How nodes are connected to each other
Nodes are connected to each other through TCP channels. Through the channels, the nodes communicate with each other. These connections are open all the time.
To create the TCP channels, nodes must act as TCP servers or TCP clients. Many nodes have both functions as well. For a node to start the server or client, an entry in the configuration is sufficient.
Here is a sample configuration file for a TCP server.
#nyssr .net preference.node.name=tcp/server/MyServer preference.node.clear.first=false preference.key.overwrite.existing=true # payloadid =2a6508e7-08ee-43b3-9d93-ed6fa2b0e437 tls.enabled=true tls.protocols=TLSv1.3 tls.cipher.suites=TLS_AES_128_GCM_SHA256 input.buffer.size=300000 port=20000
Here is a sample configuration file for a TCP client.
#nyssr .net preference.node.name=tcp/client/MyClient preference.node.clear.first=false preference.key.overwrite.existing=true # payloadid =bcc4a8d0-67e0-44a5-a076-34bfef286049 tls.enabled=true tls.protocols=TLSv1.3 tls.cipher.suites=TLS_AES_128_GCM_SHA256 host=127.0.0.1 port=20000 input.buffer.size=300000 retry.timeout=5000
Many of these settings are optional.
If several servers or clients are to be opened (which is normal), several files of this type are simply placed in
the configuration directory.
The names of the files are not important.
Important is the preference.node.name
, which must be different (
id
(
Client retry timeout
For clients, you can specify a retry timeout in milliseconds. If the timeout is greater than 0 and a connection attempt fails, the client will try to reach the server again after this timeout. This also allows you to reboot individual nodes, since the nodes reconnect immediately and the network is functional again.
TLS
Keystore and Truststore
To use TLS in version 1.3, we need a keystore and a truststore. Both are given to the VM.
-Djavax.net.ssl.keyStore=c:\work\serverkeystore.jks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=c:\work\clienttruststore.jks -Djavax.net.ssl.trustStorePassword=password
To create the two files (for development purposes) we use the Java keytool. For production, one certainly uses purchased certificates.
// Create keystore with certificate keytool -genkey -keypass password -storepass password-keyalg RSA -keystore serverkeystore.jks // Export certificate (Creates a server.cer file) keytool -export -storepass password -file server.cer -keystore serverkeystore.jks // Create truststore keytool -import -v -trustcacerts -file server.cer -keypass password -storepass password -keystore clienttruststore.jks
It is important here to use the
Other protocols
You can also use other protocols via the tls.protocols
and tls.cipher.suites
keys.
You can also use multiple protocols and cipher suites.
The individual entries are then separated with commas.