Leaf Nodes

One of the use cases for a NATS server configured as a leaf node is to provide a local NATS network even when the connection to a hub or the cloud is down. To support such a disconnected use case with JetStream, independent JetStream islands are also supported and available through the same NATS network.

The general issue with multiple, independent JetStreams, accessible from the same client is that you need to be able to tell them apart. As an example, consider a leaf node with a non-clustered JetStream in each server. You connect to one of them, but which JetStream responds when you use the JetStream API $JS.API.> ?

To disambiguate between servers, the option domain was added to the JetStream configuration block. When using it, follow these rules: Every server in a cluster and super cluster needs to have the same domain name. This means that domain names can only change between two servers if they are connected via a leaf node connection. As a result of this the JetStream API $JS.API.> will also be available under a disambiguated name $JS.<domain>.API.>. Needless to say, domain names need to be unique.

There are reasons to connect system accounts on either end of your leaf node connection. You probably don’t want to connect your cloud and edge device system accounts, but you might connect them when the only reason keeping you from using a super cluster are firewall rules.

The benefits are:

  • Monitoring of all connected nats-servers
  • nats-account-resolver working on the entire network
  • extended JetStream cluster

When domain is set, JetStream-related traffic on the system account is suppressed. This is what causes JetStream not to be extended.

In addition, traffic on $JS.API.> is also suppressed. This causes clients to use the local JetStream that is available in the nats-servers they are connected to. To communicate with another JetStream, that JetStream’s unique domain specific prefix $JS.<domain>.API needs to be specified.

Please be aware that each domain is an independent name space. Meaning, inside the same account it is legal to use the same stream name in different domains.

Furthermore, regular message flow is not restricted. Thus, if the same subject is subscribed to by different streams in the same account in different domains, as long as the underlying leaf node was connected at the time, each stream will store the message. This can be resolved by using the same account but use different subjects in each domain or use different accounts in each domain or used in leaf nodes.

To be started with nats-server -c hub.conf:

  1. port: 4222
  2. server_name: hub-server
  3. jetstream {
  4. store_dir="./store_server"
  5. domain=hub
  6. }
  7. leafnodes {
  8. port: 7422
  9. }
  10. include ./accounts.conf

To be started with nats-server -c leaf.conf:

  1. port: 4111
  2. server_name: leaf-server
  3. jetstream {
  4. store_dir="./store_leaf"
  5. domain=leaf
  6. }
  7. leafnodes {
  8. remotes = [
  9. {
  10. urls: ["nats-leaf://admin:admin@0.0.0.0:7422"]
  11. account: "SYS"
  12. },
  13. {
  14. urls: ["nats-leaf://acc:acc@0.0.0.0:7422"]
  15. account: "ACC"
  16. }
  17. ]
  18. }
  19. include ./accounts.conf

Because the system account is connected, you can obtain the JetStream server report from both servers.

  1. > nats --server nats://admin:admin@localhost:4222 server report jetstream
  2. ╭─────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
  3. JetStream Summary
  4. ├─────────────┬─────────────┬────────┬─────────┬───────────┬──────────┬───────┬────────┬──────┬─────────┬─────────┤
  5. Server Cluster Domain Streams Consumers Messages Bytes Memory File API Req API Err
  6. ├─────────────┼─────────────┼────────┼─────────┼───────────┼──────────┼───────┼────────┼──────┼─────────┼─────────┤
  7. leaf-server leaf-server leaf 0 0 0 0 B 0 B 0 B 0 0
  8. hub-server hub 0 0 0 0 B 0 B 0 B 0 0
  9. ├─────────────┼─────────────┼────────┼─────────┼───────────┼──────────┼───────┼────────┼──────┼─────────┼─────────┤
  10. 0 0 0 0 B 0 B 0 B 0 0
  11. ╰─────────────┴─────────────┴────────┴─────────┴───────────┴──────────┴───────┴────────┴──────┴─────────┴─────────╯

Create a stream named test subscribing to subject test in the JetStream domain, the program is connected to. As a result, this stream will be created in the domain hub which is the domain of the server listening on localhost:4222.

