Network Configuration

<h2 id="network-configuration" class="position-relative d-flex align-items-center group"> Network Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="network-configuration" aria-haspopup="dialog" aria-label="Share link: Network Configuration"> Share link </button> </h2><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden> <div class="hsm-dialog" role="document"> <div class="hsm-header"> <h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2> <button type="button" class="hsm-close" aria-label="Close"> </button> </div> <div class="hsm-body"> <label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label> <div class="input-group mb-4 hsm-url-group"> <input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" /> <button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy"> </button> </div> <div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div> <div class="hsm-share-grid"> <a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Twitter </a> <a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> LinkedIn </a> <a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Facebook </a> </div> </div> </div> </div> <style> .heading-share-modal { position: fixed; inset: 0; display: flex; justify-content: center; align-items: center; background: rgba(0, 0, 0, 0.6); z-index: 1050; padding: 1rem; backdrop-filter: blur(4px); -webkit-backdrop-filter: blur(4px); } .heading-share-modal[hidden] { display: none !important; } .hsm-dialog { max-width: 420px; width: 100%; background: var(--bs-body-bg, #fff); color: var(--bs-body-color, #212529); border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); border-radius: 1rem; box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25); overflow: hidden; animation: hsm-fade-in 0.2s ease-out; } @keyframes hsm-fade-in { from { opacity: 0; transform: scale(0.95); } to { opacity: 1; transform: scale(1); } } [data-bs-theme="dark"] .hsm-dialog { background: #1e293b; border-color: rgba(255,255,255,0.1); color: #f8f9fa; } .hsm-header { display: flex; justify-content: space-between; align-items: center; padding: 1rem 1.5rem; border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); background: rgba(0,0,0,0.02); } [data-bs-theme="dark"] .hsm-header { background: rgba(255,255,255,0.02); border-color: rgba(255,255,255,0.1); } .hsm-close { background: transparent; border: none; color: inherit; opacity: 0.5; padding: 0.25rem 0.5rem; border-radius: 0.25rem; font-size: 1.2rem; line-height: 1; transition: opacity 0.2s; } .hsm-close:hover { opacity: 1; } .hsm-body { padding: 1.5rem; } .hsm-url-group { display: flex !important; align-items: stretch; } .hsm-url-group .form-control { flex: 1; min-width: 0; margin: 0; background: var(--bs-secondary-bg, #f8f9fa); border-color: var(--bs-border-color, #dee2e6); border-top-right-radius: 0; border-bottom-right-radius: 0; height: 42px; } .hsm-url-group .btn { flex: 0 0 auto; margin: 0; margin-left: -1px; border-top-left-radius: 0; border-bottom-left-radius: 0; height: 42px; display: flex; align-items: center; justify-content: center; padding: 0 1.25rem; z-index: 2; } [data-bs-theme="dark"] .hsm-url-group .form-control { background: #0f172a; border-color: #334155; color: #e2e8f0; } .hsm-share-grid { display: flex; flex-direction: column; gap: 0.5rem; } .hsm-share-grid .btn { display: flex; align-items: center; justify-content: center; font-size: 0.9rem; padding: 0.6rem; border-color: var(--bs-border-color); width: 100%; } [data-bs-theme="dark"] .hsm-share-grid .btn { color: #e2e8f0; border-color: #475569; } [data-bs-theme="dark"] .hsm-share-grid .btn:hover { background: #334155; border-color: #cbd5e1; } </style> <script> (function(){ const modal = document.getElementById('headingShareModal'); if(!modal) return; const input = modal.querySelector('#headingShareInput'); const copyBtn = modal.querySelector('.hsm-copy'); const twitter = modal.querySelector('#share-twitter'); const linkedin = modal.querySelector('#share-linkedin'); const facebook = modal.querySelector('#share-facebook'); const closeBtn = modal.querySelector('.hsm-close'); let lastFocus=null; let trapBound=false; function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; } function isOpen(){ return !modal.hasAttribute('hidden'); } function hydrate(id){ const url=buildUrl(id); input.value=url; const enc=encodeURIComponent(url); const