THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| PlantUML | ||||
|---|---|---|---|---|
| ||||
title This diagram shows a member (N) using a locator (L) discovering the Coordinator (C) and joining hide footbox entity N entity L entity C N -> L : FindCoordinatorRequest(myId) note right of N : via tcp/ip over ssl while starting the new node. L --> N : FindCoordinatorResponse(c) this will have publickey for coordinator note right of N Restart of locator will use saved publickey in view.dat file, to encrypt FindCoordinator request over udp. We will prefix its publicKey with FindCoordinator message, so that member can decrypt findCoordinator request. end note N -> C : N's Public key and JoinRequest (this request will be encrypted using N-C key) note left of C : Application can authenticate new member here. C -> N : coordinator will send joinResponse containing cluster-secret-key. This message will be encrypted using N-C key. note right of N From here all communication will happen through cluster-secret-key end note C -> N : PrepareView(c,l,n) N --> C : ack C -> L : PrepareView(c,l,n) L --> C : ack C -> N : InstallView(c,l,n) N --> C : ack C -> L : InstallView(c,l,n) L --> C : ack |
Special case: When locator restarts, it knows the previous view which was saved in view.dat file. This file will contain the public keys of all the members in the view as well. Thus, now locator sends “FindCoordinatorRequest” using udp message instead of tcp as described above. We will encrypt “FindCoordinatorRequest” request using saved public key of member to find the coordinator.
Testing: We will be testing various scenario with UDP encryption enable. Extending unit tests with distributed config property “secure-udp-dhalgo” enabled. This will ensure testing of all the scenarios (like multicast, locator HA, reconnect etc).
Performance: There will be cost of encrypting/decrypting the message. But in this approach message will be encrypted once only, even that need to send more than one member. As we have cluster wide secret key.