Securing communication between nodes

Ulf Wiger etxuwig@REDACTED
Wed Jul 19 09:14:17 CEST 2000 

On 19 Jul 2000, Mickael Remond wrote:

>
>Are there a way to secure the communication between two nodes is the
>same way that ssh does ?
>
>In fact, in need an authentification procedure to connect to the
>server. I am thinking to solve this problem by creating a socket
>connection between the two Erlang node and by tunneling the
>communication. An authentification key thus will be mandatory to
>send connect to the Erlang server node.
>
>But, doing so I bypass the net_kernel handy mecanism.
>
>Is there a way to do the same thing with the standard Erlang node
>communication ?
>
>Thank you for your help.

First of all, I know that OTP has experimented with SSL-based
distributed Erlang. I'll let them talk about that.

If you want to roll your own...

I don't know what the proper protocol is here, but there is a 
net_kernel patch on the commercial side (for R5B, as far as I can
tell, the patch has not been merged with R6B yet) that allows you
to turn off the auto-connect feature in Erlang. I'd include it,
but I'd first like to hear from the OTP folks that it's OK.

This is something we wanted for AXD301, in order to better handle the
situations where nodes lose contact because the communication fails
somehow. It drastically improved our performance in those situations.

The new feature is that you can specify the behaviour of the 
net_kernel via the kernel environment variable 'dist_auto_connect':

once: Auto-connect the first time, but do not re-establish if the
      connection fails. This is what we do at AXD 301.

never: Never auto-connect. This might be handy if you want to set
       up a tunneling connection or perform some custom 
       authentication. The function net_kernel:connect_node(Node)
       will connect on demand.

The default behaviour is the old auto-connect.

Of course, you need to implement some other means of communication
between the nodes. To complement the 'once' semantics, we at AXD 301
implemented a UDP-based ping mechanism: every 5 seconds, each node
will send a UDP "I am here" packet to all known hosts. Upon receipt of
such a packet, a process checks against the nodes() list; if the node
is there, it does nothing; if the node is not in the nodes() list, one
of the nodes must restart in order to reestablish communication
(communication is automatically established at startup.)

This may seem a bit contrived, perhaps, but it gives us a sure
way of detecting partitioned networks. Deciding what to do when it
happens is another matter, highly application specific.

It is also quite possible to use a backdoor to negotiate who should
restart backdoor. This becomes much safer as the nodes to not
automatically connect, as an auto-connect can cause lasting
inconsistency in the database, name conflicts in the global name
server, and a number of other nasty problems.

/Uffe
-- 
Ulf Wiger                                    tfn: +46  8 719 81 95
Network Architecture & Product Strategies    mob: +46 70 519 81 95
Ericsson Telecom AB,              Datacom Networks and IP Services
Varuvägen 9, Älvsjö,                    S-126 25 Stockholm, Sweden

More information about the erlang-questions mailing list