  1. > nats --server nats://acc:acc@localhost:4222 stream add
  2. ? Stream Name test
  3. ? Subjects to consume test
  4. ? Storage backend file
  5. ? Retention Policy Limits
  6. ? Discard Policy Old
  7. ? Stream Messages Limit -1
  8. ? Per Subject Messages Limit -1
  9. ? Message size limit -1
  10. ? Maximum message age limit -1
  11. ? Maximum individual message size -1
  12. ? Duplicate tracking time window 2m
  13. ? Replicas 1
  14. Stream test was created
  15. Information for Stream test created 2021-06-28T12:52:29-04:00
  16. Configuration:
  17. Subjects: test
  18. Acknowledgements: true
  19. Retention: File - Limits
  20. Replicas: 1
  21. Discard Policy: Old
  22. Duplicate Window: 2m0s
  23. Maximum Messages: unlimited
  24. Maximum Bytes: unlimited
  25. Maximum Age: 0.00s
  26. Maximum Message Size: unlimited
  27. Maximum Consumers: unlimited
  28. State:
  29. Messages: 0
  30. Bytes: 0 B
  31. FirstSeq: 0
  32. LastSeq: 0
  33. Active Consumers: 0

To create a stream in a different domain while connected somewhere else, just provide the js-domain argument. While connected to the same server as before, now the stream is created in leaf.

  1. > nats --server nats://acc:acc@localhost:4222 stream add --js-domain leaf
  2. ? Stream Name test
  3. ? Subjects to consume test
  4. ? Storage backend file
  5. ? Retention Policy Limits
  6. ? Discard Policy Old
  7. ? Stream Messages Limit -1
  8. ? Per Subject Messages Limit -1
  9. ? Message size limit -1
  10. ? Maximum message age limit -1
  11. ? Maximum individual message size -1
  12. ? Duplicate tracking time window 2m
  13. ? Replicas 1
  14. Stream test was created
  15. Information for Stream test created 2021-06-28T12:59:18-04:00
  16. Configuration:
  17. Subjects: test
  18. Acknowledgements: true
  19. Retention: File - Limits
  20. Replicas: 1
  21. Discard Policy: Old
  22. Duplicate Window: 2m0s
  23. Maximum Messages: unlimited
  24. Maximum Bytes: unlimited
  25. Maximum Age: 0.00s
  26. Maximum Message Size: unlimited
  27. Maximum Consumers: unlimited
  28. State:
  29. Messages: 0
  30. Bytes: 0 B
  31. FirstSeq: 0
  32. LastSeq: 0
  33. Active Consumers: 0

Publish a message so there is something to retrieve.

Because both streams subscribe to the same subject, each one now reports one message. This is done to demonstrate the issue. If you want to avoid that, you need to either use different subjects, different accounts, or one isolated account.

  1. > nats --server nats://acc:acc@localhost:4222 stream report --js-domain leaf
  2. Obtaining Stream stats
  3. Stream Report
  4. ├────────┬─────────┬───────────┬──────────┬───────┬──────┬─────────┬──────────┤
  5. Stream Storage Consumers Messages Bytes Lost Deleted Replicas
  6. ├────────┼─────────┼───────────┼──────────┼───────┼──────┼─────────┼──────────┤
  7. test File 0 1 45 B 0 0
  8. > nats --server nats://acc:acc@localhost:4222 stream report --js-domain hub
  9. Obtaining Stream stats
  10. ╭─────────────────────────────────────────────────────────────────────────────╮
  11. Stream Report
  12. ├────────┬─────────┬───────────┬──────────┬───────┬──────┬─────────┬──────────┤
  13. Stream Storage Consumers Messages Bytes Lost Deleted Replicas
  14. ├────────┼─────────┼───────────┼──────────┼───────┼──────┼─────────┼──────────┤
  15. test File 0 1 45 B 0 0
  16. ╰────────┴─────────┴───────────┴──────────┴───────┴──────┴─────────┴──────────╯

In order to copy a stream from one domain into another, specify the JetStream domain when creating a mirror. If you want to connect a leaf to the hub and get commands, even when the leaf node connection is offline, mirroring a stream located in the hub is the way to go.