text=encodeURIComponent(document.title); if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`; if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`; if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`; } function openModal(id){ lastFocus=document.activeElement; hydrate(id); if(!isOpen()){ modal.removeAttribute('hidden'); } requestAnimationFrame(()=>{ input.focus(); }); trapFocus(); } function closeModal(){ if(!isOpen()) return; modal.setAttribute('hidden',''); if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus(); } function copyCurrent(){ try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); } catch(e){ fallback(); } } function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} } function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); } function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); } function bindShareButtons(){ document.querySelectorAll('.h-share').forEach(btn=>{ if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; } }); } bindShareButtons(); if(document.readyState==='loading'){ document.addEventListener('DOMContentLoaded', bindShareButtons); } else { requestAnimationFrame(bindShareButtons); } document.addEventListener('click', function(e){ const shareBtn=e.target.closest && e.target.closest('.h-share'); if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); } }, true); document.addEventListener('click', e=>{ if(e.target===modal) closeModal(); if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); } if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); } }); document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); }); function trapFocus(){ if(trapBound) return; trapBound=true; modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } }); } if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); }); })(); </script>Network configuration is fundamental to Geode’s performance, security, and reliability. Geode uses the modern QUIC protocol over UDP with mandatory TLS 1.3 encryption, providing superior performance compared to traditional TCP-based databases while maintaining enterprise-grade security. <h3 id="introduction-to-geode-networking" class="position-relative d-flex align-items-center group"> Introduction to Geode Networking <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="introduction-to-geode-networking" aria-haspopup="dialog" aria-label="Share link: Introduction to Geode Networking"> Share link </button> </h3>Geode’s networking architecture is built on QUIC (Quick UDP Internet Connections), the same protocol powering HTTP/3. This choice delivers significant advantages: reduced connection latency through 0-RTT resumption, improved performance on lossy networks with better congestion control, native multiplexing without head-of-line blocking, and mandatory encryption with TLS 1.3. Unlike traditional databases that use TCP, Geode’s QUIC implementation provides better performance for distributed deployments, especially across geographic regions or unreliable networks. The default port is 3141, with an alternative port 8443 for environments where only standard HTTPS ports are permitted. All communication is encrypted by default with no insecure fallback options. <h3 id="basic-network-configuration" class="position-relative d-flex align-items-center group"> Basic Network Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="basic-network-configuration" aria-haspopup="dialog" aria-label="Share link: Basic Network Configuration"> Share link </button> </h3> <h4 id="server-configuration" class="position-relative d-flex align-items-center group"> Server Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="server-configuration" aria-haspopup="dialog" aria-label="Share link: Server Configuration"> Share link </button> </h4>Configure Geode server network settings in <code>/etc/geode/geode.conf</code>: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network] # Listen address (0.0.0.0 for all interfaces) listen_address = "0.0.0.0" # Port configuration port = 3141 # Enable IPv6 enable_ipv6 = true # Maximum concurrent connections max_connections = 10000 # Connection idle timeout (seconds) idle_timeout = 300 # Keep-alive interval (seconds) keep_alive_interval = 30 </code></pre></div>Start the server with network configuration: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Start with default configuration geode serve --listen 0.0.0.0:3141 # Bind to specific interface geode serve --listen 192.168.1.100:3141 # Enable IPv6 geode serve --listen [::]:3141 # Custom port for restricted