[erlang-questions] Controlled interaction of two erlang distributed networks

[Kenji Rikitake]

I understand Erlang rpc module and the related ones including
global_group module are designed only for where arbitrary communication
is possible and allowed between the BEAM instances *and* epmd programs.
This assumption is unfortunately not feasible on a network across
unsecure links, such as those over global Internet.

I was once thinking about managing the two or more separated Erlang rpc
links as a single network, but I still have no idea with that.

In the message <8F9DAC3F-2CE4-4E43-B756-5560073A184D@REDACTED>
dated Tue, Aug 25, 2009 at 08:49:50PM -0700,
Jayson Vantuyl <kagato@REDACTED> writes:
> Actually, IPsec was mostly what I was worried about.

IPsec over a NAT conversion is complicated and difficult.

Configuring the IKE policy rules is a bit of headache unless making
*all* communication between two IP addresses under IPsec.

For running something depending on rpc module, Encryption of
communication between epmd daemons is mandatory, as well as that between
BEAM instances.  Mandating IPsec to *all* involving hosts is a simple
way, but enforcing the policy is a difficult task too.

(And using inet_ssl_dist is actually *incomplete* for encrypting all
necessary traffics, because it does not encrypt empd traffic at all.)

> That said, DNS is what will bite you.  If you're cool with that, then  
> you can try using global_group.

Maintaining unified DNS domain across multiple private (RFC1918)
networks is surely another headache.

My 2 JPY worth,

Kenji Rikitake