[nanomsg] Re: RFC links

  • From: Paul Colomiets <paul@xxxxxxxxxxxxxx>
  • To: Martin Sustrik <sustrik@xxxxxxxxxx>
  • Date: Fri, 16 Aug 2013 17:18:45 +0300

Hi,

On Fri, Aug 16, 2013 at 8:15 AM, Martin Sustrik <sustrik@xxxxxxxxxx> wrote:
> On 14/08/13 22:08, Paul Colomiets wrote:
>
>> Isn't the good way to solve the problem is to declare that your
>> service requires ports 5550-5650? One may declare that port 5555 used
>> for requests 5556 for heartbeats and 5557-5650 are reserved for future
>> use.
>
>
> That's like asking for a carte blanche: "Please open these 100 ports for me.
> I don't know what I'll use them for yet, but they may come handy in the
> future." Not sure it's much different from opening a TCPMUX port.
>

Yes. This is a key point. From point of view of security it's the
same. From point of view of network management different ports are
better (e.g. to understand which service is being DoS-attacked, etc.)

But anyway, as far as I understand there is a external daemon for
handing TCPMUX, and the job of nanomsg is to be able to receive socket
using SCM_RIGHTS. So, I think we can allow nanomsg to nn_listen() and
nn_connect() to an "fd://1234". So it can serve other purposes too:

1. Bind privileged port, pass it as file descriptor
2. Use nanomsg over unix pipe
3. Share listening socket between (forked) processes
4. Accept socket via SCM_RIGHTS and pass it to nanomsg

This way we allow the functionality but does not hardcode the nanomsg
to a specific implementation of TCPMUX (there is no standard for local
communication with TCPMUX-daemon, right?)

Thoughts?

> Btw, for the sake of discussion, the guys at IETF pointed me to this
> document:
>
> http://tools.ietf.org/id/draft-touch-tcp-portnames-00.txt
>

The change to TCP is not going to happen, but it contains nice summary
of current state of affairs. Also it's unclear why it haven't done for
IPv6 :( BTW, with the IPv6 the port problem does not exists, because
everybody can have any number of ip addresses with single port, right?

Also there is mentioned RPCBIND. As far as I understand it can help us
to build complex projects with multiple services with the
configuration along the lines of:

project: foo
hosts: [10.0.0.1, 10.0.0.2, 10.0.0.3]

That having the service ports for hundreds of internal services
discovered by RPCBIND. Have it ever been considered for nanomsg? Or
does it fall out of scope of the library?

-- 
Paul

Other related posts:

  1. Home
  2. nanomsg
  3. Archive
  4. 08-2013