On 02/01/2018 21:25, Steven Schlansker wrote:
:
This would definitely be better than nothing! But it's still difficult, for
example a common allocation pattern for us would be to assign networks to
availability zones:
10.0.1.0/24 10.0.2.0/24 10.0.3.0/24
then if you pick the same last number for a well known service, you might end
up with instances at 10.0.1.2, 10.0.2.2, 10.0.3.2 -- so depending on which
octets are obscured you may end up with no useful information.
The triggering incident for us was that one of our Amazon ELBs started
responding incorrectly (blackholing data) --
so when you resolve "my-elb-1.amazonaws.amazon.com" you'd get three different
IP addresses, and depending on which one
is picked for the connect operation, you'll get all data blackholed.
Socket/SocketChannel connect take a single address, not a hostname that
is potentially mapped to multiple addresses. Maybe you mean the Socket
constructors that takes a hostname and do the lookup before attempt to
establish a connection?
In any case, if the exception message includes the address/port details
then it shouldn't matter which constructors are used. Also note that
when you look at the non-blocking cases then you'll see the exception is
thrown by finishConnect, not connect. This is nothing reason to handle
this completely in java and avoid changes to the native code.
-Alan
