zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anand Parthasarathy <anpar...@avinetworks.com>
Subject Zookeeper over SSH tunnels
Date Mon, 14 Dec 2015 16:42:59 GMT
Just re-posting the same question that I posted last week to see if I can
get any responses.


Just wondering if any one has run zookeeper ensemble over SSH tunnels. We
are moving to a model where we are securing all communication between our
cluster to be over SSH tunnel including the zookepeer ports (client,
election and leader sync ports). With this, I notice that the convergence
when one of the nodes is shut down takes a much longer time than when we
run without the SSH tunnels. One of the issues I notice in this
configuration is as follows:
- Typically, if zookeeper is brought down on one of the nodes, the
connection to the zookeeper ports are RST with "Connection Refused". With
the SSH tunnel, because SSH is acting as a TCP proxy, the connection is
created and then torn down quite immediately. With this behavior, it
somehow gets into a state where it has to go thru a longer timeout before
it converges.

Have any of you seen this behavior before? Is there any tuning that we can
do to improve this behavior?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message