Copyright Red Hat 1998 - 2035

This document is licensed under the "Creative Commons Attribution-ShareAlike (CC-BY-SA) 3.0" license.

This is the JGroups manual. It provides information about:

  • Installation and configuration

  • Using JGroups (the API)

  • Configuration of the JGroups protocols

The focus is on how to use JGroups, not on how JGroups is implemented.

Here are a couple of points I want to abide by throughout this book:

  • I like brevity. I will strive to describe concepts as clearly as possible (for a non-native English speaker) and will refrain from saying more than I have to to make a point.

  • I like simplicity. Keep It Simple and Stupid. This is one of the biggest goals I have both in writing this manual and in writing JGroups. It is easy to explain simple concepts in complex terms, but it is hard to explain a complex system in simple terms. I’ll try to do the latter.

So, how did it all start?

I spent 1998-1999 at the Computer Science Department at Cornell University as a post-doc, in Ken Birman’s group. Ken is credited with inventing the group communication paradigm, especially the Virtual Synchrony model. At the time they were working on their third generation group communication prototype, called Ensemble.

Ensemble followed Horus (written in C by Robbert VanRenesse), which followed ISIS (written by Ken Birman, also in C). Ensemble was written in OCaml, developed at INRIA, which is a functional language and related to ML. I never liked the OCaml language, which in my opinion has a hideous syntax. Therefore I never really made much of Ensemble, either.

However, Ensemble had a Java interface (implemented by a student in a semester project) which allowed me to program in Java and use Ensemble underneath. The Java part would require that an Ensemble process was running somewhere on the same machine, and would connect to it via a bidirectional pipe. The student had developed a simple protocol for talking to the Ensemble engine, and extended the engine as well to talk back to Java.

However, I still needed to compile and install the Ensemble runtime for each different platform, which is exactly why Java was developed in the first place: portability.

Therefore I started writing a simple framework (now JChannel), which would allow me to treat Ensemble as just another group communication transport, which could be replaced at any time by a pure Java solution. And soon I found myself working on a pure Java implementation of the group communication transport.

I figured that a pure Java implementation would have a much bigger impact than something written in Ensemble. In the end I didn’t spend much time writing scientific papers that nobody would read anyway (I guess I’m not a good scientist, at least not a theoretical one), but rather code for JGroups, which could have a much bigger impact. For me, knowing that real-life projects/products are using JGroups is much more satisfactory than having a paper accepted at a conference/journal.

That’s why, after my time was up, I left Cornell and academia altogether, and started a job in the telecom industry in Silicon Valley.

At around that time (May 2000), SourceForge had just opened its site, and I decided to use it for hosting JGroups. This was a major boost for JGroups because now other developers could work on the code. From then on, the page hits and download numbers for JGroups have steadily risen.

In the fall of 2002, Sacha Labourey contacted me, letting me know that JGroups was being used by JBoss for their clustering implementation. I joined JBoss in 2003 and have been working on JGroups and JBossCache ever since. My goal is to make JGroups the most widely used clustering software in Java …​

I want to thank all contributors to JGroups, present and past, for their work. Without you, this project would never have taken off the ground.

I also want to thank Ken Birman and Robbert VanRenesse for many fruitful discussions of all aspects of group communication in particular and distributed systems in general.

I want to dedicate this manual to Jeannette, Michelle and Nicole.

Bela Ban, San Jose, Aug 2002, Kreuzlingen Switzerland 2014

1. Overview

Group communication uses the terms group and member. Members are part of a group. In the more common terminology, a member is a node and a group is a cluster. We use these terms interchangeably.

A node is a process, residing on some host. A cluster can have one or more nodes belonging to it. There can be multiple nodes on the same host, and all may or may not be part of the same cluster. Nodes can of course also run on different hosts.

JGroups is toolkit for reliable group communication. Processes can join a group, send messages to all members or single members and receive messages from members in the group. The system keeps track of the members in every group, and notifies group members when a new member joins, or an existing member leaves or crashes. A group is identified by its name. Groups do not have to be created explicitly; when a process joins a non-existing group, that group will be created automatically. Processes of a group can be located on the same host, within the same LAN, or across a WAN. A member can be part of multiple groups.

The architecture of JGroups is shown in The architecture of JGroups.

Figure 1. The architecture of JGroups

It consists of 3 parts: (1) the Channel used by application programmers to build reliable group communication applications, (2) the building blocks, which are layered on top of the channel and provide a higher abstraction level and (3) the protocol stack, which implements the properties specified for a given channel.

This document describes how to install and use JGroups, ie. the Channel API and the building blocks. The targeted audience is application programmers who want to use JGroups to build reliable distributed programs that need group communication.

A channel is connected to a protocol stack. Whenever the application sends a message, the channel passes it on to the protocol stack, which passes it to the topmost protocol. The protocol processes the message and the passes it down to the protocol below it. Thus the message is handed from protocol to protocol until the bottom (transport) protocol puts it on the network.

The same happens in the reverse direction: the transport protocol listens for messages on the network. When a message is received it will be handed up the protocol stack until it reaches the channel. The channel then invokes the receive() callback in the application to deliver the message.

When an application connects to the channel, the protocol stack will be started, and when it disconnects the stack will be stopped. When the channel is closed, the stack will be destroyed, releasing its resources.

The following three sections give an overview of channels, building blocks and the protocol stack.

1.1. Channel

To join a group and send messages, a process has to create a channel and connect to it using the group name (all channels with the same name form a group). The channel is the handle to the group. While connected, a member may send and receive messages to/from all other group members. The client leaves a group by disconnecting from the channel. A channel can be reused: clients can connect to it again after having disconnected. However, a channel allows only 1 client to be connected at a time. If multiple groups are to be joined, multiple channels can be created and connected to. A client signals that it no longer wants to use a channel by closing it. After this operation, the channel cannot be used any longer.

Each channel has a unique address. Channels always know who the other members are in the same group: a list of member addresses can be retrieved from any channel. This list is called a view. A process can select an address from this list and send a unicast message to it (also to itself), or it may send a multicast message to all members of the current view (also including itself). Whenever a process joins or leaves a group, or when a crashed process has been detected, a new view is sent to all remaining group members. When a member process is suspected of having crashed, a suspicion message is received by all non-faulty members. Thus, channels receive regular messages, and view and suspicion notifications.

The properties of a channel are typically defined in an XML file, but JGroups also allows for configuration through simple strings, URIs, DOM trees or even programmatically.

The Channel API and its related classes is described in the API section.

1.2. Building Blocks

Channels are simple and primitive. They offer the bare functionality of group communication, and have been designed after the simple model of sockets, which are widely used and well understood. The reason is that an application can make use of just this small subset of JGroups, without having to include a whole set of sophisticated classes, that it may not even need. Also, a somewhat minimalistic interface is simple to understand: a client needs to know about 5 methods to be able to create and use a channel.

Channels provide asynchronous message sending/reception, somewhat similar to UDP. A message sent is essentially put on the network and the send() method will return immediately. Conceptual requests, or responses to previous requests, are received in undefined order, and the application has to take care of matching responses with requests.

JGroups offers building blocks that provide more sophisticated APIs on top of a Channel. Building blocks either create and use channels internally, or require an existing channel to be specified when creating a building block. Applications communicate directly with the building block, rather than the channel. Building blocks are intended to save the application programmer from having to write tedious and recurring code, e.g. request-response correlation, and thus offer a higher level of abstraction to group communication.

Building blocks are described in Building Blocks.

1.3. The Protocol Stack

The protocol stack containins a number of protocol layers in a bidirectional list. All messages sent and received over the channel have to pass through all protocols. Every layer may modify, reorder, pass or drop a message, or add a header to a message. A fragmentation layer might break up a message into several smaller messages, adding a header with an id to each fragment, and re-assemble the fragments on the receiver’s side.

The composition of the protocol stack, i.e. its protocols, is determined by the creator of the channel: an XML file defines the protocols to be used (and the parameters for each protocol). The configuration is then used to create the stack.

Knowledge about the protocol stack is not necessary when only using channels in an application. However, when an application wishes to ignore the default properties for a protocol stack, and configure their own stack, then knowledge about what the individual layers are supposed to do is needed.

2. Installation and configuration

The installation refers to version 4.x of JGroups.

The JGroups JAR can be downloaded from SourceForge. It is named jgroups-x.y.z, where x=major, y=minor and z=patch version, for example jgroups-4.0.0.Final.jar. The JAR is all that’s needed to get started using JGroups; it contains all core, demo and (selected) test classes, the sample XML configuration files and the schema.

Alternatively, Maven / Gradle / Ivy etc can be used:

groupId: org.jgroups
artifactId: jgroups
version: 4.0.0.Final (for example)

The source code is hosted on GitHub. To build JGroups, ANT is currently used. In Building JGroups from source we’ll show how to build JGroups from source.

2.1. Requirements

  • JGroups up to (and including) 3.5.0.Final requires JDK 6.

  • JGroups 3.6.x to (excluding) 4.0 requires JDK 7.

  • JGroups 4.x requires JDK 8.

  • There is no JNI code present so JGroups should run on all platforms.

  • Logging: by default, JGroups tries to use log4j2. If the classes are not found on the classpath, it resorts to log4j, and if still not found, it falls back to java.util.logging logger. See Logging for details on log configuration.

2.2. Structure of the source version

The source version consists of the following directories and files:


the sources


unit and stress tests


JARs needed to either run the unit tests, or build the manual etc. No JARs from here are required at runtime! Note that these JARs are downloaded automatically via ivy.


configuration files needed by JGroups, plus default protocol stack definitions



2.3. Building JGroups from source

  • Download the sources from GitHub, either via git clone, or the download link into a directory JGroups, e.g. /home/bela/JGroups.

  • Download ant (preferably 1.8.x or higher)

  • Change to the JGroups directory

  • Run ant

  • This will compile all Java files (into the classes directory). Note that if the lib directory doesn’t exist, ant will download ivy into lib and then use ivy to download the dependent libraries defined in ivy.xml.

  • To generate the JGroups JAR: ant jar

  • This will generate the following JAR files in the dist directory:

    • jgroups-x.y.z.jar: the JGroups JAR

    • jgroups-sources.jar: the source code for the core classes and demos

  • Now add the following directories to the classpath:

    • JGroups/classes

    • JGroups/conf

    • All needed JAR files in JGroups/lib. Note that most JARs in lib are only required for running unit tests and generating test reports

  • To generate JavaDocs simple run: ant javadoc and the Javadoc documentation will be generated in dist/javadoc

2.4. Logging

JGroups has no runtime dependencies; all that’s needed to use it is to have jgroups.jar on the classpath. For logging, this means the JVM’s logging (java.util.logging) is used.

However, JGroups can use any other logging framework. By default, log4j2 and slf4j are supported if the corresponding JARs are found on the classpath.

2.4.1. log4j2

To use log4j2, the API and CORE JARs have to be found on the classpath. There’s an XML configuration for log4j2 in the conf dir, which can be used e.g. via -Dlog4j.configurationFile=$JGROUPS/conf/log4j2.xml.

log4j2 is currently the preferred logging library used by JGroups, and will be used even if the log4j JAR is also present on the classpath.

