MySQL Forums
Forum List  »  NDB clusters

Re: NDB Cluster node-to-node cryptography
Posted by: Mikael Ronström
Date: August 24, 2018 01:55AM

Sounds like an interesting project.

The communication between nodes in NDB is handled by
transporters. You will find the common code for
transporters in storage/ndb/src/common/transporter.

There is also specific code for the NDB API in
storage/ndb/src/ndbapi and there is specific code for
the NDB data nodes in storage/ndb/src/kernel/vm.

The communication between 2 nodes in NDB is always
handled through one socket. There is a setup phase
that uses a text-based protocol, this part is half-duplex.

After this text-based protocol setup we use a full-duplex
protocol where we send signals.

Signals have a specific format that always starts with
3 words of 4 bytes.

There are two ways I would say to achieve your goal.
1) Convert transporters to use SSL
2) Convert the low-level protocol to include encryption bit in header

I have built a hobby project in C that uses SSL for the connections.
But this was using new code, so I haven't tried changing the NDB
code to use SSL transporters. But I am sure it should be very doable.

The second approach is to convert the signals to encrypted signals just
before sending and decrypt them when receiving the signals.

The receive part would then be handled in
storage/ndb/src/common/transporter/Packer.cpp in unpack_one.

The send part is in storage/ndb/src/commmon/transporter/TransporterRegistry.cpp
in the method prepareSendTemplate.

Options: ReplyQuote

Written By
Re: NDB Cluster node-to-node cryptography
August 24, 2018 01:55AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.