Chapter 2. Network Interfaces and Endpoints
Expose Data Grid Server through a network interface by binding it to an IP address. You can then configure endpoints to use the interface so Data Grid Server can handle requests from remote client applications.
By default, Data Grid Server exposes a single port that automatically detects the protocol of inbound requests.
2.1. Network Interfaces
Data Grid Server multiplexes endpoints to a single TCP/IP port and automatically detects protocols of inbound client requests. You can configure how Data Grid Server binds to network interfaces to listen for client requests.
Internet Protocol (IP) address
<!-- Selects a specific IPv4 address, which can be public, private, or loopback.
This is the default network interface for Data Grid Server. -->
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
Loopback address
<!-- Selects an IP address in an IPv4 or IPv6 loopback address block. -->
<interfaces>
<interface name="public">
<loopback/>
</interface>
</interfaces>
Non-loopback address
<!-- Selects an IP address in an IPv4 or IPv6 non-loopback address block. -->
<interfaces>
<interface name="public">
<non-loopback/>
</interface>
</interfaces>
Any address
<!-- Uses the `INADDR_ANY` wildcard address which means Data Grid Server
listens for inbound client requests on all interfaces. -->
<interfaces>
<interface name="public">
<any-address/>
</interface>
</interfaces>
Link local
<!-- Selects a link-local IP address in an IPv4 or IPv6 address block. -->
<interfaces>
<interface name="public">
<link-local/>
</interface>
</interfaces>
Site local
<!-- Selects a site-local (private) IP address in an IPv4 or IPv6 address block. -->
<interfaces>
<interface name="public">
<site-local/>
</interface>
</interfaces>
Match and fallback strategies
Data Grid Server can enumerate all network interfaces on the host system and bind to an interface, host, or IP address that matches a value, which can include regular expressions for additional flexibility.
Match host
<!-- Selects an IP address that is assigned to a matching host name. -->
<interfaces>
<interface name="public">
<match-host value="my_host_name"/>
</interface>
</interfaces>
Match interface
<!--Selects an IP address assigned to a matching network interface. -->
<interfaces>
<interface name="public">
<match-interface value="eth0"/>
</interface>
</interfaces>
Match address
<!-- Selects an IP address that matches a regular expression. -->
<interfaces>
<interface name="public">
<match-address value="132\..*"/>
</interface>
</interfaces>
Fallback
<!-- Includes multiple strategies that Data Grid Server tries in the
declared order until it finds a match. -->
<interfaces>
<interface name="public">
<match-host value="my_host_name"/>
<match-address value="132\..*"/>
<any-address/>
</interface>
</interfaces>
2.2. Socket Bindings
Socket bindings map endpoint connectors to server interfaces and ports.
By default, Data Grid servers provide the following socket bindings:
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
<socket-binding name="default" port="${infinispan.bind.port:11222}"/>
<socket-binding name="memcached" port="11221"/>
</socket-bindings>-
socket-bindingsdeclares the default interface and port offset. -
defaultbinds to hotrod and rest connectors to the default port11222. memcachedbinds the memcached connector to port11221.NoteThe memcached endpoint is disabled by default.
To override the default interface for socket-binding declarations, specify the interface attribute.
For example, you add an interface declaration named "private":
<interfaces>
...
<interface name="private">
<inet-address value="10.1.2.3"/>
</interface>
</interfaces>
You can then specify interface="private" in a socket-binding declaration to bind to the private IP address, as follows:
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
...
<socket-binding name="private_binding" interface="private" port="1234"/>
</socket-bindings>2.3. Changing the Default Bind Address for Data Grid Servers
You can use the server -b switch or the infinispan.bind.address system property to bind to a different address.
For example, bind the public interface to 127.0.0.2 as follows:
- Linux
$ bin/server.sh -b 127.0.0.2
- Windows
bin\server.bat -b 127.0.0.2
2.4. Specifying Port Offsets
Configure port offsets with Data Grid servers when running multiple instances on the same host. The default port offset is 0.
Use the -o switch with the Data Grid CLI or the infinispan.socket.binding.port-offset system property to set port offsets.
For example, start a server instance with an offset of 100 as follows. With the default configuration, this results in the Data Grid server listening on port 11322.
- Linux
$ bin/server.sh -o 100
- Windows
bin\server.bat -o 100
2.5. Data Grid Endpoints
Data Grid endpoints expose the CacheManager interface over different connector protocols so you can remotely access data and perform operations to manage and maintain Data Grid clusters.
You can define multiple endpoint connectors on different socket bindings.
2.5.1. Hot Rod
Hot Rod is a binary TCP client-server protocol designed to provide faster data access and improved performance in comparison to text-based protocols.
Data Grid provides Hot Rod client libraries in Java, C++, C#, Node.js and other programming languages.
Topology state transfer
Data Grid uses topology caches to provide clients with cluster views. Topology caches contain entries that map internal JGroups transport addresses to exposed Hot Rod endpoints.
When client send requests, Data Grid servers compare the topology ID in request headers with the topology ID from the cache. Data Grid servers send new topology views if client have older topology IDs.
Cluster topology views allow Hot Rod clients to immediately detect when nodes join and leave, which enables dynamic load balancing and failover.
In distributed cache modes, the consistent hashing algorithm also makes it possible to route Hot Rod client requests directly to primary owners.