2.4.2. log4j

To use log4j, the log4j JAR has to be found on the classpath. Note though that if the log4j2 API and CORE JARs are found, then log4j2 will be used, so those JARs will have to be removed if log4j is to be used. There’s an XML configuration for log4j in the conf dir, which can be used e.g. via -Dlog4j.configuration=file:$JGROUPS/conf/

2.4.3. JDK logging (JUL)

To force use of JDK logging, even if the log4j(2) JARs are present, -Djgroups.use.jdk_logger=true can be used.

2.4.4. Support for custom logging frameworks

JGroups allows custom loggers to be used instead of the ones supported by default. To do this, interface CustomLogFactory has to be implemented:

public interface CustomLogFactory {
    Log getLog(Class clazz);
    Log getLog(String category);

The implementation needs to return an implementation of org.jgroups.logging.Log.

To use the custom log, LogFactory.setCustomLogFactory(CustomLogFactory f) needs to be called.

2.4.5. Setting the preferred log class

It is possible to set the preferred log class via system property jgroups.log_class. To do this, the fully qualified name of a class which provides the following functionality has to be given: * Implement the Log interface * Provide a constructor taking a Class type as only argument * Provide a constructor taking a String type as only argument

Example: -Djgroups.log_class=org.jgroups.logging.Slf4jLogImpl

2.5. Testing your setup

To see whether your system can find the JGroups classes, execute the following command:

java org.jgroups.Version


java -jar jgroups-x.y.z.jar

You should see the following output (more or less) if the class is found:

$  java org.jgroups.Version

   Version:      4.0.0.Final

2.6. Running a demo program

To test whether JGroups works okay on your machine, run the following command twice:

java org.jgroups.demos.Draw

2 whiteboard windows should appear as shown in Screenshot of 2 Draw instances.

Running 2 Draw instances
Figure 2. Screenshot of 2 Draw instances

If you started them simultaneously, they could initially show a membership of 1 in their title bars. After some time, both windows should show 2. This means that the two instances found each other and formed a cluster.

When drawing in one window, the second instance should also be updated. As the default group transport uses IP multicast, make sure that - if you want start the 2 instances in different subnets - IP multicast is enabled. If this is not the case, the 2 instances won’t find each other and the example won’t work.

You can change the properties of the demo to for example use a different transport if multicast doesn’t work (it should always work on the same machine). Please consult the documentation to see how to do this.

State transfer (see the section in the API later) can also be tested by passing the -state flag to Draw.

2.7. Using IP Multicasting without a network connection

Sometimes there isn’t a network connection (e.g. DSL modem is down), or we want to multicast only on the local machine. For this the loopback interface (typically lo) can be configured, e.g.

route add -net netmask dev lo

This means that all traffic directed to the network will be sent to the loopback interface, which means it doesn’t need any network to be running. Note that the network is a placeholder for all multicast addresses in most UNIX implementations: it will catch all multicast traffic.

The above instructions may also work for Windows systems, but this hasn’t been tested. Note that not all operating systems allow multicast traffic to use the loopback interface.

Typical home networks have a gateway/firewall with 2 NICs: the first (e.g. eth0) is connected to the outside world (Internet Service Provider), the second (eth1) to the internal network, with the gateway firewalling/masquerading traffic between the internal and external networks. If no route for multicast traffic is added, the default will be to use the fdefault gateway, which will typically direct the multicast traffic towards the ISP. To prevent this (e.g. ISP drops multicast traffic, or latency is too high), we recommend to add a route for multicast traffic which goes to the internal network (e.g. eth1).

2.8. It doesn’t work!

Make sure your machine is set up correctly for IP multicasting. There is a test program mcast which can be used to check if IP multicasting works.

The options are:


the network interface to bind to for the receiver. If null, mcast will join all available interfaces


the local port to use. If 0, an ephemeral port will be picked


the multicast address to join


the port to listen on for multicasts


The TTL (for sending of packets)

Start multiple instances of mcast:

java org.jgroups.tests.mcast

Note that forces IPv4. If omitted, IPv6 will be used.

If you want to bind to a specific network interface card (NIC), use -bind_addr, where is the IP address of the NIC to which you want to bind. Use this parameter in both sender and receiver.

You should be able to type in the mcast window and see the output in all other instance. If not, try to use -ttl 32 in the sender. If this still fails, consult a system administrator to help you setup IP multicast correctly. If you are the system administrator, look for another job :-)

Other means of getting help: there is a public forum on JIRA for questions. Also consider subscribing to the javagroups-users mailing list to discuss such and other problems.

2.9. Problems with IPv6

Another source of problems might be the use of IPv6, and/or misconfiguration of /etc/hosts. If you communicate between an IPv4 and an IPv6 host, and they are not able to find each other, try the property, e.g.

java org.jgroups.demos.Draw -props /home/bela/udp.xml

The JDK uses IPv6 by default, although is has a dual stack, that is, it also supports IPv4. To force use of IPv6, start your JVM with

Here’s more details on the subject.

2.10. Wiki

There is a wiki which lists FAQs and their solutions at It is frequently updated and a useful companion to this manual.

2.11. I have discovered a bug!

If you think that you discovered a bug, submit a bug report on JIRA or send email to the jgroups-users mailing list if you’re unsure about it. Please include the following information:

  • ✓ Version of JGroups (java org.jgroups.Version)

  • ✓ Platform (e.g. Solaris 8)

  • ❏ Version of JDK (e.g. JDK 1.6.20_52)

  • ❏ Stack trace in case of a hang. Use kill -3 PID on UNIX systems or CTRL-BREAK on windows machines

  • ✓ Small program that reproduces the bug (if it can be reproduced)

2.12. Supported classes

JGroups project has been around since 1998. Over this time, some of the JGroups classes have been used in experimental phases and have never been matured enough to be used in today’s production releases. However, they were not removed since some people used them in their products.

The following tables list unsupported and experimental classes. These classes are not actively maintained, and we will not work to resolve potential issues you might find. Their final fate is not yet determined; they might even be removed altogether in the next major release. Weight your risks if you decide to use them anyway.

2.12.1. Experimental classes

Table 1. Experimental
Package Class





























2.12.2. Unsupported classes

Table 2. Unsupported
Package Class











3. API

This chapter explains the classes available in JGroups that will be used by applications to build reliable group communication applications. The focus is on creating and using channels.

All of the classes discussed here are in the org.jgroups package unless otherwise mentioned.

3.1. Utility classes

The org.jgroups.util.Util class contains useful common functionality which cannot be assigned to any other package.

3.1.1. objectToByteBuffer(), objectFromByteBuffer()

The first method takes an object as argument and serializes it into a byte buffer (the object has to be serializable or externalizable). The byte array is then returned. This method is often used to serialize objects into the byte buffer of a message. The second method returns a reconstructed object from a buffer. Both methods throw an exception if the object cannot be serialized or unserialized.

3.1.2. objectToStream(), objectFromStream()

The first method takes an object and writes it to an output stream. The second method takes an input stream and reads an object from it. Both methods throw an exception if the object cannot be serialized or unserialized.

3.2. Interfaces

These interfaces are used with some of the APIs presented below, therefore they are listed first.

3.2.1. MessageListener

The MessageListener interface below provides callbacks for message reception and for providing and setting the state:

public interface MessageListener {
    void receive(Message msg);
    void receive(MessageBatch batch);
    void getState(OutputStream output) throws Exception;
    void setState(InputStream input) throws Exception;

Method receive() is called whenever a message is received and receive(MessageBatch) is called when a message batch is received.

The getState() and setState() methods are used to fetch and set the group state (e.g. when joining). Refer to State transfer for a discussion of state transfer.

3.2.2. MembershipListener

The MembershipListener interface is similar to the MessageListener interface above: every time a new view, a suspicion message, or a block event is received, the corresponding method of the class implementing MembershipListener will be called.

public interface MembershipListener {
    void viewAccepted(View new_view);
    void suspect(Object suspected_mbr);
    void block();
    void unblock();

Oftentimes the only callback that needs to be implemented will be viewAccepted() which notifies the receiver that a new member has joined the group or that an existing member has left or crashed. The suspect() callback is invoked by JGroups whenever a member if suspected of having crashed, but not yet excluded [1].

The block() method is called to notify the member that it will soon be blocked sending messages. This is done by the FLUSH protocol, for example to ensure that nobody is sending messages while a state transfer or view installation is in progress. When block() returns, any thread sending messages will be blocked, until FLUSH unblocks the thread again, e.g. after the state has been transferred successfully.

Therefore, block() can be used to send pending messages or complete some other work. Note that block() should be brief, or else the entire FLUSH protocol is blocked.

The unblock() method is called to notify the member that the FLUSH protocol has completed and the member can resume sending messages. If the member did not stop sending messages on block(), FLUSH simply blocked them and will resume, so no action is required from a member. Implementation of the unblock() callback is optional.

Note Note that it is oftentimes simpler to extend ReceiverAdapter (see below) and implement the needed callbacks than to implement all methods of both of these interfaces, as most callbacks are not needed.

3.2.3. Receiver

public interface Receiver extends MessageListener, MembershipListener;

A Receiver can be used to receive messages and view changes; receive() will be invoked as soon as a message has been received, and viewAccepted() will be called whenever a new view is installed.

3.2.4. ReceiverAdapter

This class implements Receiver with no-op implementations. When implementing a callback, we can simply extend ReceiverAdapter and overwrite receive() in order to not having to implement all callbacks of the interface.

ReceiverAdapter looks as follows:

public class ReceiverAdapter implements Receiver {
    void receive(Message msg) {}
    void receive(MessageBatch batch) {}
    void getState(OutputStream output) throws Exception {}
    void setState(InputStream input) throws Exception {}
    void viewAccepted(View view) {}
    void suspect(Address mbr) {}
    void block() {}
    void unblock() {}

A ReceiverAdapter is the recommended way to implement callbacks.

Caution Note that anything that could block should not be done in a callback. This includes sending of messages; if we have FLUSH on the stack, and send a message in a viewAccepted() callback, then the following happens: the FLUSH protocol blocks all (multicast) messages before installing a view, then installs the view, then unblocks. However, because installation of the view triggers the viewAccepted() callback, sending of messages inside of viewAccepted() will block. This in turn blocks the viewAccepted() thread, so the flush will never return!
If we need to send a message in a callback, the sending should be done on a separate thread, or a timer task should be submitted to the timer.

3.2.5. ChannelListener

public interface ChannelListener {
    void channelConnected(JChannel channel);
    void channelDisconnected(JChannel channel);
    void channelClosed(JChannel channel);

A class implementing ChannelListener can use the JChannel.addChannelListener() method to register with a channel to obtain information about state changes in a channel. Whenever a channel is closed, disconnected or opened, the corresponding callback will be invoked.

3.3. Address

Each member of a group has an address, which uniquely identifies the member. The interface for such an address is Address, which requires concrete implementations to provide methods such as comparison and sorting of addresses. JGroups addresses have to implement the following interface:

public interface Address extends Streamable, Comparable<Address> {
    int size();

For marshalling purposes, size() needs to return the number of bytes an instance of an address implementation takes up in serialized form.

Warning Please never use implementations of Address directly; Address should always be used as an opaque identifier of a cluster node!

Actual implementations of addresses are generated by the transport protocol (e.g. UDP or TCP). This allows for all possible types of addresses to be used with JGroups.

