Chapter 2. Network Interfaces and Endpoints
Expose Data Grid Server through a network interface by binding it to an IP address. You can then configure endpoints to use the interface so Data Grid Server can handle requests from remote client applications.
By default, Data Grid Server exposes a single port that automatically detects the protocol of inbound requests.
2.1. Network Interfaces
Data Grid Server multiplexes endpoints to a single TCP/IP port and automatically detects protocols of inbound client requests. You can configure how Data Grid Server binds to network interfaces to listen for client requests.
Internet Protocol (IP) address
<!-- Selects a specific IPv4 address, which can be public, private, or loopback. This is the default network interface for Data Grid Server. --> <interfaces> <interface name="public"> <inet-address value="${infinispan.bind.address:127.0.0.1}"/> </interface> </interfaces>
Loopback address
<!-- Selects an IP address in an IPv4 or IPv6 loopback address block. --> <interfaces> <interface name="public"> <loopback/> </interface> </interfaces>
Non-loopback address
<!-- Selects an IP address in an IPv4 or IPv6 non-loopback address block. --> <interfaces> <interface name="public"> <non-loopback/> </interface> </interfaces>
Any address
<!-- Uses the `INADDR_ANY` wildcard address which means Data Grid Server listens for inbound client requests on all interfaces. --> <interfaces> <interface name="public"> <any-address/> </interface> </interfaces>
Link local
<!-- Selects a link-local IP address in an IPv4 or IPv6 address block. --> <interfaces> <interface name="public"> <link-local/> </interface> </interfaces>
Site local
<!-- Selects a site-local (private) IP address in an IPv4 or IPv6 address block. --> <interfaces> <interface name="public"> <site-local/> </interface> </interfaces>
Match and fallback strategies
Data Grid Server can enumerate all network interfaces on the host system and bind to an interface, host, or IP address that matches a value, which can include regular expressions for additional flexibility.
Match host
<!-- Selects an IP address that is assigned to a matching host name. --> <interfaces> <interface name="public"> <match-host value="my_host_name"/> </interface> </interfaces>
Match interface
<!--Selects an IP address assigned to a matching network interface. --> <interfaces> <interface name="public"> <match-interface value="eth0"/> </interface> </interfaces>
Match address
<!-- Selects an IP address that matches a regular expression. --> <interfaces> <interface name="public"> <match-address value="132\..*"/> </interface> </interfaces>
Fallback
<!-- Includes multiple strategies that Data Grid Server tries in the declared order until it finds a match. --> <interfaces> <interface name="public"> <match-host value="my_host_name"/> <match-address value="132\..*"/> <any-address/> </interface> </interfaces>
2.2. Socket Bindings
Socket bindings map endpoint connectors to server interfaces and ports.
By default, Data Grid servers provide the following socket bindings:
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}"> <socket-binding name="default" port="${infinispan.bind.port:11222}"/> <socket-binding name="memcached" port="11221"/> </socket-bindings>
-
socket-bindings
declares the default interface and port offset. -
default
binds to hotrod and rest connectors to the default port11222
. memcached
binds the memcached connector to port11221
.NoteThe memcached endpoint is disabled by default.
To override the default interface for socket-binding
declarations, specify the interface
attribute.
For example, you add an interface
declaration named "private":
<interfaces> ... <interface name="private"> <inet-address value="10.1.2.3"/> </interface> </interfaces>
You can then specify interface="private"
in a socket-binding
declaration to bind to the private IP address, as follows:
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}"> ... <socket-binding name="private_binding" interface="private" port="1234"/> </socket-bindings>
2.3. Changing the Default Bind Address for Data Grid Servers
You can use the server -b
switch or the infinispan.bind.address
system property to bind to a different address.
For example, bind the public
interface to 127.0.0.2
as follows:
- Linux
$ bin/server.sh -b 127.0.0.2
- Windows
bin\server.bat -b 127.0.0.2
2.4. Specifying Port Offsets
Configure port offsets with Data Grid servers when running multiple instances on the same host. The default port offset is 0
.
Use the -o
switch with the Data Grid CLI or the infinispan.socket.binding.port-offset
system property to set port offsets.
For example, start a server instance with an offset of 100
as follows. With the default configuration, this results in the Data Grid server listening on port 11322
.
- Linux
$ bin/server.sh -o 100
- Windows
bin\server.bat -o 100
2.5. Data Grid Endpoints
Data Grid endpoints expose the CacheManager
interface over different connector protocols so you can remotely access data and perform operations to manage and maintain Data Grid clusters.
You can define multiple endpoint connectors on different socket bindings.
2.5.1. Hot Rod
Hot Rod is a binary TCP client-server protocol designed to provide faster data access and improved performance in comparison to text-based protocols.
Data Grid provides Hot Rod client libraries in Java, C++, C#, Node.js and other programming languages.
Topology state transfer
Data Grid uses topology caches to provide clients with cluster views. Topology caches contain entries that map internal JGroups transport addresses to exposed Hot Rod endpoints.
When client send requests, Data Grid servers compare the topology ID in request headers with the topology ID from the cache. Data Grid servers send new topology views if client have older topology IDs.
Cluster topology views allow Hot Rod clients to immediately detect when nodes join and leave, which enables dynamic load balancing and failover.
In distributed cache modes, the consistent hashing algorithm also makes it possible to route Hot Rod client requests directly to primary owners.