  1. > nats --server nats://acc:acc@localhost:4222 stream add --js-domain hub --mirror test
  2. ? Stream Name backup-test-leaf
  3. ? Storage backend file
  4. ? Retention Policy Limits
  5. ? Discard Policy Old
  6. ? Stream Messages Limit -1
  7. ? Message size limit -1
  8. ? Maximum message age limit -1
  9. ? Maximum individual message size -1
  10. ? Replicas 1
  11. ? Adjust mirror start No
  12. ? Import mirror from a different JetStream domain Yes
  13. ? Foreign JetStream domain name leaf
  14. ? Delivery prefix
  15. Stream backup-test-leaf was created
  16. Information for Stream backup-test-leaf created 2021-06-28T14:00:43-04:00
  17. Configuration:
  18. Acknowledgements: true
  19. Retention: File - Limits
  20. Replicas: 1
  21. Discard Policy: Old
  22. Duplicate Window: 2m0s
  23. Maximum Messages: unlimited
  24. Maximum Bytes: unlimited
  25. Maximum Age: 0.00s
  26. Maximum Message Size: unlimited
  27. Maximum Consumers: unlimited
  28. Mirror: test, API Prefix: $JS.leaf.API, Delivery Prefix:
  29. State:
  30. Messages: 0
  31. Bytes: 0 B
  32. FirstSeq: 0
  33. LastSeq: 0
  34. Active Consumers: 0

Similarly, if you want to aggregate streams located in any number of leaf nodes use source. If the streams located in each leaf are used for the same reasons, it is recommended to aggregate them in the hub for processing via source.

  1. > nats --server nats://acc:acc@localhost:4222 stream add --js-domain hub --source test
  2. ? Stream Name aggregate-test-leaf
  3. ? Storage backend file
  4. ? Retention Policy Limits
  5. ? Discard Policy Old
  6. ? Stream Messages Limit -1
  7. ? Message size limit -1
  8. ? Maximum message age limit -1
  9. ? Maximum individual message size -1
  10. ? Duplicate tracking time window 2m
  11. ? Replicas 1
  12. ? Adjust source "test" start No
  13. ? Import "test" from a different JetStream domain Yes
  14. ? test Source foreign JetStream domain name leaf
  15. ? test Source foreign JetStream domain delivery prefix
  16. Stream aggregate-test-leaf was created
  17. Information for Stream aggregate-test-leaf created 2021-06-28T14:02:36-04:00
  18. Configuration:
  19. Acknowledgements: true
  20. Retention: File - Limits
  21. Replicas: 1
  22. Discard Policy: Old
  23. Duplicate Window: 2m0s
  24. Maximum Messages: unlimited
  25. Maximum Bytes: unlimited
  26. Maximum Age: 0.00s
  27. Maximum Message Size: unlimited
  28. Maximum Consumers: unlimited
  29. Sources: test, API Prefix: $JS.leaf.API, Delivery Prefix:
  30. State:
  31. Messages: 0
  32. Bytes: 0 B
  33. FirstSeq: 0
  34. LastSeq: 0
  35. Active Consumers: 0

source as well as mirror take a copy of the messages. Once copied, accessing the data is independent of the leaf node connection being online. Copying this way also avoids having to run a dedicated program of your own. This is the recommended way to exchange persistent data across domains.