Since an address uniquely identifies a channel, and therefore a group member, it can be used to send messages to that group member, e.g. in Messages (see next section).

The default implementation of Address is org.jgroups.util.UUID. It uniquely identifies a node, and when disconnecting and reconnecting to a cluster, a node is given a new UUID on reconnection.

UUIDs are never shown directly, but are usually shown as a logical name (see Logical names). This is a name given to a node either via the user or via JGroups, and its sole purpose is to make logging output a bit more readable.

UUIDs maps to IpAddresses, which are IP addresses and ports. These are eventually used by the transport protocol to send a message.

3.3.1. IpAddressUUID

If TP.use_ip_addrs is enabled, then instead of using UUIDs, IpAddressUUIDs are used. These are IpAddresses with some randomness added, to prevent reincarnation (restarting of a member under the same address and port, and therefore having the same identity as the previous member).

The advantage of IpAddressUUIDs is that they always carry their physical address with them, therefore the discovery phase needs to exchange less information and no lookup is needed to translate between UUIDs and IpAddresses.

The downside is that IpAddressUUIDs need more memory. See for details.

3.4. Message

Data is sent between members in the form of messages (org.jgroups.Message). A message can be sent by a member to a single member, or to all members of the group of which the channel is an endpoint.

The structure of a message is shown in Structure of a message.

Figure 3. Structure of a message

A message has 5 fields:

Destination address

The address of the receiver. If null, the message will be sent to all current group members. Message.getDest() returns the destination address of a message.

Source address

The address of the sender. Can be null, and will be filled in by the transport protocol (e.g. UDP) before the message is put on the network. Message.getSrc() returns the source address, ie. the address of the sender of a message.


This is one byte used for flags. The currently recognized flags are OOB, DONT_BUNDLE, NO_FC, NO_RELIABILITY, NO_TOTAL_ORDER, NO_RELAY and RSVP. For OOB, see the discussion on the transport details. For the use of flags see the message flags.


The actual data (as a byte buffer). The Message class contains convenience methods to set a serializable object and to retrieve it again, using serialization to convert the object to/from a byte buffer. A message also has an offset and a length, if the buffer is only a subrange of a larger buffer.


A list of headers that can be attached to a message. Anything that should not be in the payload can be attached to a message as a header. Methods putHeader(), getHeader() and removeHeader() of Message can be used to manipulate headers.
Note that headers are only used by protocol implementers; headers should not be added or removed by application code!

A message is similar to an IP packet and consists of the payload (a byte buffer) and the addresses of the sender and receiver (as Addresses). Any message put on the network can be routed to its destination (receiver address), and replies can be returned to the sender’s address.

A message usually does not need to fill in the sender’s address when sending a message; this is done automatically by the protocol stack before a message is put on the network. However, there may be cases, when the sender of a message wants to give an address different from its own, so that for example, a response should be returned to some other member.

The destination address (receiver) can be an Address, denoting the address of a member, determined e.g. from a message received previously, or it can be null, which means that the message will be sent to all members of the group. A typical multicast message, sending string "Hello" to all members would look like this:

Message msg=new Message(null, "Hello");

3.5. MessageBatch

A message batch is a class used to deliver messages which includes a number of messages rather than just one. The sender and destination (= receiver) of a batch is the same for all messages of the batch. A batch can be iterated over, e.g.

MessageBatch batch;
for(Message msg: batch) {
    // do something with msg

The advantage of a message batch is that multiple messages are delivered in one go; which means potential locks are acquired only once, we have fewer threads (less work for the thread pool) and fewer context switches.

JGroups tries to bundle as many messages as possible into a batch on the sender side.

Also on the receiver side, if multiple threads added messages to a table, it tries to remove as many of them as possible and pass them up to other protocols (or the application) as a batch.

A header is a custom bit of information that can be added to each message. JGroups uses headers extensively, for example to add sequence numbers to each message (NAKACK and UNICAST), so that those messages can be delivered in the order in which they were sent.

3.7. Event

Events are means by which JGroups protcols can talk to each other. Contrary to Messages, which travel over the network between group members, events only travel up and down the stack.

Note Headers and events are only used by protocol implementers; they are not needed by application code!

3.8. View

A view (org.jgroups.View) is a list of the current members of a group. It consists of a ViewId, which uniquely identifies the view (see below), and a list of members. Views are installed in a channel automatically by the underlying protocol stack whenever a new member joins or an existing one leaves (or crashes). All members of a group see the same sequence of views.

Note that the first member of a view is the coordinator (the one who emits new views). Thus, whenever the membership changes, every member can determine the coordinator easily and without having to contact other members, by picking the first member of a view.

The code below shows how to send a (unicast) message to the first member of a view (error checking code omitted):

View view=channel.getView();
Address first=view.getMembers().get(0);
Message msg=new Message(first, "Hello world");

Whenever an application is notified that a new view has been installed (e.g. by Receiver.viewAccepted(), the view is already set in the channel. For example, calling Channel.getView() in a viewAccepted() callback would return the same view (or possibly the next one in case there has already been a new view!).

3.8.1. ViewId

The ViewId is used to uniquely number views. It consists of the address of the view creator and a sequence number. ViewIds can be compared for equality and put in a hashmaps as they implement equals() and hashCode().

Note Note that the latter 2 methods only take the ID into account.

3.8.2. MergeView

Whenever a group splits into subgroups, e.g. due to a network partition, and later the subgroups merge back together, a MergeView instead of a View will be received by the application. MergeView is a subclass of View and contains as additional instance variables the list of views that were merged.

As an example if the cluster with view V1={P,Q,R,S,T} split into subgroups V2={P,Q,R} and V2={S,T}, the merged view might be V3={P,Q,R,S,T}. In this case the MergeView contains a list of two views: V2={P,Q,R}) and V2={S,T}.

Note Because the default merge policy adds members from subgroups into a common group and sorts the resulting list, the membership order might change on a merge event. Thus a view V1={P,Q,R,S,T}, followed by view V2={P,Q,R} and V2={S,T} might result in a merge view V3={P,T,Q,S,R}. To prevent this, the task of creating new views can be delegated to custom code (see Determining the coordinator and controlling view generation).
Warning Because merging needs to handle all edge cases, it is not guaranteed that subsequent MergeViews won’t have identical membership. For example, we we have view A2={A,B} in A and B3={B} in B, then a subsequent merge might install view A4={A,B} in both A and B. In A’s case, the membership between A2 and A4 doesn’t change. An application has to be able to handle duplicate subsequent merge views. Note that consecutive regular views will never have duplicate members.

3.9. JChannel

In order to join a group and send messages, a process has to create a channel. A channel is like a socket. When a client connects to a channel, it gives the the name of the group it would like to join. Thus, a channel is (in its connected state) always associated with a particular group. The protocol stack takes care that channels with the same group name find each other: whenever a client connects to a channel given group name G, then it tries to find existing channels with the same name, and joins them, resulting in a new view being installed (which contains the new member). If no members exist, a new group will be created.

A state transition diagram for the major states a channel can assume are shown in [ChannelStatesFig].

Channel states

When a channel is first created, it is in the unconnected state.

An attempt to perform certain operations which are only valid in the connected state (e.g. send/receive messages) will result in an exception.

After a successful connection by a client, it moves to the connected state. Now the channel will receive messages from other members and may send messages to other members or to the group, and it will get notified when new members join or leave. Getting the local address of a channel is guaranteed to be a valid operation in this state (see below).

When the channel is disconnected, it moves back to the unconnected state. Both a connected and unconnected channel may be closed, which makes the channel unusable for further operations. Any attempt to do so will result in an exception. When a channel is closed directly from a connected state, it will first be disconnected, and then closed.

The methods available for creating and manipulating channels are discussed now.

3.9.1. Creating a channel

A channel is created using one of its public constructors (e.g. new JChannel()).

The most frequently used constructor of JChannel looks as follows:

public JChannel(String props) throws Exception;

The props argument points to an XML file containing the configuration of the protocol stack to be used. This can be a String, but there are also other constructors which take for example a DOM element or a URL (see the javadoc for details).

The code sample below shows how to create a channel based on an XML configuration file:

JChannel ch=new JChannel("/home/bela/udp.xml");

If the props argument is null, the default properties will be used. An exception will be thrown if the channel cannot be created. Possible causes include protocols that were specified in the property argument, but were not found, or wrong parameters to protocols.

For example, the Draw demo can be launched as follows:

java org.javagroups.demos.Draw -props file:/home/bela/udp.xml


java org.javagroups.demos.Draw -props

In the latter case, an application downloads its protocol stack specification from a server, which allows for central administration of application properties.

A sample XML configuration looks like this (edited from udp.xml):

<config xmlns="urn:org:jgroups"

         thread_pool.keep_alive_time="5000" />

    <PING />
    <MERGE3 max_interval="30000"
    <VERIFY_SUSPECT timeout="1500"  />
    <pbcast.NAKACK2 xmit_interval="500"
    <UNICAST3 xmit_interval="500"
    <pbcast.STABLE desired_avg_gossip="50000"
    <pbcast.GMS print_local_addr="true" join_timeout="2000"
    <UFC max_credits="2M"
    <MFC max_credits="2M"
    <FRAG2 frag_size="60K"  />

A stack is wrapped by <config> and </config> elements and lists all protocols from bottom (UDP) to top (FRAG2). Each element defines one protocol.

Each protocol is implemented as a Java class. When a protocol stack is created based on the above XML configuration, the first element ("UDP") becomes the bottom-most layer, the second one will be placed on the first, etc: the stack is created from the bottom to the top.

Each element has to be the name of a Java class that resides in the org.jgroups.protocols package. Note that only the base name has to be given, not the fully specified class name (UDP instead of org.jgroups.protocols.UDP). If the protocol class is not found, JGroups assumes that the name given is a fully qualified classname and will therefore try to instantiate that class. If this does not work an exception is thrown. This allows for protocol classes to reside in different packages altogether, e.g. a valid protocol name could be com.sun.eng.protocols.reliable.UCAST.

Each layer may have zero or more arguments, which are specified as a list of name/value pairs in parentheses directly after the protocol name. In the example above, UDP is configured with some options, one of them being the IP multicast port (mcast_port) which is set to 45588, or to the value of the system property jgroups.udp.mcast_port, if set.

Note Note that all members in a group have to have the same protocol stack.
Programmatic creation

Usually, channels are created by passing the name of an XML configuration file to the JChannel() constructor. On top of this declarative configuration, JGroups provides an API to create a channel programmatically.

The way to do this is to first create a JChannel, then an instance of ProtocolStack, then add all desired protocols to the stack and finally calling init() on the stack to set it up. The rest, e.g. calling JChannel.connect() is the same as with the declarative creation.

