You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Alain RODRIGUEZ <ar...@gmail.com> on 2014/10/23 11:16:53 UTC
Multi Datacenter / MultiRegion on AWS Best practice ?
Hi,
We are currently wondering about the best way to configure network
architecture to have a Cassandra cluster multi DC.
Reading previous messages on this mailing list, I see 2 main ways to do
this:
1 - 2 private VPC, joined by a VPN tunnel linking 2 regions. C* using
EC2Snitch (or PropertyFileSnitch) and private IPs.
2 - 2 public VPC. C* using EC2MultiRegionSnitch (and so public IPs for
seeds and broadcast, private for listen address).
On solution one we are not confident on VPN tunnel about stability and
performances, the rest should work just fine.
On solution 2, we would need to open IPs one by one on 3 ports (7000, 9042,
9160) at least. 100 entries in a security group would allow us to have a
maximum of ~30 nodes. An other issuer is that a ring describe (using
astyanax let's say) would also give to clients public IPs, our clients
which are also inside the VPC, would have to go to the internet before
coming back to VPC, creating unnecessary latencies.
What are your advices regarding best practices for a multiDC (cross region)
inside AWS cloud ?
And by the way, how to configure Astyanax when using EC2MultiRegionSnitch
(and public IP for broadcasting) to use private IPs instead of public ones ?
Alain
Re: Multi Datacenter / MultiRegion on AWS Best practice ?
Posted by Jared Biel <ja...@bolderthinking.com>.
If you decide to go the iptables route, you could try neti
<https://github.com/Instagram/neti> (blog post here
<http://instagram-engineering.tumblr.com/post/100758229719/migrating-from-aws-to-aws>
.)
On 27 October 2014 16:44, Juho Mäkinen <ju...@gmail.com> wrote:
> Hi!
>
>
>> 2014-10-23 11:16 GMT+02:00 Alain RODRIGUEZ <ar...@gmail.com>:
>>>
>>> We are currently wondering about the best way to configure network
>>> architecture to have a Cassandra cluster multi DC.
>>>
>>> On solution 2, we would need to open IPs one by one on 3 ports (7000,
>>> 9042, 9160) at least. 100 entries in a security group would allow us to
>>> have a maximum of ~30 nodes
>>>
>>
> You can also allow those ports from everywhere and then use local iptables
> to limit the access to only those IPs which you are actually using. You'll
> most certainly need some kind of configuration management system for this
> (Chef, puppet, salt-stack etc).
>
Re: Multi Datacenter / MultiRegion on AWS Best practice ?
Posted by Juho Mäkinen <ju...@gmail.com>.
Hi!
> 2014-10-23 11:16 GMT+02:00 Alain RODRIGUEZ <ar...@gmail.com>:
>>
>> We are currently wondering about the best way to configure network
>> architecture to have a Cassandra cluster multi DC.
>>
>> On solution 2, we would need to open IPs one by one on 3 ports (7000,
>> 9042, 9160) at least. 100 entries in a security group would allow us to
>> have a maximum of ~30 nodes
>>
>
You can also allow those ports from everywhere and then use local iptables
to limit the access to only those IPs which you are actually using. You'll
most certainly need some kind of configuration management system for this
(Chef, puppet, salt-stack etc).
Re: Multi Datacenter / MultiRegion on AWS Best practice ?
Posted by Alain RODRIGUEZ <ar...@gmail.com>.
Hi guys, any feedback on this could be very useful for me, and I guess for
more people out there.
2014-10-23 11:16 GMT+02:00 Alain RODRIGUEZ <ar...@gmail.com>:
> Hi,
>
> We are currently wondering about the best way to configure network
> architecture to have a Cassandra cluster multi DC.
>
> Reading previous messages on this mailing list, I see 2 main ways to do
> this:
>
> 1 - 2 private VPC, joined by a VPN tunnel linking 2 regions. C* using
> EC2Snitch (or PropertyFileSnitch) and private IPs.
> 2 - 2 public VPC. C* using EC2MultiRegionSnitch (and so public IPs for
> seeds and broadcast, private for listen address).
>
> On solution one we are not confident on VPN tunnel about stability and
> performances, the rest should work just fine.
>
> On solution 2, we would need to open IPs one by one on 3 ports (7000,
> 9042, 9160) at least. 100 entries in a security group would allow us to
> have a maximum of ~30 nodes. An other issuer is that a ring describe (using
> astyanax let's say) would also give to clients public IPs, our clients
> which are also inside the VPC, would have to go to the internet before
> coming back to VPC, creating unnecessary latencies.
>
> What are your advices regarding best practices for a multiDC (cross
> region) inside AWS cloud ?
>
> And by the way, how to configure Astyanax when using EC2MultiRegionSnitch
> (and public IP for broadcasting) to use private IPs instead of public ones ?
>
> Alain
>