Re: [leshan-dev] Leshan cluster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [leshan-dev] Leshan cluster

From: Julien Vermillard <jvermillard@xxxxxxxxx>
Date: Mon, 15 Feb 2016 14:59:20 +0100
Delivered-to: leshan-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/leshan-dev>
List-help: <mailto:leshan-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=unsubscribe>

Hi Paul,

Neither HA-proxy, nor ningx support UDP or CoAP.

This could solve part of scalability problem by offloading the DTLS processing of the leshan server.
This could be a good idea, but now the biggest challenge we have is the token matching for observe and this solution won't have an impact on it :(

In a second step that could be interesting, for example to use a more CPU optimised AES/TLS implementation like the one in OpenSSL and built a CoAP reverse proxy to use a load-balancer.
Now since we want both way authentication using per endpoint credentials (PSK and RPK) we need to pass the result of the authentication back to the backend server.
In HTTP world this is done by adding a HTTP header, we could imagine sending it as a CoAP option. So we need to build a CoAP reverse proxy able to change the CoAP messages.

But I see it more as a performance/infrastructure optimisation.

--
Julien Vermillard

On Fri, Feb 12, 2016 at 6:28 PM, <szego@xxxxxx> wrote:

Regarding security and the proposed network infrastructure, has anyone considered how we might support DTLS termination at the load-balancer layer? I’m thinking along the lines of how HTTP load balancers can handle TLS termination (e.g. HAProxy, nginx) out in the DMZ.

I’m keen to see that whatever we arrive at doesn’t preclude this.

Regards, Paul.

On 11 Feb 2016, at 7:10 AM, Julien Vermillard <jvermillard@xxxxxxxxx> wrote:

Hi,
Following the discussion we had during the last meeting:
https://github.com/eclipse/leshan/wiki/Cluster
Please feel free to comment/edit
--
Julien Vermillard

_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev

_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev

Follow-Ups:
- Re: [leshan-dev] Leshan cluster
  - From: Maier Daniel (INST/ECS4)

References:
- [leshan-dev] Leshan cluster
  - From: Julien Vermillard
- Re: [leshan-dev] Leshan cluster
  - From: szego

Prev by Date: Re: [leshan-dev] Leshan cluster
Next by Date: Re: [leshan-dev] Release Process
Previous by thread: Re: [leshan-dev] Leshan cluster
Next by thread: Re: [leshan-dev] Leshan cluster
Index(es):
- Date
- Thread

Breadcrumbs