An example of how to programmatically create a channel is shown below (copied from ProgrammaticChat):

public class ProgrammaticChat {

    public static void main(String[] args) throws Exception {
        Protocol[] prot_stack={
          new UDP().setValue("bind_addr", InetAddress.getByName("")), 2
          new PING(),
          new MERGE3(),
          new FD_SOCK(),
          new FD_ALL(),
          new VERIFY_SUSPECT(),
          new BARRIER(),
          new NAKACK2(),
          new UNICAST3(),
          new STABLE(),
          new GMS(),
          new UFC(),
          new MFC(),
          new FRAG2()};
        JChannel ch=new JChannel(prot_stack).name(args[0]); 1

        ch.setReceiver(new ReceiverAdapter() {
            public void viewAccepted(View new_view) {
                System.out.println("view: " + new_view);

            public void receive(Message msg) {
                System.out.println("<< " + msg.getObject() + " [" + msg.getSrc() + "]");

        for(;;) {
            String line=Util.readStringFromStdin(": ");
            ch.send(null, line);


First, the JChannel is created (1) with an array of protocols. The protocols have some fields already set, e.g. bind_addr in UDP (2).

The protocols are arranged bottom-first; e.g. UDP as transport is first, then PING and so on, until FRAG2, which is the top protocol. Every protocol can be configured via setters, but there is also a generic setValue(String attr_name, Object value), which can be used to configure protocols as well, as shown in the example.

3.9.2. Giving the channel a logical name

A channel can be given a logical name which is then used instead of the channel’s address in toString(). A logical name might show the function of a channel, e.g. "HostA-HTTP-Cluster", which is more legible than a UUID 3c7e52ea-4087-1859-e0a9-77a0d2f69f29.

For example, when we have 3 channels, using logical names we might see a view {A,B,C}, which is nicer than {56f3f99e-2fc0-8282-9eb0-866f542ae437,ee0be4af-0b45-8ed6-3f6e-92548bfa5cde, 9241a071-10ce-a931-f675-ff2e3240e1ad}!

If no logical name is set, JGroups generates one, using the hostname and a random number, e.g. linux-3442. If this is not desired and the UUIDs should be shown, use system property -Djgroups.print_uuids=true.

The logical name can be set using:

public void setName(String logical_name);

This must be done before connecting a channel. Note that the logical name stays with a channel until the channel is destroyed, whereas a UUID is created on each connection.

When JGroups starts, it prints the logical name and the associated physical address(es):

GMS: address=mac-53465, cluster=DrawGroupDemo, physical address=

The logical name is mac-53465 and the physical address is The UUID is not shown here.

3.9.3. Generating custom addresses

Since 2.12 address generation is pluggable. This means that an application can determine what kind of addresses it uses. The default address type is UUID, and since some protocols use UUID, it is recommended to provide custom classes as subclasses of UUID.

This can be used to for example pass additional data around with an address, for example information about the location of the node to which the address is assigned. Note that methods equals(), hashCode() and compare() of the UUID super class should not be changed.

To use custom addresses, an implementation of org.jgroups.stack.AddressGenerator has to be written.

For any class CustomAddress, it will need to get registered with the ClassConfigurator in order to marshal it correctly:

class CustomAddress extends UUID {
    static {
        ClassConfigurator.add((short)8900, CustomAddress.class);
Note Note that the ID should be chosen such that it doesn’t collide with any IDs defined in jg-magic-map.xml.

Set the address generator in JChannel.setAddressGenerator(AddressGenerator). This has to be done before the channel is connected.

An example of a subclass is org.jgroups.util.PayloadUUID, and there are two more shipped with JGroups.

3.9.4. Joining a cluster

When a client wants to join a cluster, it connects to a channel giving the name of the cluster to be joined:

public void connect(String cluster) throws Exception;

The cluster name is the name of the cluster to be joined. All channels that call connect() with the same name form a cluster. Messages sent on any channel in the cluster will be received by all members (including the one who sent it).

Note Local delivery can be turned off using setDiscardOwnMessages(true).

The connect() method returns as soon as the cluster has been joined successfully. If the channel is in the closed state (see channel states), an exception will be thrown. If there are no other members, i.e. no other member has connected to a cluster with this name, then a new cluster is created and the member joins it as first member. The first member of a cluster becomes its coordinator. A coordinator is in charge of installing new views whenever the membership changes

3.9.5. Joining a cluster and getting the state in one operation

Clients can also join a cluster and fetch cluster state in one operation. The best way to conceptualize the connect and fetch state connect method is to think of it as an invocation of the regular connect() and getState() methods executed in succession. However, there are several advantages of using the connect and fetch state connect method over the regular connect. First of all, the underlying message exchange is heavily optimized, especially if the flush protocol is used. But more importantly, from a client’s perspective, the connect() and fetch state operations become one atomic operation.

public void connect(String cluster, Address target, long timeout) throws Exception;

Just as in a regular connect(), the cluster name represents a cluster to be joined. The target parameter indicates a cluster member to fetch the state from. A null target indicates that the state should be fetched from the cluster coordinator. If the state should be fetched from a particular member other than the coordinator, clients can simply provide the address of that member. The timeout paremeter bounds the entire join and fetch operation. An exception will be thrown if the timeout is exceeded.

3.9.6. Getting the local address and the cluster name

Method getAddress() returns the address of the channel. The address may or may not be available when a channel is in the unconnected state.

public Address getAddress();

Method getClusterName() returns the name of the cluster which the member joined.

public String getClusterName();

Again, the result is undefined if the channel is in the disconnected or closed state.

3.9.7. Getting the current view

The following method can be used to get the current view of a channel:

public View getView();

This method returns the current view of the channel. It is updated every time a new view is installed (viewAccepted() callback).

Calling this method on an unconnected or closed channel is implementation defined. A channel may return null, or it may return the last view it knew of.

3.9.8. Sending messages

Once the channel is connected, messages can be sent using one of the send() methods:

public void send(Message msg) throws Exception;
public void send(Address dst, Object obj) throws Exception;
public void send(Address dst, byte[] buf, int off, int len) throws Exception;

The first send() method has only one argument, which is the message to be sent. The message’s destination should either be the address of the receiver (unicast) or null (multicast). When the destination is null, the message will be sent to all members of the cluster (including itself).

The remainaing send() methods are helper methods; they take either a byte[] buffer or an object, create a Message and call send(Message).

If the channel is not connected, or was closed, an exception will be thrown upon attempting to send a message.

Here’s an example of sending a message to all members of a cluster:

Map data; // any serializable data
channel.send(null, data);

The null value as destination address means that the message will be sent to all members in the cluster. The payload is a hashmap, which will be serialized into the message’s buffer and unserialized at the receiver. Alternatively, any other means of generating a byte buffer and setting the message’s buffer to it (e.g. using Message.setBuffer()) also works.

Here’s an example of sending a unicast message to the first member (coordinator) of a group:

Address receiver=channel.getView().getMembers().get(0);
channel.send(receiver, "hello world");

The sample code determines the coordinator (first member of the view) and sends it a "hello world" message.

A note about buffer reuse

The following code is wrong:

protected void sendFile() throws Exception {
    FileInputStream in=new FileInputStream(filename);
    byte[] buf=new byte[8096];
    for(;;) {
        if(bytes == -1)
        channel.send(new Message(null, buf, 0, bytes));
  • Buffer buf is reused and can get overwritten with new data while JGroups

    • queues the message in a bundler and sends multiple messages as a message batch

    • possibly retransmits the message if not received by the receiver(s); retransmitting the changed buffer

  • Correct: move buf into the for loop

Discarding one’s own messages

Sometimes, it is desirable not to have to deal with one’s own messages, ie. messages sent by oneself. To do this, JChannel.setDiscardOwnMessages(boolean flag) can be set to true (false by default). This means that every cluster node will receive a message sent by P, but P itself won’t.

Synchronous messages

While JGroups guarantees that a message will eventually be delivered at all non-faulty members, sometimes this might take a while. For example, if we have a retransmission protocol based on negative acknowledgments, and the last message sent is lost, then the receiver(s) will have to wait until the stability protocol notices that the message has been lost, before it can be retransmitted.

This can be changed by setting the Message.RSVP flag in a message: when this flag is encountered, the message send blocks until all members have acknowledged reception of the message (of course excluding members which crashed or left meanwhile).

This also serves as another purpose: if we send an RSVP-tagged message, then - when the send() returns - we’re guaranteed that all messages sent before will have been delivered at all members as well. So, for example, if P sends message 1-10, and marks 10 as RSVP, then, upon JChannel.send() returning, P will know that all members received messages 1-10 from P.

Note that since RSVP’ing a message is costly, and might block the sender for a while, it should be used sparingly. For example, when completing a unit of work (ie. member P sending N messages), and P needs to know that all messages were received by everyone, then RSVP could be used.

To use RSVP, two things have to be done:

First, the RSVP protocol has to be in the config, somewhere above the reliable transmission protocols such as NAKACK2 or UNICAST3, e.g.:

    <PING />
    <pbcast.NAKACK2 use_mcast_xmit="true"
    <UNICAST3 timeout="300,600,1200"/>
    <RSVP />
    <pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000"
    <pbcast.GMS print_local_addr="true" join_timeout="3000"

Secondly, the message we want to get ack’ed must be marked as RSVP:

Message msg=new Message(null, "hello world").setFlag(Message.RSVP);

Here, we send a message to all cluster members (dest == null). (Note that RSVP also works for sending a message to a unicast destination). Method send() will return as soon as it has received acks from all current members. If there are 4 members A, B, C and D, and A has received acks from itself, B and C, but D’s ack is missing and D crashes before the timeout kicks in, then this will nevertheless make send() return, as if D had actually sent an ack.

If the timeout property is greater than 0, and we don’t receive all acks within timeout milliseconds, a TimeoutException will be thrown (if RSVP.throw_exception_on_timeout is true). The application can choose to catch this (runtime) exception and do something with it, e.g. retry.

The configuration of RSVP is described here: RSVP.

Note RSVP was added in version 3.1.
Non blocking RSVP

Sometimes a sender wants a given message to be resent until it has been received, or a timeout occurs, but doesn’t want to block. As an example, RpcDispatcher.callRemoteMethodsWithFuture() needs to return immediately, even if the results aren’t available yet. If the call options contain flag RSVP, then the future would only be returned once all responses have been received. This is clearly undesirable behavior.

To solve this, flag RSVP_NB (non-blocking) can be used. This has the same behavior as RSVP, but the caller is not blocked by the RSVP protocol. When a timeout occurs, a warning message will be logged, but since the caller doesn’t block, the call won’t throw an exception.

3.9.9. Receiving messages

Methods receive(Message) and receive(MessageBatch) in ReceiverAdapter (or Receiver) can be overridden to receive messages.

public void receive(Message msg);
public void receive(MessageBatch batch);

A Receiver can be registered with a channel using JChannel.setReceiver(). All received messages, view changes and state transfer requests will invoke callbacks on the registered Receiver:

JChannel ch=new JChannel();
ch.setReceiver(new ReceiverAdapter() {
    public void receive(Message msg) {
        System.out.println("received message " + msg);
    public void viewAccepted(View view) {
        System.out.println("received view " + new_view);
Note The semantics of receive(Message msg) changed slightly in 4.0: as the buffer of msg might get reused by the transport (to reduce the memory allocation rate), the receive() method must consume the buffer (e.g. de-serialize it into an application object), or make a copy. As soon as receive() returns, the message’s buffer might get overwritten with new data.

To receive message batches (see MessageBatch), method receive(MessageBatch) has to be implemented, e.g.:

public void receive(MessageBatch batch) {
    for(Message msg: batch) {
        // do something with the message

Implementing the receive(MessageBatch) callback is not strictly necessary, as the default implementation will call receive(Message) for each message of a batch, but it may be more efficient if the application can process batches of messages in one go.

