You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ignite.apache.org by ignite_user2016 <ri...@gmail.com> on 2020/09/21 16:03:38 UTC

Ignite communicating with non ignite servers

Recently, we migrated ignite to JDK11, all works well except when we run our
security scan, ignite node tries to connect on that servers and result in
out of memory and heap dump errors.

Is it possible where we can stop that scan server connecting to ignite ? 

Any configuration ? 

help is much appreciated.

And I have observed that ignite visor is also broken where it cant give us
the states for nodes, memory and CPU.

Thanks..
Rishi



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

Re: Ignite communicating with non ignite servers

Posted by ignite_user2016 <ri...@gmail.com>.

we use Nessus security tool, and the module is Tenable.sc which scans the
vulnerability on spring boot app which runs with ignite client.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

Re: Ignite communicating with non ignite servers

Posted by Evgenii Zhuravlev <e....@gmail.com>.

Hi,

What security scan tool do you use?

Evgenii

пн, 21 сент. 2020 г. в 09:03, ignite_user2016 <ri...@gmail.com>:

> Recently, we migrated ignite to JDK11, all works well except when we run
> our
> security scan, ignite node tries to connect on that servers and result in
> out of memory and heap dump errors.
>
> Is it possible where we can stop that scan server connecting to ignite ?
>
> Any configuration ?
>
> help is much appreciated.
>
> And I have observed that ignite visor is also broken where it cant give us
> the states for nodes, memory and CPU.
>
> Thanks..
> Rishi
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>

Re: Ignite communicating with non ignite servers

Posted by Evgenii Zhuravlev <e....@gmail.com>.

Hi,

Can you please tell what scan were you running? I want to reproduce this
issue using tenable.sc.

Thank you,
Evgenii


вт, 22 сент. 2020 г. в 06:55, Ilya Kasnacheev <il...@gmail.com>:

> Hello!
>
> I don't think it should cause heap dumps. Here you are showing just a
> warning. This warning may be ignored.
>
> It's outside of scope of Apache Ignite to disable something else to try
> connecting to it. If you have invasive security port scanning, you will
> expect to see warnings/errors in the logs of any network application.
>
> Regards,
> --
> Ilya Kasnacheev
>
>
> вт, 22 сент. 2020 г. в 16:26, ignite_user2016 <ri...@gmail.com>:
>
>> We have SSL enabled on all servers but some how it s trying to attempt
>> connection on SSL causing heap dumps. Is there a way to disable to
>> external
>> server try connecting to ignite ?
>>
>> 2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%]
>> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client
>> disconnected abruptly due to network connection loss or because the
>> connection was left open on application shutdown. [cls=class
>> o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data:
>> GridSelectorNioSessionImpl [worker=DirectNioClientWorker
>> [super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0,
>> bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker
>> [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid,
>> finished=false, heartbeatTs=1599796365124, hashCode=1230825885,
>> interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]],
>> writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
>> readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768],
>> inRecovery=null,
>> outRecovery=null, closeSocket=true,
>>
>> outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1
>> ,
>> super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN*
>> SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0,
>> bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124,
>> lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false,
>> filterChain=FilterChain[filters=[GridNioCodecFilter
>> [parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true],
>> GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
>> markedForClose=false]]]
>>
>>
>>
>> --
>> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>>
>

Re: Ignite communicating with non ignite servers

Posted by Ilya Kasnacheev <il...@gmail.com>.

Hello!

I don't think it should cause heap dumps. Here you are showing just a
warning. This warning may be ignored.

It's outside of scope of Apache Ignite to disable something else to try
connecting to it. If you have invasive security port scanning, you will
expect to see warnings/errors in the logs of any network application.

Regards,
-- 
Ilya Kasnacheev


вт, 22 сент. 2020 г. в 16:26, ignite_user2016 <ri...@gmail.com>:

> We have SSL enabled on all servers but some how it s trying to attempt
> connection on SSL causing heap dumps. Is there a way to disable to external
> server try connecting to ignite ?
>
> 2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%]
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client
> disconnected abruptly due to network connection loss or because the
> connection was left open on application shutdown. [cls=class
> o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data:
> GridSelectorNioSessionImpl [worker=DirectNioClientWorker
> [super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0,
> bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker
> [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid,
> finished=false, heartbeatTs=1599796365124, hashCode=1230825885,
> interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]],
> writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768],
> inRecovery=null,
> outRecovery=null, closeSocket=true,
>
> outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1
> ,
> super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN*
> SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0,
> bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124,
> lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false,
> filterChain=FilterChain[filters=[GridNioCodecFilter
> [parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true],
> GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
> markedForClose=false]]]
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>

Re: Ignite communicating with non ignite servers

Posted by ignite_user2016 <ri...@gmail.com>.

We have SSL enabled on all servers but some how it s trying to attempt
connection on SSL causing heap dumps. Is there a way to disable to external
server try connecting to ignite ? 

2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%]
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client
disconnected abruptly due to network connection loss or because the
connection was left open on application shutdown. [cls=class
o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data:
GridSelectorNioSessionImpl [worker=DirectNioClientWorker
[super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0,
bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker
[name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid,
finished=false, heartbeatTs=1599796365124, hashCode=1230825885,
interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768], inRecovery=null,
outRecovery=null, closeSocket=true,
outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1,
super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN*
SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0,
bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124,
lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

Re: Ignite communicating with non ignite servers

Posted by Ilya Kasnacheev <il...@gmail.com>.

Hello!

Well, you could enable SSL on all ports, in this case you can block off the
security scanner.

Regards,
-- 
Ilya Kasnacheev


пн, 21 сент. 2020 г. в 19:03, ignite_user2016 <ri...@gmail.com>:

> Recently, we migrated ignite to JDK11, all works well except when we run
> our
> security scan, ignite node tries to connect on that servers and result in
> out of memory and heap dump errors.
>
> Is it possible where we can stop that scan server connecting to ignite ?
>
> Any configuration ?
>
> help is much appreciated.
>
> And I have observed that ignite visor is also broken where it cant give us
> the states for nodes, memory and CPU.
>
> Thanks..
> Rishi
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>