[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Randomizing Strings In A Microservices World

On 10/12/2019 03:35, Tim Daneliuk wrote:
> On 12/9/19 8:50 PM, Paul Rubin wrote:
>> Tim Daneliuk <info at tundraware.com> writes:
>>> - Imagine an environment in which there may be multiple instances of a given
>>>    microservice written in Python.
>> Decide the maximum number of microservice instances, say 1000.  Chop up
>> the 10 digit range into 1000 pieces, so 0..999999, 1000000-1999999, etc.
>> Give one range to each microservice instance.  Then have the
>> microservices give out the numbers sequentially, but treating them as 10
>> digit numbers and encrypting each one under a 10 digit pseudorandom
>> permutation shared by all the instances.  Look up "format preserving
>> encryption" for how to do this.
>> Obvious variants of the above are obvious, and maybe you need some way
>> to hand around chunks of range if some instance gives out more than a
>> million numbers.
> The problem here is that the services are ephemeral and the number of said
> services is not fixed.

Hm.  Normally I'd mash together the MAC address of the interface and the 
process ID of the service (or whatever individual identifier 
microservices have -- indeed, whatever microservices *are* :-), but ten 
digits is a bit few for that.  So you want some variant of Paul's approach.

* I assume there are a number of machines providing these services. 
Give them unique numbers -- I'm guessing three digits should be enough 
for that, but you know your own setup better.  How you assign those 
numbers is up to you; a config file in /etc, a Windows registry key, or 
some broadcast protocol that the machines use to dynamically configure 
themselves are all options that spring to mind.

* On each machine, something must spin up services when they are needed. 
  That something will be in a position to assign a unique number (within 
an individual machine) to each service.  So do that, using whatever 
digits you have left after the unique machine number.

* Mash these two numbers into a single ten digit identifier.

Rhodri James *-* Kynesim Ltd