broadcast_address in multi data center setups

[Francisco Reyes <li...@natserv.net>]

Setting up my first Cassandra cluster.

Does one need to setup broadcast_address to public in all the nodes like 
this?
node 1 - colo 1 - broadcast points to public IP
node 2 - colo 1 - broadcast points to public IP
.....
node n - colo 1 - broadcast points to public IP

node 4 - colo 2 - broadcast points to public IP
node 5 - colo 2 - broadcast points to public IP

Or can it be like:
node 1 - colo 1 - broadcast points to internal
node 2 - colo 1 - broadcast points to internal
.....
node n - colo 1 - broadcast points to public IP

node 4 - colo 2 - broadcast points to internal
node 5 - colo 2 - broadcast points to public IP

Is there a way to restrict what IPs are allowed to connect to the DB at 
the Cassandra level or one has to setup a firewall at the OS level?

Re: broadcast_address in multi data center setups

[Francisco Reyes <li...@natserv.net>]

On 01/18/2016 09:44 AM, Paulo Motta wrote:
> broadcast_address is the address exposed for internal inter-node 
> communication, while rpc_address is the address that will listen to 
> clients.
>
> all nodes need to talk to each other via the broadcast_address, so if 
> they are within the same network, you may use public or private IPs as 
> broadcast_address, but if there's at least one node in a different 
> network they all need to use the public IP, or you need to setup your 
> own tunnelling/vpn to make sure nodes can reach each other.
>
> You need to setup your own firewall rules. See more about what ports 
> are used here: 
> https://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureFireWall_r.html. 
> You may also be interested in setting up client authentication: 
> https://docs.datastax.com/en/cassandra/2.1/cassandra/security/security_config_native_authenticate_t.html
>
>

Thanks for links/info.

For applications, do they use the CQL native clients port(9042) or 
Cassandra client port (Thrift).(9160). We will be using Python to 
connect to Cassandra.

Plan to use RCP_address internally, so for this case firewall not an 
issue, but would like to know for future reference. Although I think one 
would ideally always want applications in the same data center as the 
database.

Re: broadcast_address in multi data center setups

[Paulo Motta <pa...@gmail.com>]

broadcast_address is the address exposed for internal inter-node
communication, while rpc_address is the address that will listen to clients.

all nodes need to talk to each other via the broadcast_address, so if they
are within the same network, you may use public or private IPs as
broadcast_address, but if there's at least one node in a different network
they all need to use the public IP, or you need to setup your own
tunnelling/vpn to make sure nodes can reach each other.

You need to setup your own firewall rules. See more about what ports are
used here:
https://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureFireWall_r.html.
You may also be interested in setting up client authentication:
https://docs.datastax.com/en/cassandra/2.1/cassandra/security/security_config_native_authenticate_t.html

2016-01-17 15:09 GMT-03:00 Francisco Reyes <li...@natserv.net>:

> Setting up my first Cassandra cluster.
>
> Does one need to setup broadcast_address to public in all the nodes like
> this?
> node 1 - colo 1 - broadcast points to public IP
> node 2 - colo 1 - broadcast points to public IP
> .....
> node n - colo 1 - broadcast points to public IP
>
> node 4 - colo 2 - broadcast points to public IP
> node 5 - colo 2 - broadcast points to public IP
>
> Or can it be like:
> node 1 - colo 1 - broadcast points to internal
> node 2 - colo 1 - broadcast points to internal
> .....
> node n - colo 1 - broadcast points to public IP
>
> node 4 - colo 2 - broadcast points to internal
> node 5 - colo 2 - broadcast points to public IP
>
> Is there a way to restrict what IPs are allowed to connect to the DB at
> the Cassandra level or one has to setup a firewall at the OS level?
>