Chapter 2. Configuring Data Grid Server Networking

Data Grid servers let you configure interfaces and ports to make endpoints available across your network.

By default, Data Grid servers multiplex endpoints to a single TCP/IP port and automatically detect protocols of inbound client requests.

2.1. Server Interfaces

Data Grid servers can use different strategies for binding to IP addresses.

2.1.1. Address Strategy

Uses an inet-address strategy that maps a single public interface to the IPv4 loopback address (127.0.0.1). 

<interfaces>
  <interface name="public">
    <inet-address value="${infinispan.bind.address:127.0.0.1}"/>
  </interface>
</interfaces>
Tip

You can use the CLI -b argument or the infinispan.bind.address property to select a specific address from the command-line. See Changing the Default Bind Address.

2.1.2. Loopback Strategy

Selects a loopback address.

  • IPv4 the address block 127.0.0.0/8 is reserved for loopback addresses.
  • IPv6 the address block ::1 is the only loopback address. 
<interfaces>
    <interface name="public">
        <loopback/>
    </interface>
</interfaces>

2.1.3. Non-Loopback Strategy

Selects a non-loopback address. 

<interfaces>
    <interface name="public">
        <non-loopback/>
    </interface>
</interfaces>

2.1.4. Network Address Strategy

Selects networks based on IP address. 

<interfaces>
    <interface name="public">
        <inet-address value="10.1.2.3"/>
    </interface>
</interfaces>

2.1.5. Any Address Strategy

Selects the INADDR_ANY wildcard address. As a result Data Grid servers listen on all interfaces. 

<interfaces>
    <interface name="public">
        <any-address/>
    </interface>
</interfaces>

2.1.7. Site Local Strategy

Selects a site-local (private) IP address.

  • IPv4 the address blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are reserved for site-local addressing.
  • IPv6 the address block fc00::/7 is reserved for site-local unicast addressing. 
<interfaces>
    <interface name="public">
        <inet-address value="10.1.2.3"/>
    </interface>
</interfaces>

2.1.8. Match Host Strategy

Resolves the host name and selects one of the IP addresses that is assigned to any network interface.

Data Grid servers enumerate all available operating system interfaces to locate IP addresses resolved from the host name in your configuration. 

<interfaces>
    <interface name="public">
        <match-host value="my_host_name"/>
    </interface>
</interfaces>

2.1.9. Match Interface Strategy

Selects an IP address assigned to a network interface that matches a regular expression.

Data Grid servers enumerate all available operating system interfaces to locate the interface name in your configuration.

Tip

Use regular expressions with this strategy for additional flexibility. 

<interfaces>
    <interface name="public">
        <match-interface value="eth0"/>
    </interface>
</interfaces>

2.1.10. Match Address Strategy

Similar to inet-address but selects an IP address using a regular expression.

Data Grid servers enumerate all available operating system interfaces to locate the IP address in your configuration.

Tip

Use regular expressions with this strategy for additional flexibility. 

<interfaces>
    <interface name="public">
        <match-address value="132\..*"/>
    </interface>
</interfaces>

2.1.11. Fallback Strategy

Interface configurations can include multiple strategies. Data Grid servers try each strategy in the declared order.

For example, with the following configuration, Data Grid servers first attempt to match a host, then an IP address, and then fall back to the INADDR_ANY wildcard address: 

<interfaces>
    <interface name="public">
        <match-host value="my_host_name"/>
        <match-address value="132\..*"/>
        <any-address/>
    </interface>
</interfaces>

2.1.12. Changing the Default Bind Address for Data Grid Servers

You can use the server -b switch or the infinispan.bind.address system property to bind to a different address.

For example, bind the public interface to 127.0.0.2 as follows:

Linux
$ bin/server.sh -b 127.0.0.2
Windows
bin\server.bat -b 127.0.0.2

2.2. Socket Bindings

Socket bindings map endpoint connectors to server interfaces and ports.

By default, Data Grid servers provide the following socket bindings: 

<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
    <socket-binding name="default" port="${infinispan.bind.port:11222}"/>
    <socket-binding name="memcached" port="11221"/>
</socket-bindings>
  • socket-bindings declares the default interface and port offset.
  • default binds to hotrod and rest connectors to the default port 11222.

  • memcached binds the memcached connector to port 11221.

    Note

    The memcached endpoint is disabled by default.

To override the default interface for socket-binding declarations, specify the interface attribute.

For example, you add an interface declaration named "private": 

<interfaces>
  ...
  <interface name="private">
    <inet-address value="10.1.2.3"/>
  </interface>
</interfaces>

You can then specify interface="private" in a socket-binding declaration to bind to the private IP address, as follows: 

<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
  ...
  <socket-binding name="private_binding" interface="private" port="1234"/>
</socket-bindings>

2.2.1. Specifying Port Offsets

Configure port offsets with Data Grid servers when running multiple instances on the same host. The default port offset is 0.

Use the -o switch with the Data Grid CLI or the infinispan.socket.binding.port-offset system property to set port offsets.

For example, start a server instance with an offset of 100 as follows. With the default configuration, this results in the Data Grid server listening on port 11322.

Linux
$ bin/server.sh -o 100
Windows
bin\server.bat -o 100

2.3. Data Grid Protocol Handling

Data Grid servers use a router connector to expose multiple protocols over the same TCP port, 11222. Using a single port for multiple protocols simplifies configuration and management and increases security by reducing the attack surface for unauthorized users.

Data Grid servers handle HTTP/1.1, HTTP/2, and Hot Rod protocol requests via port 11222 as follows:

HTTP/1.1 upgrade headers
Client requests can include the HTTP/1.1 upgrade header field to initiate HTTP/1.1 connections with Data Grid servers. Client applications can then send the Upgrade: protocol header field, where protocol is a Data Grid server endpoint.
Application-Layer Protocol Negotiation (ALPN)/Transport Layer Security (TLS)
Client applications specify Server Name Indication (SNI) mappings for Data Grid server endpoints to negotiate protocols in a secure manner.
Automatic Hot Rod detection
Client requests that include Hot Rod headers automatically route to Hot Rod endpoints if the single port router configuration includes Hot Rod.

2.3.1. Configuring Clients for ALPN

Configure clients to provide ALPN messages for protocol negotiation during TLS handshakes with Data Grid servers.

Prerequisites

  • Enable Data Grid server endpoints with encryption.

Procedure

  1. Provide your client application with the appropriate libraries to handle ALPN/TLS exchanges with Data Grid servers.

    Note

    Data Grid uses Wildfly OpenSSL bindings for Java.

  2. Configure clients with trust stores as appropriate.

Programmatically

ConfigurationBuilder builder = new ConfigurationBuilder()
      .addServers("127.0.0.1:11222");

builder.security().ssl().enable()
      .trustStoreFileName("truststore.pkcs12")
      .trustStorePassword(DEFAULT_TRUSTSTORE_PASSWORD.toCharArray());

RemoteCacheManager remoteCacheManager = new RemoteCacheManager(builder.build());
RemoteCache<String, String> cache = remoteCacheManager.getCache("default"");

Hot Rod client properties

infinispan.client.hotrod.server_list = 127.0.0.1:11222
infinispan.client.hotrod.use_ssl = true
infinispan.client.hotrod.trust_store_file_name = truststore.pkcs12
infinispan.client.hotrod.trust_store_password = trust_store_password

Reference