broadcast_address is the address exposed for internal inter-node communication, while rpc_address is the address that will listen to clients.
all nodes need to talk to each other via the broadcast_address, so if they are within the same network, you may use public or private IPs as broadcast_address, but if there's at least one node in a different network they all need to use the public IP, or you need to setup your own tunnelling/vpn to make sure nodes can reach each other. You need to setup your own firewall rules. See more about what ports are used here: https://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureFireWall_r.html. You may also be interested in setting up client authentication: https://docs.datastax.com/en/cassandra/2.1/cassandra/security/security_config_native_authenticate_t.html 2016-01-17 15:09 GMT-03:00 Francisco Reyes <li...@natserv.net>: > Setting up my first Cassandra cluster. > > Does one need to setup broadcast_address to public in all the nodes like > this? > node 1 - colo 1 - broadcast points to public IP > node 2 - colo 1 - broadcast points to public IP > ..... > node n - colo 1 - broadcast points to public IP > > node 4 - colo 2 - broadcast points to public IP > node 5 - colo 2 - broadcast points to public IP > > Or can it be like: > node 1 - colo 1 - broadcast points to internal > node 2 - colo 1 - broadcast points to internal > ..... > node n - colo 1 - broadcast points to public IP > > node 4 - colo 2 - broadcast points to internal > node 5 - colo 2 - broadcast points to public IP > > Is there a way to restrict what IPs are allowed to connect to the DB at > the Cassandra level or one has to setup a firewall at the OS level? >