environments geode serve --listen 0.0.0.0:8443 </code></pre></div> <h4 id="client-configuration" class="position-relative d-flex align-items-center group"> Client Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="client-configuration" aria-haspopup="dialog" aria-label="Share link: Client Configuration"> Share link </button> </h4>Configure client connections with connection strings: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">from geode_client import Client # Basic connection client = Client("localhost:3141") # Explicit TLS configuration client = Client("geode.example.com:3141", tls={ "verify": True, "ca_cert": "/etc/ssl/certs/geode-ca.pem", "client_cert": "/etc/ssl/certs/client.pem", "client_key": "/etc/ssl/private/client-key.pem" }) # Connection with custom timeout client = Client("geode.example.com:3141", connect_timeout=10, idle_timeout=300 ) </code></pre></div>In Go: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-go" data-lang="go">import "geodedb.com/geode" // Basic connection db, err := sql.Open("geode", "quic://localhost:3141") // With TLS configuration db, err := sql.Open("geode", "quic://geode.example.com:3141?"+ "ca_cert=/etc/ssl/certs/geode-ca.pem&"+ "client_cert=/etc/ssl/certs/client.pem&"+ "client_key=/etc/ssl/private/client-key.pem") </code></pre></div> <h3 id="quic-protocol-configuration" class="position-relative d-flex align-items-center group"> QUIC Protocol Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="quic-protocol-configuration" aria-haspopup="dialog" aria-label="Share link: QUIC Protocol Configuration"> Share link </button> </h3> <h4 id="quic-parameters" class="position-relative d-flex align-items-center group"> QUIC Parameters <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="quic-parameters" aria-haspopup="dialog" aria-label="Share link: QUIC Parameters"> Share link </button> </h4>Optimize QUIC settings for your network environment: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network.quic] # Initial receive window (bytes) initial_receive_window = 1048576 # 1 MB # Maximum receive window (bytes) max_receive_window = 16777216 # 16 MB # Maximum idle timeout (milliseconds) max_idle_timeout = 300000 # 5 minutes # Enable 0-RTT connection resumption enable_0rtt = true # Maximum concurrent bidirectional streams max_concurrent_streams = 1000 # Datagram frame support (for lightweight messages) enable_datagrams = true # Congestion control algorithm (cubic, bbr, newreno) congestion_control = "cubic" </code></pre></div> <h4 id="connection-migration" class="position-relative d-flex align-items-center group"> Connection Migration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="connection-migration" aria-haspopup="dialog" aria-label="Share link: Connection Migration"> Share link </button> </h4>QUIC supports connection migration for mobile and roaming clients: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network.quic.migration] # Enable connection migration enabled = true # Allow migration to different IP addresses allow_ip_migration = true # Allow migration to different ports allow_port_migration = true # Maximum migration attempts max_migration_attempts = 5 </code></pre></div>This feature is particularly valuable for applications with mobile clients or clients behind NAT that may change IP addresses. <h3 id="tls-configuration" class="position-relative d-flex align-items-center group"> TLS Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="tls-configuration" aria-haspopup="dialog" aria-label="Share link: TLS Configuration"> Share link </button> </h3> <h4 id="certificate-management" class="position-relative d-flex align-items-center group"> Certificate Management <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="certificate-management" aria-haspopup="dialog" aria-label="Share link: Certificate Management"> Share link </button> </h4>Configure TLS certificates for secure communication: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Generate self-signed certificate for development geode tls generate-cert \ --output-dir=/etc/geode/tls \ --hostname=geode.example.com \ --validity-days=365 # Use Let's Encrypt for production geode tls configure-letsencrypt \ --domain=geode.example.com \ --email=[email protected] \ --auto-renew=true </code></pre></div>Server TLS configuration: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network.tls] # Certificate and key paths cert_file = "/etc/geode/tls/server.crt" key_file = "/etc/geode/tls/server.key" # CA certificate for client verification ca_cert_file = "/etc/geode/tls/ca.crt" # Require client certificates require_client_cert = false # TLS minimum version (must be 1.3) min_version = "1.3" # Cipher suites (TLS 1.3 only) cipher_suites = [ "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256" ] </code></pre></div> <h4 id="mutual-tls-mtls" class="position-relative d-flex align-items-center group"> Mutual TLS (mTLS) <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="mutual-tls-mtls" aria-haspopup="dialog" aria-label="Share link: Mutual TLS (mTLS)"> Share link </button> </h4>Enable mutual TLS for enhanced security: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network.tls] # Require client certificates require_client_cert = true # CA certificate for verifying clients ca_cert_file = "/etc/geode/tls/client-ca.crt" # Certificate revocation list crl_file = "/etc/geode/tls/revocation-list.crl" # Client certificate verification mode verify_mode = "strict" # strict, permissive, or optional </code></pre></div>Client configuration for mTLS: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">client = Client("geode.example.com:3141", tls={ "verify": True, "ca_cert": "/etc/ssl/certs/geode-ca.pem", "client_cert": "/etc/ssl/certs/my-client.pem", "client_key": "/etc/ssl/private/my-client-key.pem" }) </code></pre></div> <h3 id="connection-pooling" class="position-relative d-flex align-items-center group"> Connection Pooling <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="connection-pooling" aria-haspopup="dialog" aria-label="Share link: Connection Pooling"> Share link </button> </h3> <h4 id="server-side-pooling" class="position-relative d-flex align-items-center group"> Server-Side Pooling <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="server-side-pooling" aria-haspopup="dialog" aria-label="Share link: Server-Side Pooling"> Share link </button> </h4>Configure server connection limits: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network.connection_pool] # Maximum connections per client IP max_connections_per_ip = 100 # Maximum total connections max_total_connections = 10000 # Connection queue size connection_queue_size = 1000 # Connection acceptance rate limit accept_rate_limit = 1000 # connections per second # Enable connection pooling statistics enable_statistics = true </code></pre></div> <h4 id="client-side-pooling" class="position-relative d-flex align-items-center group"> Client-Side Pooling <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="client-side-pooling" aria-haspopup="dialog" aria-label="Share link: Client-Side Pooling"> Share link </button> </h4>Configure client connection pools for optimal performance: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">from geode_client import Client, ConnectionPool # Create connection pool pool = ConnectionPool( url="geode.example.com:3141", min_connections=10, max_connections=100, max_idle_time=300, connection_timeout=10, acquire_timeout=5 ) # Use connection from pool async with pool.acquire() as client: result, _ = await client.query("MATCH (n:User) RETURN n LIMIT 10") # Pool statistics stats = pool.get_statistics() print(f"Active: {stats.active_connections}") print(f"Idle: {stats.idle_connections}") print(f"Wait queue: {stats.waiting_requests}") </code></pre></div>In Go with database/sql: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-go" data-lang="go">import ( "database/sql" _ "geodedb.com/geode" ) db, err := sql.Open("geode", "quic://localhost:3141") // Configure connection pool db.SetMaxOpenConns(100) db.SetMaxIdleConns(10) db.SetConnMaxLifetime(time.Minute * 5) db.SetConnMaxIdleTime(time.Minute * 1) </code></pre></div> <h3 id="firewall-configuration" class="position-relative d-flex align-items-center group"> Firewall Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="firewall-configuration" aria-haspopup="dialog" aria-label="Share link: Firewall Configuration"> Share link </button> </h3> <h4 id="inbound-rules" class="position-relative d-flex align-items-center group"> Inbound Rules <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="inbound-rules" aria-haspopup="dialog" aria-label="Share link: Inbound Rules"> Share link </button> </h4>Configure firewall rules for Geode server: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># UFW (Ubuntu/Debian) sudo ufw allow 3141/udp comment 'Geode QUIC' sudo ufw allow from 10.0.0.0/8 to any