[zeromq-dev] ELI5: Why can't I get the IP address of the machine that sent a message?

Pieter Hintjens ph at imatix.com
Fri Sep 26 09:39:02 CEST 2014

In general the IP address is a bad fit for either "node identifier" or
"application identifier". It assumes that we're working on TCP/IP (or
UDP). If you use this in any serious way, your work becomes tied to
the "one node per box" scale.

Look at a framework like Zyre and you'll see what I mean. Sure, it can
use TCP to interconnect, but it can also use IPC and inproc. A box
doesn't need any network interfaces at all to run a Zyre cluster. You
cannot imagine getting one IP address per node. You can't log,
authenticate, filter, or do anything useful at all with IP addresses.

So Zyre uses UUIDs and short names for nodes.

There are only a few places where IP addresses are useful. One, is in
a classic wire-area client-server network where you want to detect and
report buggy clients or malicious clients. So libzmq does let you
access metadata for messages, and that includes (I think, else we can
add it) the originating IP address. Two, is to block malicious IP
addresses, though it's been argued that is a firewall issue. So, ZAP
passes the IP address to the authenticator and you can trivially
whitelist or blacklist addresses.


1. IP addresses are a poor fit for identity
2. IP addresses don't even exist in many ZeroMQ transports

Meaning, exposing IP addresses to applications by default would lead
us to building systems that were not scalable.

That's the argumentation.


On Fri, Sep 26, 2014 at 12:36 AM, Elliot Saba <staticfloat at gmail.com> wrote:
> A while back I ran into this same issue; my solution was to have the client
> transmit an identifier (in my case, the public IP) when it first connects.
> Annoying that this isn't possible (to my knowledge) using only ZMQ APIs, but
> not the end of the world.
> -E
> On Thu, Sep 25, 2014 at 7:46 AM, Scott <alcoholiday at gmail.com> wrote:
>> On Wed, Sep 24, 2014 at 7:45 PM, Goswin von Brederlow <goswin-v-b at web.de>
>> wrote:
>>> As a side note: The monitoring interface exposes the IP address. You
>>> can use that to monitor who connects (for logging purposes).
>> Well that's useful to know!
>> To be clear, we aren't interested in using IP for security purposes, but
>> primarily for debuging purposes.
>> Thanks!
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

More information about the zeromq-dev mailing list