红帽全球峰会此内容没有您所选择的语言版本。
Chapter 3. Data Grid Server endpoints
Data Grid Server endpoints provide client access to the cache manager over different protocols. A server endpoint can multiplex multiple protocols on the same socket binding by detecting the incoming traffic type and routing it to the appropriate internal connector handler.
3.1. Data Grid Server protocols
3.1.1. Hot Rod
Hot Rod is a binary TCP client-server protocol designed to provide faster data access and improved performance in comparison to text-based protocols.
Data Grid provides Hot Rod client libraries in Java, C++, C#, Node.js and other programming languages.
Topology caches
Data Grid uses topology caches to provide clients with cluster views. Topology caches contain entries that map internal JGroups transport addresses to exposed Hot Rod endpoints.
When clients send requests, Data Grid servers compare the topology ID in request headers with the topology ID from the cache. Data Grid servers send new topology views if clients have older topology IDs.
Cluster topology views allow Hot Rod clients to immediately detect when nodes join and leave, which enables dynamic load balancing and failover.
In distributed cache modes, the consistent hashing algorithm also makes it possible to route Hot Rod client requests directly to primary owners.
3.1.2. REST
Data Grid exposes a RESTful interface that allows HTTP clients to access data, monitor and maintain clusters, and perform administrative operations.
You can use standard HTTP load balancers to provide clients with load balancing and failover capabilities. However, HTTP load balancers maintain static cluster views and require manual updates when cluster topology changes occur.
3.1.3. RESP
Data Grid provides an implementation of the RESP3 protocol used by Redis, Valkey, Elasticache and others.
The RESP connector supports a large subset of the Redis commands.
3.1.4. Memcached
Data Grid provides an implementation of the Memcached text and binary protocols for remote client access.
The Data Grid Memcached endpoint supports clustering with replicated and distributed cache modes.
There are some Memcached client implementations, such as the Cache::Memcached Perl client, that can offer load balancing and failover detection capabilities with static lists of Data Grid server addresses that require manual updates when cluster topology changes occur.
3.1.5. Comparison of protocols
| Hot Rod | HTTP / REST | Memcached | RESP | |
|---|---|---|---|---|
| Topology-aware | Y | N | N | N |
| Hash-aware | Y | N | N | N |
| Encryption | Y | Y | Y | Y |
| Authentication | Y | Y | Y | Y |
| Conditional ops | Y | Y | Y | N |
| Bulk ops | Y | N | Y | Y |
| Transactions | Y | N | N | N |
| Listeners | Y | N | N | Y |
| Query | Y | Y | N | N |
| Execution | Y | N | N | N |
| Cross-site failover | Y | N | N | N |
Before diving into advanced configuration, here is a quick note on version compatibility. Data Grid Server allows you to connect Hot Rod clients with different versions. For instance, during a migration or upgrade to your Data Grid cluster, the Hot Rod client version might be lower than the Data Grid Server version.
Data Grid recommends using the latest Hot Rod client version to benefit from the most recent capabilities and security enhancements.
Data Grid 8 and later
Hot Rod protocol version 3.x automatically negotiates the highest version possible for clients with Data Grid Server.
The client no longer supports Hot Rod protocol versions older than 3.0. As such, you must use an older client or the hotrod-client-legacy module.
Clients that use a Hot Rod protocol version that is higher than the Data Grid Server version must set the infinispan.client.hotrod.protocol_version property.
3.2. Configuring Data Grid Server endpoints
Control how the different server endpoints bind to sockets and use security realm configuration.
Prerequisites
- Add socket bindings and security realms to your Data Grid Server configuration.
Procedure
- Open your Data Grid Server configuration for editing.
-
Wrap multiple
endpointconfigurations with theendpointselement. -
Specify the socket binding that the endpoint uses with the
socket-bindingattribute. -
Specify the security realm that the endpoint uses with the
security-realmattribute. Disable administrator access with the
admin="false"attribute, if required.With this configuration users cannot access Data Grid Console or the Command Line Interface (CLI) from the endpoint.
