[Linux-cluster] Cluster Communications Security
Rick Stevens
rstevens at internap.com
Wed Nov 14 21:19:14 UTC 2007
On Wed, 2007-11-14 at 13:00 -0800, Scott Becker wrote:
> What's the general consensus of security risks of cman communications
> over a public subnet?
> The faq only briefly mentions it.
cman is pretty important. If it's on a public subnet, someone could
spoof IPs and screw with your locks, spew garbage (e.g. floodping) on
the wire and lots of other nefarious things. I'd keep it private.
If possible, I'd tend to keep it on its own VLAN as well. You really
only want cluster-centric traffic on those wires.
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens at internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- Beware of programmers who carry screwdrivers -
----------------------------------------------------------------------
More information about the Linux-cluster
mailing list