Run RTI Perftest with DDS Security Plugin and Cloud Discovery Service in Kubernetes Pods

3 posts / 0 new
Log in or register to post comments
Last post
Sat, 01/16/2021 - 10:42
#1
KKVandy
Offline
Last seen: 2 years 7 months ago
Joined: 08/13/2019
Posts: 14
Run RTI Perftest with DDS Security Plugin and Cloud Discovery Service in Kubernetes Pods

Hi,

I'm trying to run the RTI perftest application with DDS Security plugin enabled in Kubernetes pods. As multicast is not enabled by most k8s CNIs, I have to run cloud discovery service to make participants discover each other. However, I got the following error on the publisher:

RTI Perftest 3.1.0  (RTI Connext DDS 6.0.1)
 
Mode: THROUGHPUT TEST
      (Use "-latencyTest" for Latency Mode)
 
Perftest Configuration:
Reliability: Reliable
Keyed: No
Publisher ID: 0
Latency count: 1 latency sample every 10000 samples
Data Size: 100
Batching: 8192 Bytes (Use "-batchSize 0" to disable batching)
Publication Rate: Unlimited (Not set)
Number of samples: 100000000
Receive using: Listeners
Domain: 1
Dynamic Data: No
FlatData: No
Zero Copy: No
Asynchronous Publishing: No
XML File: perftest_qos_profiles.xml
 
Transport Configuration:
Kind: UDPv4 & SHMEM (taken from QoS XML file)
Use Multicast: False
SHMEM message_size_max: 65536
SHMEM received_message_count_max: 102
SHMEM receive_buffer_size: 6684672
 
Secure Configuration:
Encrypt discovery: False
Encrypt topic (user) data: True
Encrypt submessage: True
Sign data: False
Governance file: ./resource/secure/signed_PerftestGovernance_EncryptBoth.xml
Permissions file: ./resource/secure/signed_PerftestPermissionsPub.xml
Private key file: ./resource/secure/pubkey.pem
Certificate file: ./resource/secure/pub.pem
Certificate authority file: ./resource/secure/cacert.pem
Plugin library: Not Specified
 
Waiting to discover 1 subscribers ...
PRESParticipant_assertRemoteParticipantI:!assert remote participant 96a413df a72d5f0b 948fb957 due to different ro area
DISCParticipantDiscoveryPlugin_assertRemoteParticipant:!assert remote participant: 0X96A413DF,0XA72D5F0B,0X948FB957,0X1C1
DISCSimpleParticipantDiscoveryPluginReaderListener_onDataAvailable:!assert remote participant
PRESParticipant_processMatchedRemoteEndpointSecurity:[Local Participant: f33b450a 5a940447 7010e182 | Local Endpoint: 1c1] [Remote Participant: 96a413df a72d5f0b 948fb957 | Remote Endpoint: 80000004] !security function missing remote participant interceptor handle for register_matched_remote_endpoint
PRESPsService_assertMatchSecurity:[Local Participant: f33b450a 5a940447 7010e182 | Local Endpoint: 80000003] [Remote Participant: 96a413df a72d5f0b 948fb957 | Remote Endpoint: 80000004] !security function process matched remote endpoint security
PRESPsService_linkToLocalWriter:!process match security
...

Similar on the subscriber:

RTI Perftest 3.1.0  (RTI Connext DDS 6.0.1)
 
Perftest Configuration:
Reliability: Reliable
Keyed: No
Subscriber ID: 0
Data Size: 100
Receive using: Listeners
Domain: 1
Dynamic Data: No
FlatData: No
Zero Copy: No
XML File: perftest_qos_profiles.xml
 
Transport Configuration:
Kind: UDPv4 & SHMEM (taken from QoS XML file)
Use Multicast: False
SHMEM message_size_max: 65536
SHMEM received_message_count_max: 102
SHMEM receive_buffer_size: 6684672
 
Secure Configuration:
Encrypt discovery: False
Encrypt topic (user) data: True
Encrypt submessage: True
Sign data: False
Governance file: ./resource/secure/signed_PerftestGovernance_EncryptBoth.xml
Permissions file: ./resource/secure/signed_PerftestPermissionsSub.xml
Private key file: ./resource/secure/subkey.pem
Certificate file: ./resource/secure/sub.pem
Certificate authority file: ./resource/secure/cacert.pem
Plugin library: Not Specified
 
PRESParticipant_assertRemoteParticipantI:!assert remote participant f33b450a 5a940447 7010e182 due to different ro area
DISCParticipantDiscoveryPlugin_assertRemoteParticipant:!assert remote participant: 0XF33B450A,0X5A940447,0X7010E182,0X1C1
DISCSimpleParticipantDiscoveryPluginReaderListener_onDataAvailable:!assert remote participant
Waiting to discover 1 publishers ...
PRESParticipant_assertRemoteParticipantI:!assert remote participant f33b450a 5a940447 7010e182 due to different ro area
DISCParticipantDiscoveryPlugin_assertRemoteParticipant:!assert remote participant: 0XF33B450A,0X5A940447,0X7010E182,0X1C1
DISCSimpleParticipantDiscoveryPluginReaderListener_onDataAvailable:!assert remote participant
...
 
As Weavenet is the only K8s CNI that supports multicast, I can omit Cloud Discovery Service in that case. And the perftest applications work well in containers. 
 
Also, the perftest application works well with cloud discovery service in such deployment  if the security feature is not enabled.
 
 Can anyone help me figure out this issue?
 
Thanks
Organization:
Keywords:
Top
Mon, 01/18/2021 - 11:03
Pralhad Sapre
Offline
Last seen: 3 years 10 months ago
Joined: 08/17/2017
Posts: 2

Hi KKVandy,

Cloud Disovery Service (CDS) does not support using security in RTI Connext DDS 6.0.1 release. With the upcoming RTI Connext DDS 6.1.0 release, we are adding support for symmetric key encryption using preshared keys to protect the exchange of participant announcements between CDS and other DomainParticipants. This will be done using the property com.rti.serv.secure.authentication.participant_discovery_protection_key, within the new XML configuration schema (<security><property>) of CDS.

Best,
Pralhad

Top
Tue, 01/19/2021 - 08:11
KKVandy
Offline
Last seen: 2 years 7 months ago
Joined: 08/13/2019
Posts: 14

OK, thank you.

Top