redis_cluster-防火墙操作最佳实践【转】

• redis在做防火墙配置时，只需要打开对应的防火墙端口即可。如配置文件中port指定为6379,那就只要开一个6379.指定6380那就仅仅开个6380即可。

• 但在redis_cluster集群中，redis的端口必须开二个，一个是配置文件中port所指定的。另一个则必须在port指定端口中加10000整数后得出。如配置文件中port指定了6379，则在集群环境中必须开设出16379端口用于通信

• 在用rdis-trib.rb create 做集群初始配置时，当在确认完集群分配后，等待redis cluster 加入时，一直在等

>>> Nodes configuration updated
>>> Assign a different config epoch to each node
>>> Sending CLUSTER MEET messages to join the cluster 
aiting for the cluster to join..............................................................

官方给的解释如下：

Redis Cluster TCP ports

Every Redis Cluster node requires two TCP connections open. The normal Redis TCP port used to serve clients, for example 6379, plus the >port obtained by adding 10000 to the data port, so 16379 in the example.

This second high port is used for the Cluster bus, that is a node-to-node communication channel using a binary protocol. The Cluster bus >is used by nodes for failure detection, configuration update, failover authorization and so forth. Clients should never try to communicate >with the cluster bus port, but always with the normal Redis command port, however make sure you open both ports in your firewall, >otherwise Redis cluster nodes will be not able to communicate.

The command port and cluster bus port offset is fixed and is always 10000.

Note that for a Redis Cluster to work properly you need, for each node:

The normal client communication port (usually 6379) used to communicate with clients to be open to all the clients that need to reach the cluster, plus all the other cluster nodes (that use the client port for keys migrations).
The cluster bus port (the client port + 10000) must be reachable from all the other cluster nodes.

If you don't open both TCP ports, your cluster will not work as expected.

The cluster bus uses a different, binary protocol, for node to node data exchange, which is more suited to exchange information between >nodes using little bandwidth and processing time.