Details
-
Improvement
-
Resolution: Fixed
-
Major
-
None
-
1
Description
Related to MB-9982, XDCR need a way to security send checkpoints to relevant destination nodes per vbmap. Since XDCR does not expose any external network interfaces and is not certificate aware, NS_SERVER is asked to act as a "transport proxy", assisting with hauling these payloads.
High level:
- NS_SERVER need to pass on certificate location to XDCR on bootstrap and also restart it when certs changes.
- XDCR on node A, can make a call to NS_SERVER on node B, via special proxy endpoint (_xdcr), which will be proxied to B's XDCR service.
- NS_SERVER should enforce high privileged internal service authenticate on the special xdcr endpoint .
More details about the proposal can be found here: https://docs.google.com/document/d/1eTDw3Jx0HPXoQ4_iCEwdGeRttZQzAtEl2pXplldqJDo/edit?ts=60e8b5ad
Attachments
Issue Links
- blocks
-
MB-47919 XDCR - P2P - integrate with ns_server forwarding
- Closed
-
MB-9982 XDCR should be incremental on topology changes
- Closed
-
MB-47923 XDCR - incremental topology change: Rebalance
- Closed
- has to be done before
-
MB-48599 XDCR - P2P - node to node encryption support
- Closed
- relates to
-
MB-47548 XDCR - to receive "-caFile" argument from ns_server
- Resolved
-
MB-47319 XDCR - PeerToPeer messaging framework
- Closed