[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] Cluster Communications Security



On Wed, 2007-11-14 at 13:00 -0800, Scott Becker wrote:
> What's the general consensus of security risks of cman communications 
> over a public subnet?
> The faq only briefly mentions it.

cman is pretty important.  If it's on a public subnet, someone could
spoof IPs and screw with your locks, spew garbage (e.g. floodping) on
the wire and lots of other nefarious things.  I'd keep it private.

If possible, I'd tend to keep it on its own VLAN as well.  You really
only want cluster-centric traffic on those wires.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens internap com -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-            Beware of programmers who carry screwdrivers            -
----------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]