- Save the changes to your configuration.
Data Grid Server must be configured with at least one endpoint which has a REST connector with administrative capabilities.
Multiple endpoint configuration
The following Data Grid Server configuration creates endpoints on separate socket bindings with dedicated security realms and disabling administrative access on the public endpoint:
XML
<server xmlns="urn:infinispan:server:16.0">
<endpoints>
<endpoint socket-binding="public"
security-realm="application-realm"
admin="false">
</endpoint>
<endpoint socket-binding="private"
security-realm="management-realm">
</endpoint>
</endpoints>
</server>JSON
{
"server": {
"endpoints": [
{
"socket-binding": "public",
"security-realm": "application-realm",
"admin": "false"
},
{
"socket-binding": "private",
"security-realm": "management-realm"
}]
}
}YAML
server:
endpoints:
- socketBinding: public
securityRealm: application-realm
admin: false
- socketBinding: private
securityRealm: management-realm3.3. Endpoint protocol connectors
Endpoints multiplex different protocol connectors through a single port. Protocol connectors employ detectors to inspect incoming traffic and direct client connections to the appropriate handler. An endpoint will enable all protocol connectors that support the configured security realm, unless connectors are declared explicitly. The default endpoint configuration, using the default property security realm, implicitly enables all the protocol connectors (Hot Rod, REST, RESP, Memcached).
XML
<endpoints socket-binding="default" security-realm="default"/>JSON
{
"endpoints": [
{
"socket-binding": "default",
"security-realm": "default"
}
]
}YAML
server:
endpoints:
- socketBinding: default
securityRealm: defaultEnable specific protocol connectors using explicit declaration.
| Configuration element or attribute | Description |
|---|---|
|
| Wraps endpoint connector configuration. |
|
| Declares a Data Grid Server endpoint that configures Hot Rod and REST connectors to use a socket binding and security realm. |
|
|
Includes the Hot Rod endpoint in the |
|
|
Includes the REST endpoint in the |
|
|
Includes the RESP endpoint in the |
|
|
Includes the Memcached endpoint in the |
Expose a single endpoint with only the REST and Hot Rod connectors on the default socket binding with the default security realm:
XML
<server xmlns="urn:infinispan:server:16.0">
<endpoints>
<endpoint socket-binding="default" security-realm="default">
<rest-connector/>
<hotrod-connector/>
</endpoint>
</endpoints>
</server>JSON
{
"endpoints": [
{
"endpoint": {
"socket-binding": "default",
"security-realm": "default",
"connectors": {
"rest": {
"rest-connector": {}
},
"hotrod": {
"hotrod-connector": {}
}
}
}
}
]
}YAML
endpoints:
- socketBinding: default
securityRealm: default
connectors:
rest:
restConnector: ~
hotrod:
hotrodConnector: ~
Expose a REST connector on the default socket binding with the default security realm and a RESP connector on the resp socket binding with the none security realm:
XML
<server xmlns="urn:infinispan:server:16.0">
<endpoints>
<endpoint socket-binding="default" security-realm="default">
<rest-connector/>
<resp-connector socket-binding="resp" security-realm="none"/>
</endpoint>
</endpoints>
</server>JSON
{
"endpoints": [
{
"endpoint": {
"socket-binding": "default",
"security-realm": "default",
"connectors": {
"rest": {
"rest-connector": {}
},
"resp": {
"resp-connector": {
"socket-binding": "resp",
"security-realm": "none"
}
}
}
}
}
]
}YAML
endpoints:
- socketBinding: default
securityRealm: default
connectors:
rest:
restConnector: ~
resp:
respConnector:
socketBinding: resp
securityRealm: none3.3.1. Endpoint request limits
Endpoints, by default, impose a 10MB limit on request sizes. If the client sends a request larger than the limit, the request may be met with an exception or the connection may be forcibly closed. The limit is configured via the max-content-length attributed. This is expressed in bytes and allows for a string value with a size suffix (e.g. 128KB, 10MB, 1.5GB). Note that this is the size of the entire request and is not limited to a single key or value.
