Mark's questions

How do I configure iptables so that only UDP packets that contain a specific string are allowed as an INPUT?

For example, I would like only UDP packets that contain the string version to be allowed.

I would like to configure the following multi-datacenter Cassandra cluster:

• DC-EUROPE has 3 Cassandra nodes (1.1.1.1, 1.1.1.2, 1.1.1.3)
• DC-ASIA has 3 Cassandra nodes (2.2.2.1, 2.2.2.2, 2.2.2.3)
• Each DC has an eventually consistent full-copy (1:1) of the keyspace. Services running in DC-EUROPE will always query DC-EUROPE and services running in DC-ASIA will always query DC-ASIA.
• The data has a replication factor of 2 across the 3 nodes in each DC.

How could I setup this configuration using NetworkTopologyStrategy ?

I'm trying to implement a throttling feature on nginx, that is shared across multiple servers across multiple datacenters. I would like to know what would be the best practice for building this.

For example, let's say that I have an HTTP API running on two cluster of servers (behind a load balancer) located in two different datacenters. I would like to throttle a developer by his api-key to 1000 requests/hour. The developer has built a mobile application, which means that depending where his final users are, requests will be server by both locations (the closest datacenter).

How would you enforce throttling in this particular scenario?

I wonder which ones of the following load balancers is able to detect an unavailable backend machine, and redirect the connection to another server without dropping the request:

• nginx
• AWS Elastic Load Balancer
• HAProxy

I'm new to upstart, and I would like to know if there's a way to tell upstart to execute a specific command only at system startup, and not when the application is subsequently restarted from the command line. For example, I have the following upstart configuration:

#!upstart
description "Hello World"
author      "me"

start on (local-filesystems and net-device-up)
stop on shutdown

script
    export HOME="/root"
    echo $$ > /var/run/hello-world.pid
    exec /usr/local/bin/hello-world
end script

pre-start script
    # Date format same as (new Date()).toISOString() for consistency
    echo "[`date -u +%Y-%m-%dT%T.%3NZ`] Hello World Starting" >> /var/log/hello-world.sys.log
end script

pre-stop script
    rm /var/run/hello-world.pid
    echo "[`date -u +%Y-%m-%dT%T.%3NZ`] Hello World Stopping" >> /var/log/hello-world.sys.log
end script

That successfully starts the application on startup. If I execute:

/sbin/start hello-world

This starts the application again: I would like to execute a specific command only when the system is started up, and not when the application is started up, like:

First execution:

1. The system starts up
2. Upstart is executed
3. A specific system startup script is executed
4. The application, hello-world, is executed

Second execution using /sbin/start hello-world:

1. Only execute application without executing the specific startup script

Is there a way for doing this?

If I make an HTTP request to:

https://hello.domain.com

will the connection also encrypt the domain address (hello.domain.com) ? So that sniffing the traffic still makes it impossible to guess what the requested DNS address is.

Note: I'm talking about the DNS address, not the resolved IP address.

Is there a tool that simplifies the auto-scaling group management? XML-based, UI-based, etc.

Thanks

So I'm trying to accept connections on port 80 only from those IPs whose reverse DNS has a CNAME alias like, for example, *.test.mydomain.com:

1.1.1.1 resolves to boo.foo.com

and

*.test.mydomain.com CNAME boo.foo.com

then accept the connection.

Any tips?

Is it possible to assign an Elastic IP to a Load Balancer?

So I'm using ELB to load balance incoming requests. Is it possibile to make the ELB listen on two ports and, for example, route all the request made to port 80 to a specific set of instances, and route all the other request (to port 443), to another specific set of instances?

Thanks