port 3141 proto udp sudo ufw enable # firewalld (CentOS/RHEL) sudo firewall-cmd --permanent --add-port=3141/udp sudo firewall-cmd --permanent --add-rich-rule=' rule family="ipv4" source address="10.0.0.0/8" port protocol="udp" port="3141" accept' sudo firewall-cmd --reload # iptables sudo iptables -A INPUT -p udp --dport 3141 -j ACCEPT sudo iptables -A INPUT -p udp --dport 3141 -s 10.0.0.0/8 -j ACCEPT sudo iptables-save > /etc/iptables/rules.v4 </code></pre></div> <h4 id="cloud-firewall-configuration" class="position-relative d-flex align-items-center group"> Cloud Firewall Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="cloud-firewall-configuration" aria-haspopup="dialog" aria-label="Share link: Cloud Firewall Configuration"> Share link </button> </h4>AWS Security Group: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Allow Geode traffic from application tier aws ec2 authorize-security-group-ingress \ --group-id sg-geode123 \ --protocol udp \ --port 3141 \ --source-group sg-app456 # Allow Geode traffic from specific CIDR aws ec2 authorize-security-group-ingress \ --group-id sg-geode123 \ --protocol udp \ --port 3141 \ --cidr 10.0.0.0/16 </code></pre></div>Google Cloud Firewall: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash">gcloud compute firewall-rules create allow-geode-internal \ --direction=INGRESS \ --priority=1000 \ --network=default \ --action=ALLOW \ --rules=udp:3141 \ --source-ranges=10.0.0.0/8 </code></pre></div> <h3 id="network-performance-optimization" class="position-relative d-flex align-items-center group"> Network Performance Optimization <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="network-performance-optimization" aria-haspopup="dialog" aria-label="Share link: Network Performance Optimization"> Share link </button> </h3> <h4 id="bandwidth-management" class="position-relative d-flex align-items-center group"> Bandwidth Management <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="bandwidth-management" aria-haspopup="dialog" aria-label="Share link: Bandwidth Management"> Share link </button> </h4>Configure bandwidth limits and Quality of Service (QoS): <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network.bandwidth] # Maximum outbound bandwidth per connection (bytes/sec) max_bandwidth_per_connection = 10485760 # 10 MB/s # Maximum total server bandwidth (bytes/sec) max_total_bandwidth = 1073741824 # 1 GB/s # Enable bandwidth throttling enable_throttling = true # Priority queue for different query types [network.bandwidth.priorities] admin_queries = 100 user_queries = 50 batch_queries = 10 </code></pre></div> <h4 id="buffer-tuning" class="position-relative d-flex align-items-center group"> Buffer Tuning <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="buffer-tuning" aria-haspopup="dialog" aria-label="Share link: Buffer Tuning"> Share link </button> </h4>Optimize network buffer sizes for your workload: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[network.buffers] # Send buffer size (bytes) send_buffer_size = 2097152 # 2 MB # Receive buffer size (bytes) receive_buffer_size = 2097152 # 2 MB # Maximum packet size (bytes) max_packet_size = 65536 # 64 KB # Read timeout (milliseconds) read_timeout = 30000 # Write timeout (milliseconds) write_timeout = 30000 </code></pre></div> <h4 id="tcpudp-stack-tuning" class="position-relative d-flex align-items-center group"> TCP/UDP Stack Tuning <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="tcpudp-stack-tuning" aria-haspopup="dialog" aria-label="Share link: TCP/UDP Stack Tuning"> Share link </button> </h4>Operating system network stack optimization: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Linux sysctl settings for high-performance QUIC cat >> /etc/sysctl.conf <<EOF # Increase UDP buffer sizes net.core.rmem_max = 134217728 net.core.wmem_max = 134217728 net.core.rmem_default = 16777216 net.core.wmem_default = 16777216 # Increase connection backlog net.core.somaxconn = 4096 net.core.netdev_max_backlog = 8192 # Enable TCP/UDP performance options net.ipv4.udp_rmem_min = 8192 net.ipv4.udp_wmem_min = 8192 EOF sudo sysctl -p </code></pre></div> <h3 id="load-balancing" class="position-relative d-flex align-items-center group"> Load Balancing <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="load-balancing" aria-haspopup="dialog" aria-label="Share link: Load Balancing"> Share link </button> </h3> <h4 id="dns-round-robin" class="position-relative d-flex