2.5.2. REST
Reference
Data Grid exposes a RESTful interface that allows HTTP clients to access data, monitor and maintain clusters, and perform administrative operations.
You can use standard HTTP load balancers to provide clients with load balancing and failover capabilities. However, HTTP load balancers maintain static cluster views and require manual updates when cluster topology changes occur.
2.5.3. Protocol Comparison
Hot Rod | HTTP / REST | |
---|---|---|
Topology-aware | Y | N |
Hash-aware | Y | N |
Encryption | Y | Y |
Authentication | Y | Y |
Conditional ops | Y | Y |
Bulk ops | Y | N |
Transactions | Y | N |
Listeners | Y | N |
Query | Y | Y |
Execution | Y | N |
Cross-site failover | Y | N |
2.6. Endpoint Connectors
You configure Data Grid server endpoints with connector declarations that specify socket bindings, authentication mechanisms, and encryption configuration.
The default endpoint connector configuration is as follows:
<endpoints socket-binding="default" security-realm="default"/>
-
endpoints
contains endpoint connector declarations and defines global configuration for endpoints such as default socket bindings, security realms, and whether clients must present valid TLS certificates. -
<hotrod-connector/>
declares a Hot Rod connector. -
<rest-connector/>
declares a REST connector. -
<memcached-connector socket-binding="memcached"/>
declares a Memcached connector that uses the memcached socket binding.
Declaring an empty <endpoints/>
element implicitly enables the Hot Rod and REST connectors.
It is possible to have multiple endpoints
bound to different sockets. These can use different security realms and offer different authentication and encryption configurations. The following configuration enables two endpoints on distinct socket bindings, each one with a dedicated security realm. Additionally, the public
endpoint disables administrative features, such as the console and CLI.
<endpoints socket-binding="public" security-realm="application-realm" admin="false"> <hotrod-connector/> <rest-connector/> </endpoints> <endpoints socket-binding="private" security-realm="management-realm"> <hotrod-connector/> <rest-connector/> </endpoints>
Reference
urn:infinispan:server schema provides all available endpoint configuration.
2.6.1. Hot Rod Connectors
Hot Rod connector declarations enable Hot Rod servers.
<hotrod-connector name="hotrod"> <topology-state-transfer /> <authentication> <!-- Hot Rod endpoint authentication configuration. --> </authentication> <encryption> <!-- Hot Rod endpoint SSL/TLS encryption configuration. --> </encryption> </hotrod-connector>
-
name="hotrod"
logically names the Hot Rod connector. By default the name is derived from the socket binding name, for example hotrod-default. -
topology-state-transfer
tunes the state transfer operations that provide Hot Rod clients with cluster topology. -
authentication
configures SASL authentication mechanisms. -
encryption
configures TLS settings for client connections.
Reference
urn:infinispan:server schema provides all available Hot Rod connector configuration.
2.6.2. REST Connectors
REST connector declarations enable REST servers.
<rest-connector name="rest"> <authentication> <!-- REST endpoint authentication configuration. --> </authentication> <cors-rules> <!-- Cross-Origin Resource Sharing (CORS) rules. --> </cors-rules> <encryption> <!-- REST endpoint SSL/TLS encryption configuration. --> </encryption> </rest-connector>
-
name="rest"
logically names the REST connector. By default the name is derived from the socket binding name, for example rest-default. -
authentication
configures authentication mechanisms. -
cors-rules
specifies CORS (Cross Origin Resource Sharing) rules for cross-domain requests. -
encryption
configures TLS settings for client connections.
Reference
urn:infinispan:server schema provides all available REST connector configuration.
2.7. Data Grid Server Ports and Protocols
Data Grid Server exposes endpoints on your network for remote client access.
Port | Protocol | Description |
---|---|---|
| TCP | Hot Rod and REST endpoint |
| TCP | Memcached endpoint, which is disabled by default. |
2.8. Single Port
Data Grid Server exposes multiple protocols through a single TCP port, which is 11222
by default. Handling multiple protocols with a single port simplifies configuration and reduces management complexity when deploying Data Grid clusters. Using a single port also enhances security by minimizing the attack surface on the network.
Data Grid Server handles HTTP/1.1, HTTP/2, and Hot Rod protocol requests from clients via the single port in different ways.
HTTP/1.1 upgrade headers
Client requests can include the HTTP/1.1 upgrade
header field to initiate HTTP/1.1 connections with Data Grid Server. Client applications can then send the Upgrade: protocol
header field, where protocol
is a server endpoint.
Application-Layer Protocol Negotiation (ALPN)/Transport Layer Security (TLS)
Client requests include Server Name Indication (SNI) mappings for Data Grid Server endpoints to negotiate protocols over a TLS connection.
Applications must use a TLS library that supports the ALPN extension. Data Grid uses WildFly OpenSSL bindings for Java.
Automatic Hot Rod detection
Client requests that include Hot Rod headers automatically route to Hot Rod endpoints.
2.8.1. Configuring Network Firewalls for Remote Connections
Adjust any firewall rules to allow traffic between the server and external clients.
Procedure
On Red Hat Enterprise Linux (RHEL) workstations, for example, you can allow traffic to port 11222
with firewalld as follows:
# firewall-cmd --add-port=11222/tcp --permanent success # firewall-cmd --list-ports | grep 11222 11222/tcp
To configure firewall rules that apply across a network, you can use the nftables utility.