3.9.10. Receiving view changes

As shown above, the viewAccepted() callback of ReceiverAdapter can be used to get callbacks whenever a cluster membership change occurs. The receiver needs to be set via JChannel.setReceiver(Receiver).

As discussed in ReceiverAdapter, code in callbacks must avoid anything that takes a lot of time, or blocks; JGroups invokes this callback as part of the view installation, and if this user code blocks, the view installation would block, too.

3.9.11. Getting the group’s state

A newly joined member may want to retrieve the state of the cluster before starting work. This is done with getState():

public void getState(Address target, long timeout) throws Exception;

This method returns the state of one member (usually of the oldest member, the coordinator). The target parameter can usually be null, to ask the current coordinator for the state. If a timeout (ms) elapses before the state is fetched, an exception will be thrown. A timeout of 0 waits until the entire state has been transferred.

Note The reason for not directly returning the state as a result of getState() is that the state has to be returned in the correct position relative to other messages. Returning it directly would violate the FIFO properties of a channel, and state transfer would not be correct!

To participate in state transfer, both state provider and state requester have to implement the following callbacks from ReceiverAdapter (Receiver):

public void getState(OutputStream output) throws Exception;
public void setState(InputStream input) throws Exception;

Method getState() is invoked on the state provider (usually the coordinator). It needs to write its state to the output stream given. Note that output doesn’t need to be closed when done (or when an exception is thrown); this is done by JGroups.

The setState() method is invoked on the state requester; this is the member which called JChannel.getState(). It needs to read its state from the input stream and set its internal state to it. Note that input doesn’t need to be closed when done (or when an exception is thrown); this is done by JGroups.

In a cluster consisting of A, B and C, with D joining the cluster and calling Channel.getState(), the following sequence of callbacks happens:

  • D calls JChannel.getState(). The state will be retrieved from the oldest member, A

  • A’s getState() callback is called. A writes its state to the output stream passed as a parameter to getState().

  • D’s setState() callback is called with an input stream as argument. D reads the state from the input stream and sets its internal state to it, overriding any previous data.

  • D: JChannel.getState() returns. Note that this will only happen after the state has been transferred successfully, or a timeout elapsed, or either the state provider or requester throws an exception. Such an exception will be re-thrown by getState(). This could happen for instance if the state provider’s getState() callback tries to stream a non-serializable class to the output stream.

The following code fragment shows how a group member participates in state transfers:

public void getState(OutputStream output) throws Exception {
    synchronized(state) {
        Util.objectToStream(state, new DataOutputStream(output));

public void setState(InputStream input) throws Exception {
    List<String> list;
    list=(List<String>)Util.objectFromStream(new DataInputStream(input));
    synchronized(state) {
    System.out.println(list.size() + " messages in chat history):");
    for(String str: list)

This code is the Chat example from the JGroups tutorial and the state here is a list of strings.

The getState() implementation synchronized on the state (so no incoming messages can modify it during the state transfer), and uses the JGroups utility method objectToStream().

Performance when writing to an output stream

If a lot of smaller fragments are written to an output stream, it is best to wrap the output stream into a BufferedOutputStream, e.g.

                    new BufferedOutputStream(new DataOutputStream(output)));

The setState() implementation also uses the Util.objectFromStream() utility method to read the state from the input stream and assign it to its internal list.

State transfer protocols

In order to use state transfer, a state transfer protocol has to be included in the configuration. This can either be STATE_TRANSFER, STATE, or STATE_SOCK. More details on the protocols can be found in the protocols list section.


This is the original state transfer protocol, which used to transfer byte[] buffers. It still does that, but is internally converted to call the getState() and setState() callbacks which use input and output streams.

Note that, because byte[] buffers are converted into input and output streams, this protocol should not be used for transfer of large states.

For details see pbcast.STATE_TRANSFER.


This is the STREAMING_STATE_TRANSFER protocol, renamed in 3.0. It sends the entire state across from the provider to the requester in (configurable) chunks, so that memory consumption is minimal.

For details see pbcast.STATE.


Same as STREAMING_STATE_TRANSFER, but a TCP connection between provider and requester is used to transfer the state.

For details see STATE_SOCK.

3.9.12. Disconnecting from a channel

Disconnecting from a channel is done using the following method:

public void disconnect();

It will have no effect if the channel is already in the disconnected or closed state. If connected, it will leave the cluster. This is done (transparently for a channel user) by sending a leave request to the current coordinator. The latter will subsequently remove the leaving node from the view and install a new view in all remaining members.

After a successful disconnect, the channel will be in the unconnected state, and may subsequently be reconnected.

3.9.13. Closing a channel

To destroy a channel instance (destroy the associated protocol stack, and release all resources), method close() is used:

public void close();

Closing a connected channel disconnects the channel first.

The close() method moves the channel to the closed state, in which no further operations are allowed (most throw an exception when invoked on a closed channel). In this state, a channel instance is not considered used any longer by an application and — when the reference to the instance is reset —  the channel essentially only lingers around until it is garbage collected by the Java runtime system.

4. Building Blocks

Building blocks are layered on top of channels, and can be used instead of channels whenever a higher-level interface is required.

Whereas channels are simple socket-like constructs, building blocks may offer a far more sophisticated interface. In some cases, building blocks offer access to the underlying channel, so that — if the building block at hand does not offer a certain functionality — the channel can be accessed directly. Building blocks are located in the org.jgroups.blocks package.

4.1. MessageDispatcher

A channels is a simple class asynchronously send and receive messages. However, a significant number of communication patterns in group communication require synchronous communication. For example, a sender would like to send a message to the group and wait for all responses. Or another application would like to send a message to the group and wait only until the majority of the receivers have sent a response, or until a timeout occurred.

MessageDispatcher provides blocking (and non-blocking) request sending and response correlation. It offers synchronous (as well as asynchronous) message sending with request-response correlation, e.g. matching one or multiple responses with the original request.

An example of using this class would be to send a request message to all cluster members, and block until all responses have been received, or until a timeout has elapsed.

Contrary to RpcDispatcher, MessageDispatcher deals with sending message requests and correlating message responses, while RpcDispatcher deals with invoking method calls and correlating responses. RpcDispatcher extends MessageDispatcher, and offers an even higher level of abstraction over MessageDispatcher.

RpcDispatcher is essentially a way to invoke remote procedure calls (RCs) across a cluster.

Both MessageDispatcher and RpcDispatcher sit on top of a channel; therefore an instance of MessageDispatcher is created with a channel as argument. It can now be used in both client and server role: a client sends requests and receives responses and a server receives requests and sends responses. MessageDispatcher allows for an application to be both at the same time. To be able to serve requests in the server role, the RequestHandler.handle() method has to be implemented:

Object handle(Message msg) throws Exception;

The handle() method is called whenever a request is received. It must return a value (must be serializable, but can be null) or throw an exception. The returned value will be sent to the sender, and exceptions are also propagated to the sender.

Before looking at the methods of MessageDispatcher, let’s take a look at RequestOptions first.

4.1.1. RequestOptions

Every message sending in MessageDispatcher or request invocation in RpcDispatcher is governed by an instance of RequestOptions. This is a class which can be passed to a call to define the various options related to the call, e.g. a timeout, whether the call should block or not, the flags (see Tagging messages with flags) etc.

The various options are:

  • Response mode: this determines whether the call is blocking and - if yes - how long it should block. The modes are:


    Block until responses from all members (minus the suspected ones) have been received.


    Wait for none. This makes the call non-blocking


    Block until the first response (from anyone) has been received

  • Timeout: number of milliseconds we’re willing to block. If the call hasn’t terminated after the timeout elapsed, a TimeoutException will be thrown. A timeout of 0 means to wait forever. The timeout is ignored if the call is non-blocking (mode=GET_NONE)

  • Anycasting: if set to true, this means we’ll use unicasts to individual members rather than sending multicasts. For example, if we have have TCP as transport, and the cluster is {A,B,C,D,E}, and we send a message through MessageDispatcher where dests={C,D}, and we do not want to send the request to everyone, then we’d set anycasting=true. This will send the request to C and D only, as unicasts, which is better if we use a transport such as TCP which cannot use IP multicasting (sending 1 packet to reach all members).

  • Response filter: A RspFilter allows for filtering of responses and user-defined termination of a call. For example, if we expect responses from 10 members, but can return after having received 3 non-null responses, a RspFilter could be used. See Response filters for a discussion on response filters.

  • Flags: the various flags to be passed to the message, see the section on message flags for details.

  • Exclusion list: here we can pass a list of members (addresses) that should be excluded. For example, if the view is A,B,C,D,E, and we set the exclusion list to A,C then the caller will wait for responses from everyone except A and C. Also, every recipient that’s in the exclusion list will discard the message.

An example of how to use RequestOptions is:

RpcDispatcher disp;
RequestOptions opts=new RequestOptions(Request.GET_ALL)
                    .setFlags(Message.NO_FC, Message.OOB);
Object val=disp.callRemoteMethod(target, method_call, opts);

The methods to send requests are:

public <T> RspList<T>
       castMessage(Collection<Address> dests, byte[] data, int offset, int length,
                   RequestOptions opts) throws Exception;

public <T> CompletableFuture<RspList<T>>
       castMessageWithFuture(Collection<Address> dests, Buffer data,
                             RequestOptions opts) throws Exception;

public <T> T sendMessage(Address dest, byte[] data, int offset, int length,
                         RequestOptions opts) throws Exception;

public <T> CompletableFuture<T>
       sendMessageWithFuture(Address dest, byte[] data, int offset, int length,
                             RequestOptions opts) throws Exception;

castMessage() sends a message to all members defined in dests. If dests is null, the message is sent to all members of the current cluster. If a message is sent synchronously (defined by options.mode), then options.timeout defines the maximum amount of time (in milliseconds) to wait for the responses.

castMessage() returns a RspList, which contains a map of addresses and Rsps; there’s one Rsp per member listed in dests.

A Rsp instance contains the response value (or null), an exception if the target handle() method threw an exception, whether the target member was suspected, or not, and so on. See the example below for more details.

castMessageWithFuture() returns immediately, with a CompletableFuture. The future can be used to fetch the response list (now or later), and it also allows for installation of a callback which will be invoked when the future is done. See Asynchronous calls with futures for details on how to use CompletableFutures.

Note that Buffer is a simple wrapper around a byte[] array, an offset and a length.

sendMessage() allows an application programmer to send a unicast message to a single cluster member and receive the response. The destination of the message has to be non-null (valid address of a member). The mode argument is ignored (it is by default set to ResponseMode.GET_FIRST) unless it is set to GET_NONE in which case the request becomes asynchronous, ie. we will not wait for the response.

sendMessageWithFuture() returns immediately with a future, which can be used to fetch the result.

One advantage of using this building block is that failed members are removed from the set of expected responses. For example, when sending a message to 10 members and waiting for all responses, and 2 members crash before being able to send a response, the call will return with 8 valid responses and 2 marked as failed. The return value of castMessage() is a RspList which contains all responses (not all methods shown):

public class RspList<T> implements Map<Address,Rsp> {
    public boolean       isReceived(Address sender);
    public int           numSuspectedMembers();
    public List<T>       getResults();
    public List<Address> getSuspectedMembers();
    public boolean       isSuspected(Address sender);
    public Object        get(Address sender);
    public int           size();

isReceived() checks whether a response from sender has already been received. Note that this is only true as long as no response has yet been received, and the member has not been marked as failed. numSuspectedMembers() returns the number of members that failed (e.g. crashed) during the wait for responses. getResults() returns a list of return values. get() returns the return value for a specific member.

