fdv/gist:1591412

## gistfile1.txt
We had to deploy ElasticSearch in a particular environment, where our hosts would be connected to Internet and access 2 different subnets, but with some restrictions. This makes our setup somehow tricky as we need the following:

eth0: external IP, listening on the Internet. There are iptables rules blocking every connection there on ports 9200 and 9300.
eth1: RFC1918 IP address.
lo:0: a single RFC1918 address used on every node for IPVS / IPFail for load balancing and fail over purpose.

Why is this setup tricky?

1. By default, ElasticSearch will listen on eth0 if it exists and is up. Shutting down eth0 and setting it up will just break your setup. Add iptables rules and you'll really be in trouble. Using unicast and a list of IPs won't be enough to solve the issue.

2. You can't bind ElasticSearch on a list of interfaces: it's all or one, and I need my ES to listen both on eth1 and lo0, but to forget eth0.

Configuration

We're using unicast with a defined list of servers to prevent ElasticSearch to look for anything on eth0 and send multicast packets over the network.

"discovery": {
  "zen": {
    "ping": {
      "multicast": {
        "enabled": false
      },
      "unicast": {
        "hosts": ["es1", "es2", "es3"]
      }
    }
  }
},

We're telling ElasticSearch to publish itself within the cluster on eth1, using IPv4 only as we don't want IPv6 here, so other nodes will be able to connect to it.

"network" : {
  "publish_host": "_eth1:ipv4_"
},

Finally, we setup the transport to listen on eth1 as well:

"transport" : {
  "host": "_eth1:ipv4_"
},

This setup allows ElasticSearch REST API to be accessed from anywhere while restraining the transport and publication to the internal networks only.
	We had to deploy ElasticSearch in a particular environment, where our hosts would be connected to Internet and access 2 different subnets, but with some restrictions. This makes our setup somehow tricky as we need the following:

	eth0: external IP, listening on the Internet. There are iptables rules blocking every connection there on ports 9200 and 9300.
	eth1: RFC1918 IP address.
	lo:0: a single RFC1918 address used on every node for IPVS / IPFail for load balancing and fail over purpose.

	Why is this setup tricky?

	1. By default, ElasticSearch will listen on eth0 if it exists and is up. Shutting down eth0 and setting it up will just break your setup. Add iptables rules and you'll really be in trouble. Using unicast and a list of IPs won't be enough to solve the issue.

	2. You can't bind ElasticSearch on a list of interfaces: it's all or one, and I need my ES to listen both on eth1 and lo0, but to forget eth0.

	Configuration

	We're using unicast with a defined list of servers to prevent ElasticSearch to look for anything on eth0 and send multicast packets over the network.

	"discovery": {
	"zen": {
	"ping": {
	"multicast": {
	"enabled": false
	},
	"unicast": {
	"hosts": ["es1", "es2", "es3"]
	}
	}
	}
	},

	We're telling ElasticSearch to publish itself within the cluster on eth1, using IPv4 only as we don't want IPv6 here, so other nodes will be able to connect to it.

	"network" : {
	"publish_host": "_eth1:ipv4_"
	},

	Finally, we setup the transport to listen on eth1 as well:

	"transport" : {
	"host": "_eth1:ipv4_"
	},

	This setup allows ElasticSearch REST API to be accessed from anywhere while restraining the transport and publication to the internal networks only.