  1. > nats --server nats://acc:acc@localhost:4222 stream report --js-domain hub
  2. Obtaining Stream stats
  3. ╭──────────────────────────────────────────────────────────────────────────────────────────╮
  4. Stream Report
  5. ├─────────────────────┬─────────┬───────────┬──────────┬───────┬──────┬─────────┬──────────┤
  6. Stream Storage Consumers Messages Bytes Lost Deleted Replicas
  7. ├─────────────────────┼─────────┼───────────┼──────────┼───────┼──────┼─────────┼──────────┤
  8. backup-test-leaf File 0 1 45 B 0 0
  9. test File 0 1 45 B 0 0
  10. aggregate-test-leaf File 0 1 98 B 0 0
  11. ╰─────────────────────┴─────────┴───────────┴──────────┴───────┴──────┴─────────┴──────────╯
  12. ╭────────────────────────────────────────────────────────────────────────────────────╮
  13. Replication Report
  14. ├─────────────────────┬────────┬──────────────┬───────────────┬────────┬─────┬───────┤
  15. Stream Kind API Prefix Source Stream Active Lag Error
  16. ├─────────────────────┼────────┼──────────────┼───────────────┼────────┼─────┼───────┤
  17. backup-test-leaf Mirror $JS.leaf.API test 0.21s 0
  18. aggregate-test-leaf Source $JS.leaf.API test 1.23s 0
  19. ╰─────────────────────┴────────┴──────────────┴───────────────┴────────┴─────┴───────╯

All of the above happened in the same account. To share domain access across accounts the account.conf from above needs to be modified and the server restarted or reloaded. This example exports the consumer and FC API as well as a delivery subject which is used by the internal push consumer created by source and mirror.

Known issue: Currently, across accounts, push consumer are not supported.

On import, the JetStream API prefix $JS.hub.API is renamed to JS.test@hub.API. This is to, once more, disambiguate which JetStream a client in the importing account might want to interact with. When using domains, the general recommendation is to export the domain specific API $JS.<domain>.API as this allows you to pin the export to a particular domain.

Furthermore, the delivery subject is extended on import. This is to allow for easier export into multiple accounts.

This example also exports the absolute minimum necessary. It is possible to give access to the entire consumer API $JS.hub.API.CONSUMER.> or the entire API in a domain $JS.hub.API.> or the entire API $JS.API.> wherever the importing client connects.

  1. accounts {
  2. SYS: {
  3. users: [{user: admin, password: admin}]
  4. },
  5. ACC: {
  6. users: [{user: acc, password: acc}],
  7. jetstream: enabled
  8. exports: [
  9. # minimum export needed to allow source/mirror to create a consumer on the fly
  10. {service: "$JS.hub.API.CONSUMER.CREATE.*", response_type: "stream"}
  11. # minimum export needed for push consumer. This includes source and mirror!
  12. {stream: "deliver.acc.hub.>"}
  13. # minimum export needed for durable pull consumer `dur` in stream `aggregate-test-leaf`. (clients only - source and mirror do not use this)
  14. {service: "$JS.hub.API.CONSUMER.MSG.NEXT.aggregate-test-leaf.dur", response_type: "stream"}
  15. # minimum export needed to ack messages for durable consumer `dur` in stream `aggregate-test-leaf`. (clients only - source and mirror do not use this)
  16. # minimum export needed for flow control of source/mirror
  17. {service: "$JS.FC.aggregate-test-leaf.dur.>"}
  18. }
  19. IMPORT_MIRROR: {
  20. users: [{user: import_mirror, password: import_mirror}],
  21. jetstream: enabled
  22. imports: [
  23. {service: {account: ACC, subject: "$JS.hub.API.CONSUMER.CREATE.*"}, to: "JS.acc@hub.API.CONSUMER.CREATE.*" }
  24. {service: {account: ACC, subject: "$JS.FC.aggregate-test-leaf.dur.>"}}
  25. {stream: {account: ACC, subject: deliver.acc.hub.import_mirror.>}}
  26. ]
  27. }
  28. # As of now, cross account, only pull consumer are supported.
  29. IMPORT_CLIENT: {
  30. users: [{user: import_client, password: import_client}],
  31. jetstream: enabled
  32. imports: [
  33. {service: {account: ACC, subject: "$JS.hub.API.CONSUMER.MSG.NEXT.aggregate-test-leaf.dur"}, to: "JS.acc@hub.API.CONSUMER.MSG.NEXT.aggregate-test-leaf.dur" }
  34. {service: {account: ACC, subject: "$JS.ACK.aggregate-test-leaf.dur.>"}}
  35. ]
  36. }
  37. }
  38. system_account: SYS

Copying via source and mirror

Once the servers have been restarted or reloaded, a mirror can be created as follows (same applies to source): On import from a different account the renamed prefix JS.acc@hub.API is provided. In addition, the delivery subject name is extended to also include the importing domain and stream. This makes it unique to that particular import. If every delivery prefix follows the pattern <static type>.<exporting account>.<exporting domain>.<importing account>.<importing domain>.<importing domain>.<importing stream name> overlaps caused by multiple imports are avoided.

