XDCR using ssh compression
45 views
Skip to first unread message
uni Cornx
Mar 4, 2014, 11:53:03 AM3/4/14
to couc...@googlegroups.com
Is it possible to configure ssh -C for XDCR?
I read a similar idea from http://tech.3scale.net/2012/07/25/fun-with-redis-replication
Aliaksey Kandratsenka
Mar 4, 2014, 12:01:39 PM3/4/14
to couc...@googlegroups.com
On Tue, Mar 4, 2014 at 8:53 AM, uni Cornx <unico...@gmail.com> wrote:
Is it possible to configure ssh -C for XDCR?I read a similar idea from http://tech.3scale.net/2012/07/25/fun-with-redis-replication
Not possible. But you can achieve similar results with openvpn or other vpn products.
In fact using some kind of vpn software for replication over internet is a must IMHO. Not only it gives you mandatory security, but it can give you compression too.
uni Cornx
Mar 4, 2014, 12:04:41 PM3/4/14
to couc...@googlegroups.com
Thanks. Will look at that. But why ssh -c is not possible?
--
You received this message because you are subscribed to a topic in the Google Groups "Couchbase" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/couchbase/SPQJ-6rv444/unsubscribe.
To unsubscribe from this group and all its topics, send an email to couchbase+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Aliaksey Kandratsenka
Mar 4, 2014, 12:07:20 PM3/4/14
to couc...@googlegroups.com
On Tue, Mar 4, 2014 at 9:04 AM, uni Cornx <unico...@gmail.com> wrote:
Thanks. Will look at that. But why ssh -c is not possible?
We're using tcp directly. Redis appears to be designed for tunnelling it's traffic via ssh.
You can establish tcp "tunnel" via ssh (ssh + pppd for example) but that's not going to be better than dedicated vpn software.
--
You received this message because you are subscribed to the Google Groups "Couchbase" group.
To unsubscribe from this group and stop receiving emails from it, send an email to couchbase+...@googlegroups.com.
Torsten Valentin
Mar 4, 2014, 12:16:08 PM3/4/14
to couc...@googlegroups.com
> Is it possible to configure ssh -C for XDCR?
Why would xou want to? Am I wrong in thinking that 2.5 offers encrypted
CDCR?
uni Cornx
Mar 4, 2014, 12:19:22 PM3/4/14
to couc...@googlegroups.com
I am thinking of compression. There is no community version of 2.5 yet? :)
Torsten Valentin
Mar 4, 2014, 12:31:20 PM3/4/14
to couc...@googlegroups.com
Uh. You're right. As far as I can see there's no 2.5 community edition yet.
:-(
> I am thinking of compression. There is no community version of 2.5 yet? :)
>
> On 5 Mar, 2014 1:18 am, "Torsten Valentin" <vale...@4ss.de
> --
> You received this message because you are subscribed to the Google
> Groups "Couchbase" group.
> To unsubscribe from this group and stop receiving emails from it, send
:-(
> I am thinking of compression. There is no community version of 2.5 yet? :)
>
> On 5 Mar, 2014 1:18 am, "Torsten Valentin" <vale...@4ss.de
> <mailto:vale...@4ss.de>> wrote:
>
> > Is it possible to configure ssh -C for XDCR?
>
> Why would xou want to? Am I wrong in thinking that 2.5 offers encrypted
> CDCR?
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Couchbase" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/couchbase/SPQJ-6rv444/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> couchbase+...@googlegroups.com
> <mailto:couchbase%2Bunsu...@googlegroups.com>.
>
> > Is it possible to configure ssh -C for XDCR?
>
> Why would xou want to? Am I wrong in thinking that 2.5 offers encrypted
> CDCR?
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Couchbase" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/couchbase/SPQJ-6rv444/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> couchbase+...@googlegroups.com
> --
> You received this message because you are subscribed to the Google
> Groups "Couchbase" group.
> To unsubscribe from this group and stop receiving emails from it, send
Aliaksey Kandratsenka
Mar 4, 2014, 12:40:24 PM3/4/14
to couc...@googlegroups.com
It's brand new code and doesn't match performance and maturity of established vpn packages. Particularly I have no reason to trust Erlang's own implementation of ssl protocol (crypto is by openssl; protocol they've reimplemented).
Regarding community edition of 2.5 (mentioned above), it's sadly indeed not available. However the code is all there (including enterprise-only stuff at least as of now). And it's just a matter of somebody doing build & packaging.
uni Cornx
Mar 4, 2014, 9:36:21 PM3/4/14
to couc...@googlegroups.com
This might be unrelated, but can someone explains how using openvpn or others, for xdcr?
I read that a secure tunnel will be created between the 2 couchbase node (for simplicity). Xdcr uses 8091 and 8092. And when configuring xdcr, I defined the IP address of the other node to replicate to.
So how does xdcr uses the tunnel?
--
You received this message because you are subscribed to a topic in the Google Groups "Couchbase" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/couchbase/SPQJ-6rv444/unsubscribe.
To unsubscribe from this group and all its topics, send an email to couchbase+...@googlegroups.com.
Aliaksey Kandratsenka
Mar 5, 2014, 1:08:06 PM3/5/14
to couc...@googlegroups.com
On Tue, Mar 4, 2014 at 6:36 PM, uni Cornx <unico...@gmail.com> wrote:
This might be unrelated, but can someone explains how using openvpn or others, for xdcr?
I read that a secure tunnel will be created between the 2 couchbase node (for simplicity). Xdcr uses 8091 and 8092. And when configuring xdcr, I defined the IP address of the other node to replicate to.
So how does xdcr uses the tunnel?
It'll just uses TCP/IP stack and TCP/IP stack needs to be configured to send packets for remote cluster via VPN tunnel.
Reply all
Reply to author
Forward
0 new messages