On 05/09/2016 07:52 AM, Sebastian Laskawiec wrote:
Hey Radim!
Comments inlined.
Thanks
Sebastian
On Mon, May 9, 2016 at 12:55 PM, Radim Vansa <rvansa(a)redhat.com
<mailto:rvansa@redhat.com>> wrote:
As for the questions:
* Is SSL required for SNI? I can imagine that multi-tenancy would make
sense even in situations when the connection does not need to be
encrypted. Moreover, if we plan to eventually have HR clients with
async
API (and using async I/O), SSL is even more PITA. Btw., do we have any
numbers how much SSL affects perf? (that's a question for QA, though)
Unfortunately no. SNI is an extension of TLS [2] which is an upgrade
of SSL. In Java SNI Host names are specified in SSLParameters [3].
Of course SSL slows things down a bit, that's why we also need a
"switch-to-tenant" command which would be used by the clients who do
not want SSL. However if someone uses SNI and SSL (and only then) we
can switch him to proper tenant automatically (because we have enough
information at that point).
So you can initiate connection with SSL (+SNI) and then downgrade it to
plain-text?
* I don't think that dynamic switching of tenants would make sense,
since that would require to invalidate all RemoteCache instances, near
caches, connection pools, everything. So it's the same as starting
from
scratch.
Frankly I also have a mixed feelings about this feature. I think it
would be much nicer if we switched to another tenant by doing
disconnect/connect sequence (and not switching dynamically).
R.
On 04/29/2016 05:29 PM, Sebastian Laskawiec wrote:
> Dear Community,
>
> Please have a look at the design of Multi tenancy support for
> Infinispan [1]. I would be more than happy to get some feedback
from you.
>
> Highlights:
>
> * The implementation will be based on a Router (which will be
built
> based on Netty)
> * Multiple Hot Rod and REST servers will be attached to the router
> which in turn will be attached to the endpoint
> * The router will operate on a binary protocol when using Hot Rod
> clients and path-based routing when using REST
> * Memcached will be out of scope
> * The router will support SSL+SNI
>
> Thanks
> Sebastian
>
> [1]
>
https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Se...
[2]
https://tools.ietf.org/html/rfc6066#page-6
[3]
https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.htm...
>
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev(a)lists.jboss.org
<mailto:infinispan-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/infinispan-dev
--
Radim Vansa <rvansa(a)redhat.com <mailto:rvansa@redhat.com>>
JBoss Performance Team
_______________________________________________
infinispan-dev mailing list
infinispan-dev(a)lists.jboss.org <mailto:infinispan-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/infinispan-dev
_______________________________________________
infinispan-dev mailing list
infinispan-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/infinispan-dev
--
Radim Vansa <rvansa(a)redhat.com>
JBoss Performance Team