1

I am testing some DataStax Enterprise clusters in different AWS regions and working on a desirable architecture.

Currently - I have one cluster with datacenters in us-east, us-west, and eu-ireland. I am letting region = data center, availability zone = rack. I can see all three datacenters in OpsCenter.

All of the nodes are in private subnets and I'm using NAT and VPN instances to enable communication between regions (https://aws.amazon.com/articles/5472675506466066). This works ok in testing.

The questions are:

  1. Is this a good architecture for redundancy/disaster recovery purposes? would a separate cluster in each region offer any additional benefit?
  2. Is there a way to get VPN load-balancing between regions?
LHWizard
  • 546
  • 4
  • 11
  • How'd it go? I am looking at Cassandra in EC2 with EC2MultiRegionSnitch, but have VPN between regions, so am considering using private ips... – mtyson Apr 20 '15 at 14:27
  • I successfully set up a 2-region, 3-node cluster (2 in us-east and 1 in us-west) using VPN tunnels between the two AWS regions. It was a proof-of-concept but it definitely worked. Significant latency between the regions as expected. Security groups had to be opened up to the C* ports. NTP is important. I was concerned about the VPN instances as a SPOF. Ec2MultiRegionSnitch is required and then you need to configure the dc and rack properties file. – LHWizard Apr 21 '15 at 14:35
  • I have the same setup working ,except I am still using the gossipingpropertyfile snitch. Since the VPN makes the private IPs visible, I am just using those for seed/broadcast ips. Do you think using public IPs would be less latency (instead of over VPN)? I shied away from this because it implied every cassandra node has a public ip... – mtyson Apr 21 '15 at 15:04
  • I created a second POC cluster using public IPs. I spent way too much time configuring SSL for inter-node communication and I still didn't get client-to-node communication encrypted to my satisfaction (as well as trying to setup SSL for thift, etc) Region-to-region communication takes place over the open internet, so latency is still of concern, but I think it can be dealt with. – LHWizard Apr 21 '15 at 15:13

0 Answers0