Table of Contents
Advertisement
Using this type of network setup means that there are two zones of MySQL Cluster hosts. Each
cluster host must be able to communicate with all of the other machines in the cluster, but only
those hosting SQL nodes (dotted box) can be permitted to have any contact with the outside, while
those in the zone containing the data nodes and management nodes (solid box) must be isolated
from any machines that are not part of the cluster. Applications using the cluster and user of those
applications must not be permitted to have direct access to the management and data node hosts.
To accomplish this, you must set up software firewalls that limit the traffic to the type or types
shown in the following table, according to the type of node that is running on each cluster host
computer:
Type of Node to be
Accessed
SQL or API node
Data node or
Management node
Any traffic other than that shown in the table for a given node type should be denied.
The specifics of configuring a firewall vary from firewall application to firewall application, and are
beyond the scope of this Manual.
which is often used with
consult the documentation for the software firewall that you employ, should you choose to
MySQL Cluster Security Issues
Traffic to Permit
• It originates from the IP address of a management or data node (using
any TCP or UDP port).
• It originates from within the network in which the cluster resides and is
on the port that your application is using.
• It originates from the IP address of a management or data node (using
any TCP or UDP port).
• It originates from the IP address of an SQL or API node.
is a very common and reliable firewall application,
iptables
as a front end to make configuration easier. You can (and should)
APF
1687
Advertisement
Chapters
Table of Contents
Troubleshooting