Hot Rod, RESP & Memcached endpoints
<endpoints>
<endpoint socket-binding="default" security-realm="default">
<hotrod-connector name="hotrod" max-content-length="5MB">
...
</hotrod-connector>
<resp-connector name="resp" max-content-length="5MB">
...
</hotrod-connector>
<memcached-connector name="memcached" max-content-length="5MB">
...
</hotrod-connector>
</endpoint>
</endpoints>REST endpoint
<endpoints>
<endpoint socket-binding="default" security-realm="default">
<rest-connector name="rest" max-content-length="5MB">
...
</rest-connector>
</endpoint>
</endpoints>3.4. Endpoint IP address filtering rules
Data Grid Server endpoints can use filtering rules that control whether clients can connect based on their IP addresses. Data Grid Server applies filtering rules in order until it finds a match for the client IP address.
A CIDR block is a compact representation of an IP address and its associated network mask. CIDR notation specifies an IP address, a slash ('/') character, and a decimal number. The decimal number is the count of leading 1 bits in the network mask. The number can also be thought of as the width, in bits, of the network prefix. The IP address in CIDR notation is always represented according to the standards for IPv4 or IPv6.
The address can denote a specific interface address, including a host identifier, such as 10.0.0.1/8, or it can be the beginning address of an entire network interface range using a host identifier of 0, as in 10.0.0.0/8 or 10/8.
For example:
-
192.168.100.14/24represents the IPv4 address192.168.100.14and its associated network prefix192.168.100.0, or equivalently, its subnet mask255.255.255.0, which has 24 leading 1-bits. -
the IPv4 block
192.168.100.0/22represents the 1024 IPv4 addresses from192.168.100.0to192.168.103.255. -
the IPv6 block
2001:db8::/48represents the block of IPv6 addresses from2001:db8:0:0:0:0:0:0to2001:db8:0:ffff:ffff:ffff:ffff:ffff. -
::1/128represents the IPv6 loopback address. Its prefix length is 128 which is the number of bits in the address.
IP address filter configuration
In the following configuration, Data Grid Server accepts connections only from addresses in the 192.168.0.0/16 and 10.0.0.0/8 CIDR blocks. Data Grid Server rejects all other connections.
XML
<server xmlns="urn:infinispan:server:16.0">
<endpoints>
<endpoint socket-binding="default" security-realm="default">
<ip-filter>
<accept from="192.168.0.0/16"/>
<accept from="10.0.0.0/8"/>
<reject from="/0"/>
</ip-filter>
</endpoint>
</endpoints>
</server>JSON
{
"server": {
"endpoints": {
"endpoint": {
"socket-binding": "default",
"security-realm": "default",
"ip-filter": {
"accept-from": ["192.168.0.0/16", "10.0.0.0/8"],
"reject-from": "/0"
}
}
}
}
}YAML
server:
endpoints:
endpoint:
socketBinding: "default"
securityRealm: "default"
ipFilter:
acceptFrom: ["192.168.0.0/16","10.0.0.0/8"]
rejectFrom: "/0"Configure IP address filtering rules on Data Grid Server endpoints to accept or reject connections based on client address.
Prerequisites
- Install Data Grid Command Line Interface (CLI).
Procedure
- Create a CLI connection to Data Grid Server.
Inspect and modify the IP filter rules
server connector ipfiltercommand as required.List all IP filtering rules active on a connector across the cluster:
server connector ipfilter ls endpoint-defaultSet IP filtering rules across the cluster.
NoteThis command replaces any existing rules.
server connector ipfilter set endpoint-default --rules=ACCEPT/192.168.0.0/16,REJECT/10.0.0.0/8`Remove all IP filtering rules on a connector across the cluster.
server connector ipfilter clear endpoint-default
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}