4.1.2. Requests and target destinations

When a non-null list of addresses is passed (as the destination list) to MessageDispatcher.castMessage() or RpcDispatcher.callRemoteMethods(), then this does not mean that only the members included in the list will receive the message, but rather it means that we’ll only wait for responses from those members, if the call is blocking.

If we want to restrict the reception of a message to the destination members, there are a few ways to do this:

  • If we only have a few destinations to send the message to, use several unicasts.

  • Use anycasting. E.g. if we have a membership of {A,B,C,D,E,F}, but only want A and C to receive the message, then set the destination list to A and C and enable anycasting in the RequestOptions passed to the call (see above). This means that the transport will send 2 unicasts.

  • Use exclusion lists. If we have a membership of {A,B,C,D,E,F}, and want to send a message to almost all members, but exclude D and E, then we can define an exclusion list: this is done by settting the destination list to null (= send to all members), or to {A,B,C,D,E,F} and set the exclusion list in the RequestOptions passed to the call to D and E.

4.1.3. Example

This section shows an example of how to use a MessageDispatcher.

public class MessageDispatcherTest implements RequestHandler {
    JChannel          channel;
    MessageDispatcher disp;
    RspList           rsp_list;
    String            props; // to be set by application programmer

    public void start() throws Exception {
        channel=new JChannel(props);
        disp=new MessageDispatcher(channel, this);

        for(int i=0; i < 10; i++) {
            System.out.println("Casting message #" + i);
            byte[] payload=("Number #" + i).getBytes();
                                      payload, 0, payload.length,
            System.out.println("Responses:\n" +rsp_list);

    public Object handle(Message msg) throws Exception {
        System.out.println("handle(): " + msg);
        return "Success!";

    public static void main(String[] args) {
        try {
            new MessageDispatcherTest().start();
        catch(Exception e) {

The example starts with the creation of a channel. Next, an instance of MessageDispatcher is created on top of the channel. Then the channel is connected. The MessageDispatcher will from now on send requests, receive matching responses (client role) and receive requests and send responses (server role).

We then send 10 messages to the group and wait for all responses. The timeout argument is 0, which causes the call to block until all responses have been received.

The handle() method simply prints out a message and returns a string. This will be sent back to the caller as a response value (in Rsp.value). Had the call thrown an exception, Rsp.exception would be set instead.

Finally both the MessageDispatcher and channel are closed.

4.2. RpcDispatcher

RpcDispatcher is derived from MessageDispatcher. It allows a programmer to invoke remote methods in all (or single) cluster members and optionally wait for the return value(s). An application will typically create a channel first, and then create an RpcDispatcher on top of it. RpcDispatcher can be used to invoke remote methods (client role) and at the same time be called by other members (server role).

Compared to MessageDispatcher, no handle() method needs to be implemented. Instead the methods to be called can be placed directly in the class using regular method definitions (see example below). The methods will get invoked using reflection.

To invoke remote method calls (unicast and multicast) the following methods are used:

public <T> RspList<T>
       callRemoteMethods(Collection<Address> dests, String method_name, Object[] args,
                         Class[] types, RequestOptions options) throws Exception;
public <T> RspList<T>
       callRemoteMethods(Collection<Address> dests, MethodCall method_call,
                         RequestOptions opts) throws Exception;

public <T> CompletableFuture<RspList<T>>
       callRemoteMethodsWithFuture(Collection<Address> dests, MethodCall method_call,
                                   RequestOptions options) throws Exception;

public <T> T
       callRemoteMethod(Address dest, String meth, Object[] args, Class[] types,
                        RequestOptions opts) throws Exception;

public <T> T
       callRemoteMethod(Address dest,
                        MethodCall call,
                        RequestOptions options) throws Exception;

public <T> CompletableFuture<T>
       callRemoteMethodWithFuture(Address dest,
                                  MethodCall call,
                                  RequestOptions opts) throws Exception

The family of callRemoteMethods() methods is invoked with a list of receiver addresses. If null, the method will be invoked in all cluster members (including the sender). Each call takes the target members to invoke it on (null mean invoke on all cluster members), a method and a RequestOptions instance.

The method can be given as (1) the method name, (2) the arguments and (3) the argument types, or a MethodCall (containing a java.lang.reflect.Method and argument) can be given instead.

As with MessageDispatcher, a RspList or a future to a RspList is returned.

The family of callRemoteMethod() methods takes almost the same parameters, except that there is only one destination address instead of a list. If the dest argument is null, the call will fail.

The callRemoteMethod() calls return the actual result (of type T), or throw an exception if the method threw an exception on the target member.

Java’s Reflection API is used to find the correct method in the target member according to the method name and number and types of supplied arguments. There is a runtime exception if a method cannot be resolved.

As an alternative, we can use method IDs and the MethodLookup interface to resolve methods, which is faster and has every RPC carry less data across the wire. To see how this is done, have a look at some of the MethodLookup implementations, e.g. in RpcDispatcherSpeedTest.

4.2.1. Example

The code below shows an example of using RpcDispatcher:

public class RpcDispatcherTest {
    JChannel           channel;
    RpcDispatcher disp;
    RspList            rsp_list;
    String             props; // set by application

    public static int print(int number) throws Exception {
        return number * 2;

    public void start() throws Exception {
        MethodCall call=new MethodCall(getClass().getMethod("print", int.class));
        RequestOptions opts=new RequestOptions(ResponseMode.GET_ALL, 5000);
        channel=new JChannel(props);
        disp=new RpcDispatcher(channel, this);

        for(int i=0; i < 10; i++) {
            rsp_list=disp.callRemoteMethods(null, call, opts);
            System.out.println("Responses: " + rsp_list);
        Util.close(disp, channel);

    public static void main(String[] args) throws Exception {
        new RpcDispatcherTest().start();

Class RpcDispatcher defines method print() which will be called subsequently. The entry point start() creates a channel and an RpcDispatcher which is layered on top. Method callRemoteMethods() then invokes the remote print() in all cluster members (also in the caller). When all responses have been received, the call returns and the responses are printed.

As can be seen, the RpcDispatcher building block reduces the amount of code that needs to be written to implement RPC-based group communication applications by providing a higher abstraction level between the application and the primitive channels.

Asynchronous calls with futures

When invoking a synchronous call, the calling thread is blocked until the response (or responses) has been received.

A Future allows a caller to return immediately and grab the result(s) later. The methods which return futures are:

public <T> CompletableFuture<RspList<T>>
       callRemoteMethodsWithFuture(Collection<Address> dests,
                                   MethodCall method_call,
                                   RequestOptions options) throws Exceptio;
public <T> CompleteableFuture<T>
       callRemoteMethodWithFuture(Address dest,
                                  MethodCall call,
                                  RequestOptions options) throws Exception;

A CompleteableFuture extends java.util.concurrent.Future, with its regular methods such as isDone(), get() and cancel(). CompleteableFuture also allows to install some code that is run when the future is done. This is shown in the following code:

CompleteableFuture<RspList<Integer>> future=dispatcher.callRemoteMethodsWithFuture(...);
future.whenComplete((result,ex) -> {
    System.out.printf("result=%d\n", result);

Here, the result (an int) is printed to stdout when available. Note that we could also have received an exception instead of a result, in which case argument ex would have carried the exception.

4.2.2. Response filters

Response filters allow application code to hook into the reception of responses from cluster members and can let the request-response execution and correlation code know (1) wether a response is acceptable and (2) whether more responses are needed, or whether the call (if blocking) can return. The RspFilter interface looks as follows:

public interface RspFilter {
    boolean isAcceptable(Object response, Address sender);
    boolean needMoreResponses();

isAcceptable() is given a response value and the address of the member which sent the response, and needs to decide whether the response is valid (should return true) or not (should return false).

needMoreResponses() determine whether a call returns or not.

The sample code below shows how to use a RspFilter:

public void testResponseFilter() throws Exception {
    final long timeout = 10 * 1000 ;

    RequestOptions opts;
    opts=new RequestOptions(ResponseMode.GET_ALL,
                            timeout, false,
                            new RspFilter() {
                                int num=0;
                                public boolean isAcceptable(Object response,
                                                            Address sender) {
                                    boolean retval=((Integer)response).intValue() > 1;
                                    return retval;
                                public boolean needMoreResponses() {
                                    return num < 2;

    RspList rsps=disp1.callRemoteMethods(null, "foo", null, null, opts);
    System.out.println("responses are:\n" + rsps);
    assert rsps.size() == 3;
    assert rsps.numReceived() == 2;

Here, we invoke a cluster wide RPC (dests=null), which blocks (mode=GET_ALL) for 10 seconds max (timeout=10000), but also passes an instance of RspFilter to the call (in options).

The filter accepts all responses whose value is greater than 1, and returns as soon as it has received 2 responses which satisfy the above condition.

Warning If we have a RspFilter which doesn’t terminate the call even if responses from all members have been received, we might block forever (if no timeout was given)! For example, if we have 10 members, and every member returns 1 or 2 as return value of foo() in the above code, then isAcceptable() would always return false, therefore never incrementing num, and needMoreResponses() would always return true; this would never terminate the call if it wasn’t for the timeout of 10 seconds!
This was fixed in 3.1; a blocking call will always return if we’ve received as many responses as we have members in dests, regardless of what the RspFilter says.

4.3. Asynchronous invocation in MessageDispatcher and RpcDispatcher

By default, a message received by a MessageDispatcher or RpcDispatcher is dispatched into application code by calling method handle() (1) of the RequestHandler interface:

public interface RequestHandler {
    Object handle(Message msg) throws Exception;   1
    default void handle(Message request, Response response) throws Exception {
        throw new UnsupportedOperationException(); 2

In the case of RpcDispatcher, the handle() method (1) converts the message’s contents into a method call, invokes the method against the target object and returns the result (or throws an exception). The return value of handle() is then sent back to the sender of the message.

The invocation is synchronous, ie. done on the thread responsible for dispatching this particular message from the network up the stack all the way into the application. The thread is therefore unusable for the duration of the method invocation.

If the invocation takes a while, e.g. because locks are acquired or the application waits on some I/O, as the current thread is busy, another thread will be used for a different request message. This can quickly lead to the thread pool being exhausted or many messages getting queued if the pool has an associated queue.

Therefore a new way of dispatching messages to the application was devised; the asynchronous invocation API. Method handle(Request,Response) (2) takes a request message and a Response object.The request message contains the same information as before (e.g. a method call plus args). The Response argument is used to send a reply (if needed) at a later time, when processing is done.

public interface Response {
    void send(Object reply, boolean is_exception);
    void send(Message reply, boolean is_exception);

Response encapsulates information about the request (e.g. request ID and sender), and has method reply() to send a response. The is_exception parameter can be set to true if the reply is actually an exception, e.g. that was thrown when handle() ran application code.

The second method takes a Message which needs to carry the serialized reply in its payload. This method can be used to control the type of message that’s sent out, ie. by setting flags, adding headers and so on.

