Understanding network under the hood with cross cluster search

Hi, i would like to understand - is the communication made from coordinator node to the remote clusters done the same way as communication between nodes in single cluster, in tcp?
Or is there a http connection done there?
Can you link a description on the internals of this communication?


The way that CCS works "under the hood" is something of an implementation detail. As it stands today, remote cluster connections use the so-called transport protocol, just like connections between nodes in a single cluster. This means that Elasticsearch opens multiple parallel TCP connections and keeps them open for an extended period of time even when they're not in use. However there's no real guarantee this'll be true in all future versions.

Not really. The internals are an implementation detail, so there isn't a lot to document outside of the code and its tests. If you have a more specific question, perhaps about how to set up your network for CCS, then perhaps we can help with that.

Great, thanks.
I am asking as a part of my attempt to understand how to secure the cluster when using CCS.
If the communication is as you say, it means that i can't use http & ssl for encryption.
As there a way to secure this other then using the security plugin (which was added on 6.8 but we are currently using version 5.6 ).

The security plugin does exist in 5.6, although it's not covered by the basic licence there. But upgrading is recommended, because 5.6 is past the end of its supported life.

I think the simplest way to secure communications between two 5.6 clusters without the security plugin would be to set up a VPN, because this should be transparent to Elasticsearch.

1 Like

Great, thanks for the reply.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.