align-items-center group"> DNS Round-Robin <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="dns-round-robin" aria-haspopup="dialog" aria-label="Share link: DNS Round-Robin"> Share link </button> </h4>Simple load balancing with DNS: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Multiple A records for geode.example.com geode.example.com. 300 IN A 192.168.1.101 geode.example.com. 300 IN A 192.168.1.102 geode.example.com. 300 IN A 192.168.1.103 </code></pre></div>Client automatically tries different IP addresses: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"># Client will try all IPs in round-robin fashion client = Client("geode.example.com:3141") </code></pre></div> <h4 id="layer-4-load-balancing" class="position-relative d-flex align-items-center group"> Layer 4 Load Balancing <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="layer-4-load-balancing" aria-haspopup="dialog" aria-label="Share link: Layer 4 Load Balancing"> Share link </button> </h4>Use UDP-aware load balancers: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"># NGINX Stream configuration for QUIC stream { upstream geode_cluster { hash $remote_addr consistent; server 192.168.1.101:3141; server 192.168.1.102:3141; server 192.168.1.103:3141; } server { listen 3141 udp; proxy_pass geode_cluster; proxy_timeout 5m; proxy_responses 1; } } </code></pre></div>HAProxy configuration: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"># HAProxy UDP load balancing for QUIC frontend geode_frontend bind *:3141 mode udp default_backend geode_backend backend geode_backend mode udp balance roundrobin hash-type consistent server geode1 192.168.1.101:3141 check server geode2 192.168.1.102:3141 check server geode3 192.168.1.103:3141 check </code></pre></div> <h3 id="monitoring-network-performance" class="position-relative d-flex align-items-center group"> Monitoring Network Performance <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="monitoring-network-performance" aria-haspopup="dialog" aria-label="Share link: Monitoring Network Performance"> Share link </button> </h3> <h4 id="network-metrics" class="position-relative d-flex align-items-center group"> Network Metrics <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="network-metrics" aria-haspopup="dialog" aria-label="Share link: Network Metrics"> Share link </button> </h4>Monitor network performance metrics: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Query network statistics SELECT metric_name, metric_value, timestamp FROM system.network_metrics WHERE metric_name IN ( 'connections_active', 'connections_total', 'bytes_sent', 'bytes_received', 'packets_lost', 'rtt_average' ) ORDER BY timestamp DESC LIMIT 100; </code></pre></div>Prometheus metrics: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Scrape Geode network metrics curl http://localhost:9090/metrics | grep geode_network # Example metrics geode_network_connections_active 523 geode_network_connections_total 152847 geode_network_bytes_sent_total 182374923847 geode_network_bytes_received_total 93847298347 geode_network_packets_lost_total 1234 geode_network_rtt_milliseconds{quantile="0.5"} 12 geode_network_rtt_milliseconds{quantile="0.95"} 45 geode_network_rtt_milliseconds{quantile="0.99"} 89 </code></pre></div> <h4 id="connection-diagnostics" class="position-relative d-flex align-items-center group"> Connection Diagnostics <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="connection-diagnostics" aria-haspopup="dialog" aria-label="Share link: Connection Diagnostics"> Share link </button> </h4>Diagnose connection issues: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Show active connections geode admin connections list # Show connection details geode admin connection show --id=conn-12345 # Test connectivity geode admin ping --host=geode.example.com:3141 # Trace route with QUIC geode admin traceroute --host=geode.example.com:3141 # Network throughput test geode admin benchmark network \ --host=geode.example.com:3141 \ --duration=60s \ --packet-size=64KB </code></pre></div> <h3 id="best-practices" class="position-relative d-flex align-items-center group"> Best Practices <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="best-practices" aria-haspopup="dialog" aria-label="Share link: Best Practices"> Share link </button> </h3><ol> <li>TLS Certificates: Use valid TLS certificates from trusted CAs in production</li> <li>Connection Limits: Set appropriate