zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: why zookeeper bind 0.0.0.0 at mitihomed server
Date Thu, 16 Jun 2011 17:14:13 GMT
On Wed, Jun 15, 2011 at 3:14 AM, Isaac <isaac.198@gmail.com> wrote:
> just company rule,for security reason.
>
> e.g. 172.27.* for intranet communication, 8.8.* from this interface can
> reach Internet.
>
> i know iptables and other firewall rules can avoid this, but rule is rule.
>
> I think others maybe encounter this problem, that's why clientPortAddress is
> added in 3.3.0.

Yes, that's definitely the case. (I added it :-) ). FWIW, some
background: the typical deployment scenario early in the life of ZK
was inside a large datacenter, where everything had multiple levels of
firewalls. There was never any concern about the binding behavior
because ZK was put behind one of these firewalls, and only the client
port was exposed. As the deployment scenarios have become more diverse
(ec2 for example), there's been more interest in this type of
functionality. Thanks for picking this up! Appreciated.

Regards,

Patrick

Mime
View raw message