The advantage of the new API is that it can, but doesn’t have to, be used asynchronously. The default implementation still uses the synchronous invocation style:

public void handle(Message request, Response response) throws Exception {
    Object retval=handle(request);
    if(response != null)
        response.send(retval, false);

Method handle() is called, which synchronously calls into application code and returns a result, which is subsequently sent back to the sender of the request message.

However, an application could subclass MessageDispatcher or RpcDispatcher (as done in Infinispan), or it could set a custom request handler via MessageDispatcher.setRequestHandler(), and implement handle() by dispatching the processing to a thread from a thread pool. The thread which guided the request message from the network up to this point would be therefore immediately released and could be used to process other messages.

The response would be sent whenever the invocation of application code is done, and thus the thread from the thread pool would not be blocked on I/O, trying to acquire locks or anything else that blocks in application code.

To set the mode which is used, method MessageDispatcher.asyncDispatching(boolean) can be used. This can be changed even at runtime, to switch between sync and async invocation style.

Asynchrounous invocation is typically used in conjunction with an application thread pool. The application knows (JGroups doesn’t) which requests can be processed in parallel and which ones can’t. For example, all OOB calls could be dispatched directly to the thread pool, as ordering of OOB requests is not important, but regular requests should be added to a queue where they are processed sequentually.

The main benefit here is that request dispatching (and ordering) is now under application control if the application wants to do that. If not, we can still use synchronous invocation.

A good example where asynchronous invocation makes sense are replicated web sessions. If a cluster node A has 1000 web sessions, then replication of updates across the cluster generates messages from A. Because JGroups delivers messages from the same sender sequentially, even updates to unrelated web sessions are delivered in strict order.

With asynchronous invocation, the application could devise a dispatching strategy which assigns updates to different (unrelated) web sessions to any available thread from the pool, but queues updates to the same session, and processes those by the same thread, to provide ordering of updates to the same session. This would speed up overall processing, as updates to a web session 1 on A don’t have to wait until all updates to an unrelated web session 2 on A have been processed.

Note The asynchronous invocation API was added in JGroups 3.3.

4.4. ReplicatedHashMap

This class was written as a demo of how state can be shared between nodes of a cluster. It has never been heavily tested and is therefore not meant to be used in production.

A ReplicatedHashMap uses a concurrent hashmap internally and allows to create several instances of hashmaps in different processes. All of these instances have exactly the same state at all times. When creating such an instance, a cluster name determines which cluster of replicated hashmaps will be joined. The new instance will then query the state from existing members and update itself before starting to service requests. If there are no existing members, it will simply start with an empty state.

Modifications such as put(), clear() or remove() will be propagated in orderly fashion to all replicas. Read-only requests such as get() will only be invoked on the local hashmap.

Since both keys and values of a hashtable will be sent across the network, they have to be serializable. Putting a non-serializable value in the map will result in an exception at marshalling time.

A ReplicatedHashMap allows to register for notifications, e.g. when data is added removed. All listeners will get notified when such an event occurs. Notification is always local; for example in the case of removing an element, first the element is removed in all replicas, which then notify their listener(s) of the removal (after the fact).

ReplicatedHashMap allow members in a group to share common state across process and machine boundaries.

4.5. ReplCache

ReplCache is a distributed cache which - contrary to ReplicatedHashMap - doesn’t replicate its values to all cluster members, but just to selected backups.

A put(K,V,R) method has a replication count R which determines on how many cluster members key K and value V should be stored. When we have 10 cluster members, and R=3, then K and V will be stored on 3 members. If one of those members goes down, or leaves the cluster, then a different member will be told to store K and V. ReplCache tries to always have R cluster members store K and V.

A replication count of -1 means that a given key and value should be stored on all cluster members.

The mapping between a key K and the cluster member(s) on which K will be stored is always deterministic, and is computed using a consistent hash function.

Note that this class was written as a demo of how state can be shared between nodes of a cluster. It has never been heavily tested and is therefore not meant to be used in production.

4.6. Cluster wide locking

In 2.12, a new distributed locking service was added, replacing DistributedLockManager. The new service is implemented as a protocol and is used via org.jgroups.blocks.locking.LockService.

LockService talks to the locking protocol via events. The main abstraction of a distributed lock is an implementation of java.util.concurrent.locks.Lock.

Below is an example of how LockService is typically used:

// locking.xml needs to contain a locking protocol, e.g. CENTRAL_LOCK
JChannel ch=new JChannel("/home/bela/locking.xml");
LockService lock_service=new LockService(ch);
Lock lock=lock_service.getLock("mylock"); // gets a cluster-wide lock
try {
    // do something with the locked resource
finally {

In the example, we create a channel, then a LockService, then connect the channel. If the channel’s configuration doesn’t include a locking protocol, an exception will be thrown. Then we grab a lock named "mylock", which we lock and subsequently unlock. If another member P had already acquired "mylock", we’d block until P released the lock, or P left the cluster or crashed.

Note that the owner of a lock is always a given thread in a cluster, so the owner is the JGroups address and the thread ID. This means that different threads inside the same JVM trying to access the same named lock will compete for it. If thread-22 grabs the lock first, then thread-5 will block until thread-22 releases the lock.

Note If we want the lock owner to only be the address (and not the thread-id), then property use_thread_id_for_lock_owner can be set to false. This means that all threads in a given node can lock or unlock a given lock. Example: thread T1 locks "lock", but thread T2 can unlock it. This is not the same semantics as java.util.concurrent.locks.Lock, but nevertheless useful in some scenarios. (Introduced in 3.6)

JGroups includes a demo (org.jgroups.demos.LockServiceDemo), which can be used to interactively experiment with distributed locks. LockServiceDemo -h dumps all command line options.

There is one protocol which provides locking: CENTRAL_LOCK.

Note that the locking protocol has to be placed at or towards the top of the stack (close to the channel), because it requires reliable unicasts and multicasts (e.g. provided by UNICAST3 and NAKACK2).

4.6.1. Locking and merges

The following scenario is susceptible to network partitioning and subsequent merging: we have a cluster view of {A,B,C,D} and then the cluster splits into {A,B} and {C,D}. Assume that B and D now acquire a lock "mylock". This is what happens (with the locking protocol being CENTRAL_LOCK):

  • There are 2 coordinators: A for {A,B} and C for {C,D}

  • B successfully acquires "mylock" from A

  • D successfully acquires "mylock" from C

  • The partitions merge back into {A,B,C,D}. Now, only A is the coordinator, but C ceases to be a coordinator

  • Problem: D still holds a lock which should actually be invalid! There is no easy way (via the Lock API) to remove the lock from D. We could for example simply release D’s lock on "mylock", but then there’s no way telling D that the lock it holds is actually stale!

Therefore the recommended solution here is for nodes to listen to MergeView changes if they expect merging to occur, and re-acquire all of their locks after a merge, e.g.:

Lock l1, l2, l3;
LockService lock_service;
public void viewAccepted(View view) {
    if(view instanceof MergeView) {
        new Thread() {
            public void run() {
                // stop all access to resources protected by l1, l2 or l3
                // every thread needs to re-acquire the locks it holds

4.7. Cluster wide task execution

In 2.12, a distributed execution service was added. The new service is implemented as a protocol and is used via org.jgroups.blocks.executor.ExecutionService.

ExecutionService extends java.util.concurrent.ExecutorService and distributes tasks submitted to it across the cluster, trying to distribute the tasks to the cluster members as evenly as possible. When a cluster member leaves or dies, the tasks is was processing are re-distributed to other members in the cluster.

ExecutionService talks to the executing protocol via events. The main abstraction is an implementation of java.util.concurrent.ExecutorService. All methods are supported. The restrictions are however that the callable or runnable must be Serializable, Externalizable or Streamable. Also the result produced from the future needs to be Serializable, Externalizable or Streamable. If the Callable or Runnable are not, then an IllegalArgumentException is immediately thrown. If a result is not, then a NotSerializableException with the name of the class will be returned to the Future as an exception cause.

Below is an example of how ExecutionService is typically used:

// executing.xml needs to have an execution protocol, e.g. CENTRAL_EXECUTOR
JChannel ch = new JChannel("/home/bela/executing.xml");
ExecutionService exec_service = new ExecutionService(ch);
Future<Value> future = exec_service.submit(new MyCallable());
try {
    Value value = future.get();
    // Do something with value
catch (InterruptedException e) {
catch (ExecutionException e) {

In the example, we create a channel, then an ExecutionService, then connect the channel. Then we submit our callable giving us a Future. Then we wait for the future to finish returning our value and do something with it. If any exception occurs we print the stack trace of that exception.

The ExecutionService follows the Producer-Consumer Pattern very closely. The ExecutionService is used as the Producer for this Pattern. Therefore the service only passes tasks off to be handled and doesn’t do anything with the actual invocation of those tasks. There is a separate class that can was written specifically as a consumer, which can be ran on any node of the cluster. This class is ExecutionRunner and implements java.lang.Runnable.

A user is required to run one or more instances of a ExecutionRunner on a node of the cluster. By having a thread run one of these runners, that thread has now volunteered to be able to run any task that is submitted to the cluster via an ExecutionService. This allows for any node in the cluster to participate or not participate in the running of these tasks and also any node can optionally run more than 1 ExecutionRunner if this node has additional capacity to do so. A runner will run indefinitely until the thread that is currently running it is interrupted. If a task is running when the runner is interrupted the task will be interrupted.

Below is an example of how simple it is to have a single node start and allow for 10 distributed tasks to be executed simultaneously on it:

int runnerCount = 10;
// locking.xml needs to have a locking protocol
JChannel ch = new JChannel("/home/bela/executing.xml");

ExecutionRunner runner = new ExecutionRunner(ch);

ExecutorService service = Executors.newFixedThreadPool(runnerCount);
for (int i = 0; i < runnerCount; ++i) {
   // If you want to stop the runner hold onto the future
   // and cancel with interrupt.

In the example, we create a channel, then connect the channel, then an ExecutionRunner. Then we create a java.util.concurrent.ExecutorService that is used to start 10 threads that each thread runs the ExecutionRunner. This allows for this node to have 10 threads actively accept and work on requests submitted via any ExecutionService in the cluster.

Since an ExecutionService does not allow for non serializable class instances to be sent across as tasks there are two utility classes provided to get around this problem. For users that are used to using a CompletionService with an Executor there is an equivalent ExecutionCompletionService provided that allows for a user to have the same functionality. It would have been preferred to allow for the same ExecutorCompletionService to be used, but due to its implementation using a non serializable object the ExecutionCompletionService was implemented to be used instead in conjunction with an ExecutionService.

Also a utility class was designed to help users to submit tasks which use a non serializable class. The Executions class contains a method serializableCallable which allows for a user to pass a constructor of a class that implements Callable and its arguments to then return to a user a Callable that will upon running will automatically create and object from the constructor passing the provided arguments to it and then will call the call method on the object and return it’s result as a normal callable. All the arguments provided must still be serializable and the return object as detailed previously.

JGroups includes a demo (org.jgroups.demos.ExecutionServiceDemo), which can be used to interactively experiment with a distributed sort algorithm and performance. This is for demonstration purposes and performance should not be assumed to be better than local. ExecutionServiceDemo -h dumps all command line options.