connection limits based on server capacity</li> <li>Firewall Rules: Restrict access to trusted networks and IP ranges</li> <li>Monitoring: Continuously monitor network metrics and connection health</li> <li>Bandwidth: Configure bandwidth limits to prevent resource exhaustion</li> <li>Testing: Test network configuration under load before production deployment</li> <li>Redundancy: Use multiple network paths and load balancing for high availability</li> <li>Security: Enable mTLS for sensitive deployments and internal services</li> </ol> <h3 id="troubleshooting" class="position-relative d-flex align-items-center group"> Troubleshooting <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="troubleshooting" aria-haspopup="dialog" aria-label="Share link: Troubleshooting"> Share link </button> </h3> <h4 id="connection-issues" class="position-relative d-flex align-items-center group"> Connection Issues <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="connection-issues" aria-haspopup="dialog" aria-label="Share link: Connection Issues"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Test basic connectivity nc -vzu geode.example.com 3141 nmap -sU -p 3141 geode.example.com # Check QUIC connectivity geode admin diagnose network --host=geode.example.com:3141 # Verify TLS certificate geode admin tls verify --host=geode.example.com:3141 # Check firewall rules sudo iptables -L -n -v | grep 3141 sudo ufw status | grep 3141 </code></pre></div> <h4 id="performance-issues" class="position-relative d-flex align-items-center group"> Performance Issues <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="performance-issues" aria-haspopup="dialog" aria-label="Share link: Performance Issues"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Monitor network latency geode admin monitor network --interval=1s --duration=60s # Identify slow connections geode admin connections list --sort-by=latency --limit=10 # Check packet loss geode admin stats network --metric=packet_loss --interval=5m # Bandwidth utilization geode admin stats network --metric=bandwidth --interval=1m </code></pre></div> <h4 id="debugging-quic-issues" class="position-relative d-flex align-items-center group"> Debugging QUIC Issues <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="debugging-quic-issues" aria-haspopup="dialog" aria-label="Share link: Debugging QUIC Issues"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Enable QUIC debug logging geode serve --listen 0.0.0.0:3141 --log-level=debug --log-filter=quic # Capture QUIC packets sudo tcpdump -i any -n -s 65535 -w geode-quic.pcap 'udp port 3141' # Analyze with Wireshark wireshark geode-quic.pcap </code></pre></div> <h3 id="related-topics" class="position-relative d-flex align-items-center group"> Related Topics <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="related-topics" aria-haspopup="dialog" aria-label="Share link: Related Topics"> Share link </button> </h3><ul> <li><a href="/tags/quic/" >QUIC Protocol</a> - QUIC protocol details and configuration</li> <li><a href="/tags/encryption/" >TLS Security</a> - TLS configuration and certificate management</li> <li><a href="/tags/server/" >Server Configuration</a> - General server configuration</li> <li><a href="/tags/performance/" >Performance Optimization</a> - Performance tuning</li> <li><a href="/tags/monitoring/" >Monitoring</a> - Monitoring and observability</li> </ul> <h3 id="further-reading" class="position-relative d-flex align-items-center group"> Further Reading <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="further-reading" aria-haspopup="dialog" aria-label="Share link: Further Reading"> Share link </button> </h3><ul> <li><a href="https://www.rfc-editor.org/rfc/rfc9000.html" aria-label="QUIC Protocol Specification – opens in new window" target="_blank" rel="noopener noreferrer" >QUIC Protocol Specification ↗ </a> - IETF RFC 9000</li> <li><a href="/docs/configuration/server-configuration/" >Server Configuration</a> - Detailed server and network setup</li> <li><a href="/docs/security/overview/" >Security Best Practices</a> - Security guidelines</li> <li><a href="/docs/deployment/deployment-patterns/" >Deployment Patterns</a> - Load balancer and deployment configuration</li> <li><a href="/docs/query/performance-tuning/" >Performance Tuning</a> - Performance optimization</li> </ul>

Popular

Related Articles

DSN (Data Source Name) Specification

Wire Protocol

Wire Protocol Specification