How nodes are connected to each other

Connection, van Gogh

Nodes are connected to each other through TCP channels. Through the channels, the nodes communicate with each other. These connections are open all the time.

To create the TCP channels, nodes must act as TCP servers or TCP clients. Many nodes have both functions as well. For a node to start the server or client, an entry in the configuration is sufficient.

Here is a sample configuration file for a TCP server.

# nyssr.net
preference.node.name=tcp/server/MyServer
preference.node.clear.first=false
preference.key.overwrite.existing=true

# payload
id=2a6508e7-08ee-43b3-9d93-ed6fa2b0e437
tls.enabled=true
tls.protocols=TLSv1.3
tls.cipher.suites=TLS_AES_128_GCM_SHA256
input.buffer.size=300000
port=20000

Here is a sample configuration file for a TCP client.

# nyssr.net
preference.node.name=tcp/client/MyClient
preference.node.clear.first=false
preference.key.overwrite.existing=true

# payload
id=bcc4a8d0-67e0-44a5-a076-34bfef286049
tls.enabled=true
tls.protocols=TLSv1.3
tls.cipher.suites=TLS_AES_128_GCM_SHA256
host=127.0.0.1
port=20000
input.buffer.size=300000
retry.timeout=5000

Many of these settings are optional.

If several servers or clients are to be opened (which is normal), several files of this type are simply placed in the configuration directory. The names of the files are not important. Important is the preference.node.name, which must be different ( green ), and a unique id ( blue ).

Client retry timeout

For clients, you can specify a retry timeout in milliseconds. If the timeout is greater than 0 and a connection attempt fails, the client will try to reach the server again after this timeout. This also allows you to reboot individual nodes, since the nodes reconnect immediately and the network is functional again.

TLS

nyssr.net uses Java 8 to support as many projects as possible. Higher version numbers are of course also supported. TLS version 1.3 is unfortunately not supported in OpenJDK. However, we use Eclipse Temurin™ Java 8, which brings a backport for TLS 1.3.

Keystore and Truststore

To use TLS in version 1.3, we need a keystore and a truststore. Both are given to the VM.

-Djavax.net.ssl.keyStore=c:\work\serverkeystore.jks
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=c:\work\clienttruststore.jks
-Djavax.net.ssl.trustStorePassword=password

To create the two files (for development purposes) we use the Java keytool. For production, one certainly uses purchased certificates.

// Create keystore with certificate
keytool -genkey -keypass password -storepass password -keyalg RSA -keystore serverkeystore.jks
// Export certificate (Creates a server.cer file)
keytool -export -storepass password -file server.cer -keystore serverkeystore.jks
// Create truststore
keytool -import -v -trustcacerts -file server.cer -keypass password -storepass password -keystore clienttruststore.jks

It is important here to use the RSA key algorithm to make TLS 1.3 work.

Other protocols

You can also use other protocols via the tls.protocols and tls.cipher.suites keys. You can also use multiple protocols and cipher suites. The individual entries are then separated with commas.

nyssr.net - Innovative Distributed System