Problem description
In the use of security detection tools for Azure Redis When the service port is scanned , Find out Redis It's open to the outside world 13001, 13000,15000,15001 port . What's very incomprehensible is , It's only open on the portal 6379,6380 These two ports . That's why 1300N and 1500N The port will be open ? And it's open to the public network ?
adopt tcpping Redis hostname 13000/13001/15000/15001 test , All are OK ping through .
Yes 6379,6380 It's also open
that , Why is that ?
Problem analysis
In fact, we need to start from Redis Let's talk about , because Redis Need to achieve high availability (“ standard ” or “ senior ” In the hierarchy ), therefore Azure Cache for Redis In pairs Redis Running on the server . These two servers are hosted in dedicated VM On , go by the name of Master/Slave, Also known as Lord / From the node (Primay Node / Replica Node).
Redis Only one server is allowed to handle data write requests , This one The server is the primary node , And the other server is the replica . After configuring the server node ,Azure Cache for Redis It can be assigned The main character and Copy role .
- Main nodes : Usually responsible for coming from Redis Client write and read requests serve . When performing a write operation , It submits a new key and key update to its internal memory , And immediately reply to the client . It forwards operations asynchronously to the replica .
When the primary node fails, it is unavailable , The replica node is automatically upgraded to a new master node . And by Redis Of
Although it can pass 13000 Or when 15000 Port to Azure Redis service , But because of Redis By default , It's also a popular connection port 6379( Not SSL) / 6380(SSL). therefore ,1300N,1500N The port is Azure Redis Because of the design of . Because 6379 Ports can be turned off in settings . therefore 1300N Ports can also be closed . Such as :
in addition , because Azure Redis Clustering can be enabled . The cluster needs to be connected to each partition, which is used 1300N Port and 1500N port .
When clustering is enabled , How to connect to the cache ?
When connecting to the cache , Available endpoints 、 The port and key are the same as those used when connecting to a cache that is not cluster enabled . Redis Manage cluster functionality on the back end , So you don't need to manage it through the client .
Can I connect directly to each slice of the cache ?
The cluster protocol requires the client to establish the correct fragmentation connection . Therefore, the client should perform this operation correctly . That being the case , But every slice is made by the master / The secondary cache consists of two pairs , The cache pair is collectively referred to as cache instances . Can be in GitHub through Redis Repository's unstable Branch use redis-cli The utility connects to these cache instances . Use
-cWhen the switch is on , This version provides basic support . For more information , see also https://redis.io On Redis cluster tutorial(Redis Cluster tutorial ) Medium Operation cluster .For non TLS, Please use the following command .
Redis-cli.exe -h <<cachename>> -p 13000 (to connect to instance 0) Redis-cli.exe -h <<cachename>> -p 13001 (to connect to instance 1) Redis-cli.exe -h <<cachename>> -p 13002 (to connect to instance 2) ... Redis-cli.exe -h <<cachename>> -p 1300N (to connect to instance N)about TLS, Please put
1300NReplace with1500N.
Be careful : although Redis The client connects to the master node by default , But if you want to connect to a replica node , It's OK, too . It's just that it's going to cause some unexpected potential problems , Such as data loss , The indicators on the monitoring icon are not equal .
Reference documents
tcping download :https://www.elifulkerson.com/projects/tcping.php
Azure Cache for Redis High availability : https://docs.azure.cn/zh-cn/azure-cache-for-redis/cache-high-availability#standard-replication
Can I connect directly to each slice of the cache ?https://docs.azure.cn/zh-cn/azure-cache-for-redis/cache-how-to-premium-clustering#how-do-i-connect-to-my-cache-when-clustering-is-enabled