"><div><div dir=3D"ltr"><br=
></div></div>
<br><div class=3D"gmail_quote">On 27 October 2014 16:44, Juho M=C3=A4kinen =
<span dir=3D"ltr">&lt;<a href=3D"mailto:juho.makinen@gmail.com" target=3D"_=
blank">juho.makinen@gmail.com</a>&gt;</span> wrote:<br><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_=
quote"><div>Hi!</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><=
div><div class=3D"gmail_extra"><div class=3D"gmail_quote"><span class=3D"">=
2014-10-23 11:16 GMT+02:00 Alain RODRIGUEZ <span dir=3D"ltr">&lt;<a href=3D=
"mailto:arodrime@gmail.com" target=3D"_blank">arodrime@gmail.com</a>&gt;</s=
pan>:</span><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><span class=3D"=
"><div>We are currently wondering about the best way to configure network a=
rchitecture to have a Cassandra cluster multi DC.</div><div><br></div></spa=
n><span class=3D""><div>On solution 2, we would need to open IPs one by one=
 on 3 ports (7000, 9042, 9160) at least. 100 entries in a security group wo=
uld allow us to have a maximum of ~30 nodes</div></span></div></blockquote>=
</div></div></div></div></blockquote><div><br></div><div>You can also allow=
 those ports from everywhere and then use local iptables to limit the acces=
s to only those IPs which you are actually using. You&#39;ll most certainly=
 need some kind of configuration management system for this (Chef, puppet, =
salt-stack etc).</div></div></div></div>
</blockquote></div><br></div></div>

--001a11c1db70710e6405066eaebf--