0

I have created a MongoDB replica set using 5 EC2 instances on AWS. I added the nodes using rs.add("[IP_Address]") command.

I want to perform network partition in the replica set. In order to that, I have specified 2 kinds of security groups. 'SG1' has 27017 port (MongoDB port) opened. 'SG2' doesn't expose 27017.

I want to isolate 2 nodes from the replica set. When I apply SG2 on these 2 nodes (EC2 instances), ideally they should stop getting write and read from the primary as I am blocking the 27017 port using security group SG2. But in my case, they are still writable. Data written on Primary reflects on the partitioned node. Can someone help? TYA.

Shubham Sawant
  • 93
  • 1
  • 5

1 Answers1

0

Most firewalls, including AWS Security groups, will block incoming connections when the connection is being opened. Changing settings will affect all new connection, but existing open connections are not re-evaluated when they are applied.

MongoDB maintains connections between hosts and that would only get blocked after loss of connection between the hosts.

On Linux you can restart the networking which will reset the connections. You can do this after applying the new rules by running:

/etc/init.d/networking stop && /etc/init.d/networking start

DHE
  • 11
  • 3
  • I tried running the above commands. When I run ifdown eth0, the ec2 instance became unreachable. I couldn't ssh into it. I had to create a new instance. :( – Shubham Sawant Nov 18 '18 at 18:20
  • Loss of connection is to be expected as you are disabling the network interface. If you do restart the box using the AWS Console it will be reconnected, no need to rebuild. Running the following command would do the same but will also reconnect the networking. `/etc/init.d/networking stop && /etc/init.d/networking start` – DHE Nov 19 '18 at 14:50