[erlang-questions] Controlled interaction of two erlang distributed networks
Fri Aug 28 02:08:49 CEST 2009
In the message <7702c0610908271521y5e070af3s7de5ea2d25e9b1d7@REDACTED>
dated Fri, Aug 28, 2009 at 08:20:38AM +1000,
Richard Andrews <bflatmaj7th@REDACTED> writes:
> TCP is unsuitable due to head of line blocking. I expect this is the
> main reason for the many connections. SCTP would remove such an issue
> as a stream could be established for each purpose.
Streams within a connection will be useful indeed.
> > One long-time argument for epmd: at least the source port address with
> > bind() system call should be freely specified other than
> > INADDR_ANY. I've seen this argument repeatedly on the list and I wonder
> > why this has not been implemented yet. ?Binding to INADDR_ANY is the
> > least preferable choice, especially a host has multiple addresses bound
> > into a network interface.
> This is undesirable to me.
Running BEAM on a multiple interface machine often needs restricting
showing epmd to one trusted network, e.g., on a dual-homed firewall, or
in a FreeBSD Jail which requires processes in Jails to bind() on the
specific addresses other than INADDR_ANY.
Packet filters should be used anyway to prevent unwanted packets to
reach epmd, but narrowing the acceptable packets to specify a
non-INADDR_ANY address solves this issue in much simpler way. All I
need is a command option to set the bind()ing address(es).
An environment variable ERL_EPMD_PORT is recently added;
ERL_EPMD_IPV4_ADDRESS (or the IPv6 one) looks easy to be added too.
I know I can patch, but I'd rather want it as an epmd official function.
> > I need something in Erlang to safely monitor/control/manipulate/whatever
> > each other between BEAMs across the Internet.
> I just use sockets and term_to_bin.
Yes this is a well-known first step; and I want it to do over an
encrypted channel. inet_ssl_dist is not bad if epmd *were* encrypted.
Unfortunately this is not the case so I need to think about something
else. Fortunately Erlang has its own ssh module and I'm now playing
around with it. Note: the default ssh_cli.erl has so many functions
for command-line editing implemented, and those are not necessary at all
for just passing binaries in Erlang External Term Format (at
http://erlang.org/doc/apps/erts/erl_ext_dist.html on Web).
More information about the erlang-questions