Sounds good to me. I like the idea of using a proxy instead of the --hostname-for-clients solution where you cannot specify the particular server of which to connect. And it seems good to use the same approach that was used for "off platform" clients.
Aaron ________________________________________ From: Bruce Schuchardt <bru...@vmware.com> Sent: Monday, August 3, 2020 9:00 AM To: dev@geode.apache.org Subject: [DISCUSS] proposal for WAN support of an ingress proxy In some environments it’s expensive to provide all server machines with externally-resolvable hostnames. We recently added support for “off platform” clients to access servers through an ingress proxy<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FGEODE%2FClient%2Bside%2Bconfiguration%2Bfor%2Ba%2BSNI%2Bproxy&data=02%7C01%7Calindsey%40vmware.com%7C0b91131a69294c16c85808d837c657c1%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637320672304750396&sdata=k6Na4yskgjRiyg4ehsGnpjgH0E53lpYMoMY9fPKrd2s%3D&reserved=0> for this type of environment. I’m proposing to do the same for inter-cluster (“WAN”) communications. https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FGEODE%2FWAN%2BConfiguration%2Bfor%2Ban%2BIngress%2BProxy&data=02%7C01%7Calindsey%40vmware.com%7C0b91131a69294c16c85808d837c657c1%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637320672304750396&sdata=V839395xkQA3i2UChAUpFpTnvOGVP%2B8xTqZlHQSE69M%3D&reserved=0 This improvement will allow one cluster to forward events to another cluster even though the other cluster’s machines do not have resolvable hostnames. Communications will go through a Proxy process hosted in the other cluster with a resolvable hostname. The user-visible changes in this proposal are small, changing the “remote-locators” setting to allow for a new syntax. I’m not proposing to implement a Proxy. There are numerous Proxy products available that could fit into this scheme such as HAProxy, Envoy, and NGIX. I will probably start with an SNI-based implementation and leverage work already done for client/server communications. Please provide feedback by the end of 14 august. Thanks!