A subsequent check shows that the one message stored in the stream aggregate in account ACC got copied to the new stream in the account IMPORTER.

  1. > nats --server nats://import_mirror:import_mirror@localhost:4222 stream report --js-domain hub
  2. Obtaining Stream stats
  3. ╭───────────────────────────────────────────────────────────────────────────────────────────────────╮
  4. Stream Report
  5. ├──────────────────────────────┬─────────┬───────────┬──────────┬───────┬──────┬─────────┬──────────┤
  6. Stream Storage Consumers Messages Bytes Lost Deleted Replicas
  7. ├──────────────────────────────┼─────────┼───────────┼──────────┼───────┼──────┼─────────┼──────────┤
  8. aggregate-test-leaf-from-acc File 0 1 98 B 0 0
  9. ╰──────────────────────────────┴─────────┴───────────┴──────────┴───────┴──────┴─────────┴──────────╯
  10. ╭─────────────────────────────────────────────────────────────────────────────────────────────────────╮
  11. Replication Report
  12. ├──────────────────────────────┬────────┬────────────────┬─────────────────────┬────────┬─────┬───────┤
  13. Stream Kind API Prefix Source Stream Active Lag Error
  14. ├──────────────────────────────┼────────┼────────────────┼─────────────────────┼────────┼─────┼───────┤
  15. aggregate-test-leaf-from-acc Mirror JS.acc@hub.API aggregate-test-leaf 0.59s 0
  16. ╰──────────────────────────────┴────────┴────────────────┴─────────────────────┴────────┴─────┴───────╯

Direct access of a durable pull consumer

The modified accounts.conf also includes a separate import for an existing pull consumer. Let’s create a consumer by the name dur in the stream aggregate-test-leaf in the account acc.

  1. > nats --server nats://acc:acc@localhost:4222 consumer add --js-domain hub
  2. ? Consumer name dur
  3. ? Delivery target (empty for Pull Consumers)
  4. ? Start policy (all, new, last, 1h, msg sequence) all
  5. ? Replay policy instant
  6. ? Filter Stream by subject (blank for all)
  7. ? Maximum Allowed Deliveries -1
  8. ? Maximum Acknowledgements Pending 0
  9. ? Select a Stream aggregate-test-leaf
  10. Information for Consumer aggregate-test-leaf > dur created 2021-06-28T17:16:51-04:00
  11. Configuration:
  12. Durable Name: dur
  13. Pull Mode: true
  14. Deliver All: true
  15. Ack Policy: Explicit
  16. Ack Wait: 30s
  17. Replay Policy: Instant
  18. Max Ack Pending: 20,000
  19. Max Waiting Pulls: 512
  20. State:
  21. Last Delivered Message: Consumer sequence: 0 Stream sequence: 0
  22. Acknowledgment floor: Consumer sequence: 0 Stream sequence: 0
  23. Outstanding Acks: 0 out of maximum 20000
  24. Redelivered Messages: 0
  25. Unprocessed Messages: 1
  26. Waiting Pulls: 0 of maximum 512
  27. > nats --server nats://acc:acc@localhost:4222 stream report --js-domain hub
  28. Obtaining Stream stats
  29. ╭──────────────────────────────────────────────────────────────────────────────────────────╮
  30. Stream Report
  31. ├─────────────────────┬─────────┬───────────┬──────────┬───────┬──────┬─────────┬──────────┤
  32. Stream Storage Consumers Messages Bytes Lost Deleted Replicas
  33. ├─────────────────────┼─────────┼───────────┼──────────┼───────┼──────┼─────────┼──────────┤
  34. backup-test-leaf File 0 1 45 B 0 0
  35. test File 0 1 45 B 0 0
  36. aggregate-test-leaf File 1 1 98 B 0 0
  37. ╰─────────────────────┴─────────┴───────────┴──────────┴───────┴──────┴─────────┴──────────╯
  38. ╭────────────────────────────────────────────────────────────────────────────────────╮
  39. Replication Report
  40. ├─────────────────────┬────────┬──────────────┬───────────────┬────────┬─────┬───────┤
  41. Stream Kind API Prefix Source Stream Active Lag Error
  42. ├─────────────────────┼────────┼──────────────┼───────────────┼────────┼─────┼───────┤
  43. backup-test-leaf Mirror $JS.leaf.API test 1.85s 0
  44. aggregate-test-leaf Source $JS.leaf.API test 1.85s 0
  45. ╰─────────────────────┴────────┴──────────────┴───────────────┴────────┴─────┴───────╯
  46. > nats --server nats://acc:acc@localhost:4222 consumer report --js-domain hub
  47. ? Select a Stream aggregate-test-leaf
  48. ╭─────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
  49. Consumer report for aggregate-test-leaf with 1 consumers
  50. ├──────────┬──────┬────────────┬──────────┬─────────────┬─────────────┬─────────────┬───────────┬─────────────┤
  51. Consumer Mode Ack Policy Ack Wait Ack Pending Redelivered Unprocessed Ack Floor Cluster
  52. ├──────────┼──────┼────────────┼──────────┼─────────────┼─────────────┼─────────────┼───────────┼─────────────┤
  53. dur Pull Explicit 30.00s 0 0 1 / 100% 0 hub-server*
  54. ╰──────────┴──────┴────────────┴──────────┴─────────────┴─────────────┴─────────────┴───────────┴─────────────╯

