[zeromq-dev] [PATCH] Introduce ZMQ_ROUTER and ZMQ_DEALER sockets

Fabien Niñoles fabien.ninoles at gmail.com
Mon Jun 20 14:20:32 CEST 2011


2011/6/20 Pieter Hintjens <ph at imatix.com>:
> Nice move. DEALER sockets are simple, nothing to change there. For
> ROUTER sockets, I'd propose moving to 'schemed identities':
>
>    schemename :// addressvalue
>
> Where schemename is a 0MQ transport (e.g. "tcp", "pgm", etc.) and
> addressvalue is the address of the remote peer (sender node or device)
> according to the semantics and syntax of the transport.
>
> A typical addressvalue would consist of host IP address, ":", and port number.
>
> This would be rather more useful than opaque identities. It's the way
> VTX is implementing ROUTER sockets.

Hi Pieter,

Could you develop a little more on the new schemed identities ?  Would
it be used only for back stack addressing or for all transient
identities ?  How would they be distinguished from permanent
identities ?  Would it still behave as transiented (queue dropping,
etc.) ?

Right now, all usage of such identity, apart from debugging/monitoring
purpose, seems flawed to me.  Considering an IP with a transient port
to be a safe identity is unsecure at best, and any scheme based on
such data would not be able to scale correctly.  The only added
security is corporate level policy like "no request could come from an
external IP" which should probably be handled in a L7 firewall instead
of in the application.

I would be very interested to see a real use case for such identity.

Fabien



More information about the zeromq-dev mailing list