2.5.2. REST
Reference
Data Grid exposes a RESTful interface that allows HTTP clients to access data, monitor and maintain clusters, and perform administrative operations.
You can use standard HTTP load balancers to provide clients with load balancing and failover capabilities. However, HTTP load balancers maintain static cluster views and require manual updates when cluster topology changes occur.
2.5.3. Protocol Comparison
| Hot Rod | HTTP / REST | |
|---|---|---|
| Topology-aware | Y | N |
| Hash-aware | Y | N |
| Encryption | Y | Y |
| Authentication | Y | Y |
| Conditional ops | Y | Y |
| Bulk ops | Y | N |
| Transactions | Y | N |
| Listeners | Y | N |
| Query | Y | Y |
| Execution | Y | N |
| Cross-site failover | Y | N |
2.6. Endpoint Connectors
You configure Data Grid server endpoints with connector declarations that specify socket bindings, authentication mechanisms, and encryption configuration.
The default endpoint connector configuration is as follows:
<endpoints socket-binding="default" security-realm="default"/>
-
endpointscontains endpoint connector declarations and defines global configuration for endpoints such as default socket bindings, security realms, and whether clients must present valid TLS certificates. -
<hotrod-connector/>declares a Hot Rod connector. -
<rest-connector/>declares a REST connector. -
<memcached-connector socket-binding="memcached"/>declares a Memcached connector that uses the memcached socket binding.
Declaring an empty <endpoints/> element implicitly enables the Hot Rod and REST connectors.
It is possible to have multiple endpoints bound to different sockets. These can use different security realms and offer different authentication and encryption configurations. The following configuration enables two endpoints on distinct socket bindings, each one with a dedicated security realm. Additionally, the public endpoint disables administrative features, such as the console and CLI.
<endpoints socket-binding="public" security-realm="application-realm" admin="false"> <hotrod-connector/> <rest-connector/> </endpoints> <endpoints socket-binding="private" security-realm="management-realm"> <hotrod-connector/> <rest-connector/> </endpoints>
Reference
urn:infinispan:server schema provides all available endpoint configuration.
2.6.1. Hot Rod Connectors
Hot Rod connector declarations enable Hot Rod servers.
<hotrod-connector name="hotrod">
<topology-state-transfer />
<authentication>
<!-- Hot Rod endpoint authentication configuration. -->
</authentication>
<encryption>
<!-- Hot Rod endpoint SSL/TLS encryption configuration. -->
</encryption>
</hotrod-connector>-
name="hotrod"logically names the Hot Rod connector. By default the name is derived from the socket binding name, for example hotrod-default. -
topology-state-transfertunes the state transfer operations that provide Hot Rod clients with cluster topology. -
authenticationconfigures SASL authentication mechanisms. -
encryptionconfigures TLS settings for client connections.
Reference
urn:infinispan:server schema provides all available Hot Rod connector configuration.
2.6.2. REST Connectors
REST connector declarations enable REST servers.
<rest-connector name="rest">
<authentication>
<!-- REST endpoint authentication configuration. -->
</authentication>
<cors-rules>
<!-- Cross-Origin Resource Sharing (CORS) rules. -->
</cors-rules>
<encryption>
<!-- REST endpoint SSL/TLS encryption configuration. -->
</encryption>
</rest-connector>-
name="rest"logically names the REST connector. By default the name is derived from the socket binding name, for example rest-default. -
authenticationconfigures authentication mechanisms. -
cors-rulesspecifies CORS (Cross Origin Resource Sharing) rules for cross-domain requests. -
encryptionconfigures TLS settings for client connections.
Reference
urn:infinispan:server schema provides all available REST connector configuration.
2.7. Data Grid Server Ports and Protocols
Data Grid Server exposes endpoints on your network for remote client access.
| Port | Protocol | Description |
|---|---|---|
|
| TCP | Hot Rod and REST endpoint |
|
| TCP | Memcached endpoint, which is disabled by default. |
2.8. Single Port
Data Grid Server exposes multiple protocols through a single TCP port, which is 11222 by default. Handling multiple protocols with a single port simplifies configuration and reduces management complexity when deploying Data Grid clusters. Using a single port also enhances security by minimizing the attack surface on the network.
Data Grid Server handles HTTP/1.1, HTTP/2, and Hot Rod protocol requests from clients via the single port in different ways.
HTTP/1.1 upgrade headers
Client requests can include the HTTP/1.1 upgrade header field to initiate HTTP/1.1 connections with Data Grid Server. Client applications can then send the Upgrade: protocol header field, where protocol is a server endpoint.
Application-Layer Protocol Negotiation (ALPN)/Transport Layer Security (TLS)
Client requests include Server Name Indication (SNI) mappings for Data Grid Server endpoints to negotiate protocols over a TLS connection.
Applications must use a TLS library that supports the ALPN extension. Data Grid uses WildFly OpenSSL bindings for Java.
Automatic Hot Rod detection
Client requests that include Hot Rod headers automatically route to Hot Rod endpoints.
2.8.1. Configuring Network Firewalls for Remote Connections
Adjust any firewall rules to allow traffic between the server and external clients.
Procedure
On Red Hat Enterprise Linux (RHEL) workstations, for example, you can allow traffic to port 11222 with firewalld as follows:
# firewall-cmd --add-port=11222/tcp --permanent success # firewall-cmd --list-ports | grep 11222 11222/tcp
To configure firewall rules that apply across a network, you can use the nftables utility.