To retrieve the messages stored in the domain hub using nats while connected to the leaf node, provide the correct stream and durable name as well as the API prefix JS.acc@hub.API

  1. nats --server nats://import_client:import_client@localhost:4111 consumer next aggregate-test-leaf dur --js-api-prefix JS.acc@hub.API
  2. [17:44:16] subj: test / tries: 1 / cons seq: 1 / str seq: 1 / pending: 0
  3. Headers:
  4. Nats-Stream-Source: test:mSx7q4yJ 1
  5. Data:
  6. hello world
  7. Acknowledged message
  8. > nats --server nats://acc:acc@localhost:4222 consumer report --js-domain hub
  9. ? Select a Stream aggregate-test-leaf
  10. ╭─────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
  11. Consumer report for aggregate-test-leaf with 1 consumers
  12. ├──────────┬──────┬────────────┬──────────┬─────────────┬─────────────┬─────────────┬───────────┬─────────────┤
  13. Consumer Mode Ack Policy Ack Wait Ack Pending Redelivered Unprocessed Ack Floor Cluster
  14. ├──────────┼──────┼────────────┼──────────┼─────────────┼─────────────┼─────────────┼───────────┼─────────────┤
  15. dur Pull Explicit 30.00s 0 0 0 1 hub-server*
  16. ╰──────────┴──────┴────────────┴──────────┴─────────────┴─────────────┴─────────────┴───────────┴─────────────╯

This works similarly when writing your own client. To avoid waiting for the ack timeout, a new message is sent on test from where it is copied into aggregate-test-leaf.

  1. > nats --server nats://acc:acc@localhost:4222 pub test "hello world 2"
  2. 17:51:05 Published 13 bytes to "test"

The client is connected to the leaf node and receives the message just sent.

  1. ./main nats://import_client:import_client@localhost:4111
  2. starting
  3. &{Sequence:{Consumer:3 Stream:3} NumDelivered:1 NumPending:0 Timestamp:2021-06-28 17:51:05.186878 -0400 EDT Stream:aggregate-test-leaf Consumer:dur}
  4. hello world 2
  5. nats: timeout
  6. ^Cnats: timeout

There the API prefix is communicated with setting the option nats.APIPrefix("JS.acc@hub.API") when obtaining the JetStream object. Because the API access is limited, the subscribe call provides the option nats.Bind("aggregate-test-leaf", "dur") which prevents calls to infer the stream and durable name.