Apache Ignite Users

Ignite communicating with non ignite servers

classic Classic list List threaded Threaded
7 messages Options
ignite_user2016 ignite_user2016
Reply | Threaded
Open this post in threaded view
|

Ignite communicating with non ignite servers

Recently, we migrated ignite to JDK11, all works well except when we run our
security scan, ignite node tries to connect on that servers and result in
out of memory and heap dump errors.

Is it possible where we can stop that scan server connecting to ignite ?

Any configuration ?

help is much appreciated.

And I have observed that ignite visor is also broken where it cant give us
the states for nodes, memory and CPU.

Thanks..
Rishi



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ezhuravlev ezhuravlev
Reply | Threaded
Open this post in threaded view
|

Re: Ignite communicating with non ignite servers

Hi,

What security scan tool do you use?

Evgenii

пн, 21 сент. 2020 г. в 09:03, ignite_user2016 <[hidden email]>:
Recently, we migrated ignite to JDK11, all works well except when we run our
security scan, ignite node tries to connect on that servers and result in
out of memory and heap dump errors.

Is it possible where we can stop that scan server connecting to ignite ?

Any configuration ?

help is much appreciated.

And I have observed that ignite visor is also broken where it cant give us
the states for nodes, memory and CPU.

Thanks..
Rishi



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ignite_user2016 ignite_user2016
Reply | Threaded
Open this post in threaded view
|

Re: Ignite communicating with non ignite servers

we use Nessus security tool, and the module is Tenable.sc which scans the
vulnerability on spring boot app which runs with ignite client.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Ignite communicating with non ignite servers

In reply to this post by ignite_user2016
Hello!

Well, you could enable SSL on all ports, in this case you can block off the security scanner.

Regards,
-- 
Ilya Kasnacheev


пн, 21 сент. 2020 г. в 19:03, ignite_user2016 <[hidden email]>:
Recently, we migrated ignite to JDK11, all works well except when we run our
security scan, ignite node tries to connect on that servers and result in
out of memory and heap dump errors.

Is it possible where we can stop that scan server connecting to ignite ?

Any configuration ?

help is much appreciated.

And I have observed that ignite visor is also broken where it cant give us
the states for nodes, memory and CPU.

Thanks..
Rishi



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ignite_user2016 ignite_user2016
Reply | Threaded
Open this post in threaded view
|

Re: Ignite communicating with non ignite servers

This post was updated on .
We never had this issue on JDK8 and it run with lower memory 2g but now switch to JDK11 and 4g memory is not sufficent.

We have SSL enabled on all servers but some how it s trying to attempt
connection on SSL causing heap dumps. Is there a way to disable to external
server try connecting to ignite ?

2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%]
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client
disconnected abruptly due to network connection loss or because the
connection was left open on application shutdown. [cls=class
o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data:
GridSelectorNioSessionImpl [worker=DirectNioClientWorker
[super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0,
bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker
[name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid,
finished=false, heartbeatTs=1599796365124, hashCode=1230825885,
interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768], inRecovery=null,
outRecovery=null, closeSocket=true,
outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1,
super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN*
SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0,
bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124,
lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Ignite communicating with non ignite servers

Hello!

I don't think it should cause heap dumps. Here you are showing just a warning. This warning may be ignored.

It's outside of scope of Apache Ignite to disable something else to try connecting to it. If you have invasive security port scanning, you will expect to see warnings/errors in the logs of any network application.

Regards,
--
Ilya Kasnacheev


вт, 22 сент. 2020 г. в 16:26, ignite_user2016 <[hidden email]>:
We have SSL enabled on all servers but some how it s trying to attempt
connection on SSL causing heap dumps. Is there a way to disable to external
server try connecting to ignite ?

2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%]
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client
disconnected abruptly due to network connection loss or because the
connection was left open on application shutdown. [cls=class
o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data:
GridSelectorNioSessionImpl [worker=DirectNioClientWorker
[super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0,
bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker
[name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid,
finished=false, heartbeatTs=1599796365124, hashCode=1230825885,
interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768], inRecovery=null,
outRecovery=null, closeSocket=true,
outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1,
super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN*
SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0,
bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124,
lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ezhuravlev ezhuravlev
Reply | Threaded
Open this post in threaded view
|

Re: Ignite communicating with non ignite servers

Hi,

Can you please tell what scan were you running? I want to reproduce this issue using tenable.sc.

Thank you,
Evgenii


вт, 22 сент. 2020 г. в 06:55, Ilya Kasnacheev <[hidden email]>:
Hello!

I don't think it should cause heap dumps. Here you are showing just a warning. This warning may be ignored.

It's outside of scope of Apache Ignite to disable something else to try connecting to it. If you have invasive security port scanning, you will expect to see warnings/errors in the logs of any network application.

Regards,
--
Ilya Kasnacheev


вт, 22 сент. 2020 г. в 16:26, ignite_user2016 <[hidden email]>:
We have SSL enabled on all servers but some how it s trying to attempt
connection on SSL causing heap dumps. Is there a way to disable to external
server try connecting to ignite ?

2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%]
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client
disconnected abruptly due to network connection loss or because the
connection was left open on application shutdown. [cls=class
o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data:
GridSelectorNioSessionImpl [worker=DirectNioClientWorker
[super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0,
bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker
[name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid,
finished=false, heartbeatTs=1599796365124, hashCode=1230825885,
interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768], inRecovery=null,
outRecovery=null, closeSocket=true,
outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1,
super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN*
SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0,
bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124,
lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Free forum by Nabble Edit this page