There is one protocol which provide executions: CENTRAL_EXECUTOR. The executing protocol has to be placed at or towards the top of the stack (close to the channel).

4.8. Cluster wide atomic counters

Cluster wide counters provide named counters (similar to AtomicLong) which can be changed atomically. Two nodes incrementing the same counter with initial value 10 will see 11 and 12 as results, respectively.

To create a named counter, the following steps have to be taken:

  • ✓ Add protocol COUNTER to the top of the stack configuration

  • ✓ Create an instance of CounterService

  • ✓ Create a new or get an existing named counter

  • ✓ Use the counter to increment, decrement, get, set, compare-and-set etc the counter

In the first step, we add COUNTER to the top of the protocol stack configuration:

    <MFC max_credits="2M"
         min_threshold="0.4" />
    <FRAG2 frag_size="60K" />
    <COUNTER bypass_bundling="true" timeout="5000" />

Configuration of the COUNTER protocol is described in COUNTER.

Next, we create a CounterService, which is used to create and delete named counters:

ch = new JChannel(props);
CounterService counter_service = new CounterService(ch);
Counter counter = counter_service.getOrCreateCounter("mycounter", 1);

In the sample code above, we create a channel first, then create the CounterService referencing the channel. Then we connect the channel and finally create a new named counter "mycounter", with an initial value of 1. If the counter already exists, the existing counter will be returned and the initial value will be ignored.

CounterService doesn’t consume any messages from the channel over which it is created; instead it grabs a reference to the COUNTER protocols and invokes methods on it directly. This has the advantage that CounterService is non-intrusive: many instances can be created over the same channel. CounterService even co-exists with other services which use the same mechanism, e.g. LockService or ExecutionService (see above).

The returned counter instance implements interface Counter:

package org.jgroups.blocks.atomic;

public interface Counter {

    public String getName();

     * Gets the current value of the counter
     * @return The current value
    public long get();

     * Sets the counter to a new value
     * @param new_value The new value
    public void set(long new_value);

     * Atomically updates the counter using a CAS operation
     * @param expect The expected value of the counter
     * @param update The new value of the counter
     * @return True if the counter could be updated, false otherwise
    public boolean compareAndSet(long expect, long update);

     * Atomically increments the counter and returns the new value
     * @return The new value
    public long incrementAndGet();

     * Atomically decrements the counter and returns the new value
     * @return The new value
    public long decrementAndGet();

     * Atomically adds the given value to the current value.
     * @param delta the value to add
     * @return the updated value
    public long addAndGet(long delta);

4.8.1. Design

The design of COUNTER is described in detail in CounterService.txt.

In a nutshell, in a cluster the current coordinator maintains a hashmap of named counters. Members send requests (increment, decrement etc) to it, and the coordinator atomically applies the requests and sends back responses.

The advantage of this centralized approach is that - regardless of the size of a cluster - every request has a constant execution cost, namely a network round trip.

A crash or leaving of the coordinator is handled as follows. The coordinator maintains a version for every counter value. Whenever the counter value is changed, the version is incremented. For every request that modifies a counter, both the counter value and the version are returned to the requester. The requester caches all counter values and associated versions in its own local cache.

When the coordinator leaves or crashes, the next-in-line member becomes the new coordinator. It then starts a reconciliation phase, and discards all requests until the reconciliation phase has completed. The reconciliation phase solicits all members for their cached values and versions. To reduce traffic, the request also carries all version numbers with it.

The clients return values whose versions are higher than the ones shipped by the new coordinator. The new coordinator waits for responses from all members or timeout milliseconds. Then it updates its own hashmap with values whose versions are higher than its own. Finally, it stops discarding requests and sends a resend message to all clients in order to resend any requests that might be pending.

There’s another edge case that also needs to be covered: if a client P updates a counter, and both P and the coordinator crash, then the update is lost. To reduce the chances of this happening, COUNTER can be enabled to replicate all counter changes to one or more backup coordinators. The num_backups property defines the number of such backups. Whenever a counter was changed in the current coordinator, it also updates the backups (asynchronously). 0 disables this.

5. Advanced Concepts

This chapter discusses some of the more advanced concepts of JGroups with respect to using it and setting it up correctly.

5.1. Using multiple channels

When using a fully virtual synchronous protocol stack, the performance may not be great because of the larger number of protocols present. For certain applications, however, throughput is more important than ordering, e.g. for video/audio streams or airplane tracking. In the latter case, it is important that airplanes are handed over between control domains correctly, but if there are a (small) number of radar tracking messages (which determine the exact location of the plane) missing, it is not a problem. The first type of messages do not occur very often (typically a number of messages per hour), whereas the second type of messages would be sent at a rate of 10-30 messages/second. The same applies for a distributed whiteboard: messages that represent a video or audio stream have to be delivered as quick as possible, whereas messages that represent figures drawn on the whiteboard, or new participants joining the whiteboard have to be delivered according to a certain order.

The requirements for such applications can be solved by using two separate channels: one for control messages such as group membership, floor control etc and the other one for data messages such as video/audio streams (actually one might consider using one channel for audio and one for video). The control channel might use virtual synchrony, which is relatively slow, but enforces ordering and retransmission, and the data channel might use a simple UDP channel, possibly including a fragmentation layer, but no retransmission layer (losing packets is preferred to costly retransmission).

5.2. Transport protocols

A transport protocol refers to the protocol at the bottom of the protocol stack which is responsible for sending messages to and receiving messages from the network. There are a number of transport protocols in JGroups. They are discussed in the following sections.

A typical protocol stack configuration using UDP is:

<config xmlns="urn:org:jgroups"


    <PING />
    <MERGE3 max_interval="30000"
    <VERIFY_SUSPECT timeout="1500"  />
    <BARRIER />
    <pbcast.NAKACK2 use_mcast_xmit="true"
    <UNICAST3 />
    <pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000"
    <pbcast.GMS print_local_addr="true" join_timeout="2000"
    <UFC max_credits="2M"
    <MFC max_credits="2M"
    <FRAG2 frag_size="60K"  />
    <pbcast.STATE_TRANSFER />

In a nutshell the properties of the protocols are:


This is the transport protocol. It uses IP multicasting to send messages to the entire cluster, or individual nodes. Other transports include TCP, TCP_NIO2 and TUNNEL.


This is the discovery protocol. It uses IP multicast (by default) to find initial members. Once found, the current coordinator can be determined and a unicast JOIN request will be sent to it in order to join the cluster.


Will merge sub-clusters back into one cluster, kicks in after a network partition healed.


Failure detection based on sockets (in a ring form between members). Generates notification if a member fails


Failure detection based on heartbeat are-you-alive messages. Generates notification if a member fails


Double-checks whether a suspected member is really dead, otherwise the suspicion generated from protocol below is discarded


Needed to transfer state; this will block messages that modify the shared state until a digest has been taken, then unblocks all threads. Not needed if no state transfer protocol is present.


Ensures (a) message reliability and (b) FIFO. Message reliability guarantees that a message will be received. If not, the receiver(s) will request retransmission. FIFO guarantees that all messages from sender P will be received in the order P sent them


Same as NAKACK for unicast messages: messages from sender P will not be lost (retransmission if necessary) and will be in FIFO order (conceptually the same as TCP in TCP/IP)


Deletes messages that have been seen by all members (distributed message garbage collection)


Membership protocol. Responsible for joining/leaving members and installing new views.


Unicast Flow Control. Provides flow control between 2 members.


Multicast Flow Control. Provides flow control between a sender and all cluster members.


Fragments large messages into smaller ones and reassembles them back at the receiver side. For both multicast and unicast messages


Ensures that state is correctly transferred from an existing member (usually the coordinator) to a new member.

5.2.1. Message bundling

Message bundling is beneficial when sending many small messages; they are queued until a threshold (number of bytes) has been exceeded. Then, the queued messages are assembled into a message batch (see MessageBatch) and the batch is sent.

At the receiver, the message batch is passed up the stack, so protocols and/or the application can process multiple messages in one shot.

When sending many smaller messages, the ratio between payload and message headers might be small; say we send a "hello" string: the payload here is 7 bytes, whereas the addresses and headers (depending on the stack configuration) might be 30 bytes. However, if we bundle (say) 100 messages, then the payload of the large message is 700 bytes, but the header is still 30 bytes. Thus, we’re able to send more actual data across the wire with a message batch than with many small messages.

Note A message batch of 100 messages contains the sender’s and destination address and the cluster name only once. If the cluster name is 10 bytes, then we save roughly 99*10 + 99 * 18 *2 (assuming non-null destination addresses and IPv4) = 4500 bytes.

Message bundling/batching is conceptually similar to TCP’s Nagle algorithm.

A sample configuration is shown below:

<UDP max_bundle_size="64K"/>

Here, bundling is enabled (the default). The max accumulated size is 64'000 bytes.

If at time T0, we’re sending 10 smaller messages with an accumulated size of 2'000 bytes, but then send no more messages, then a message batch of 10 will be sent immediately after the 10th message has been sent.

If we send 1000 messages of 100 bytes each, then - after exceeding 64'000 bytes (after ca. 64 messages) - we’ll send the message batch, and this might have taken only 3 ms.

Note Since 3.x, message bundling is the default, and it cannot be enabled or disabled anymore (the config is ignored). However, a message can set the DONT_BUNDLE flag to skip message bundling. This is only recognized for OOB messages, so if a message needs to skip bundling, it needs to have flags OOB and DONT_BUNDLE set.
Message bundling and performance

As with Nagling, message bundling/batching can affect latency. In most scenarios, latency should be small as a message batch is sent when either max_bundle_size bytes have accumulated, or no more messages are sent. The algorithm for bundling looks more or less like this:

If enough space in the queue:
    queue message, get next message
If max_bundle_size exceeded, or no more message -> send message batch

When the message send rate is high and/or many large messages are sent, latency is more or less the time to fill max_bundle_size. This should be sufficient for a lot of applications. If not, flags OOB and DONT_BUNDLE can be used to bypass bundling.

5.2.2. UDP

UDP uses IP multicasting for sending messages to all members of a cluster, and UDP datagrams for unicast messages (sent to a single member). When started, it opens a unicast and multicast socket: the unicast socket is used to send/receive unicast messages, while the multicast socket sends/receives multicast messages. The physical address of the channel will be the address and port number of the unicast socket.

Using UDP and plain IP multicasting

A protocol stack with UDP as transport protocol is typically used with clusters whose members run on the same host or are distributed across a LAN. Note that before running instances in different subnets, an admin has to make sure that IP multicast is enabled across subnets. It is often the case that IP multicast is not enabled across subnets. Refer to section It doesn’t work! for running a test program that determines whether members can reach each other via IP multicast. If this does not work, the protocol stack cannot use UDP with IP multicast as transport. In this case, the stack has to either use UDP without IP multicasting, or use a different transport such as TCP.

Using UDP without IP multicasting

The protocol stack with UDP and PING as the bottom protocols use IP multicasting by default to send messages to all members (UDP) and for discovery of the initial members (PING). However, if multicasting cannot be used, the UDP and PING protocols can be configured to send multiple unicast messages instead of one multicast message.

Note Although not as efficient (and using more bandwidth), it is sometimes the only possibility to reach group members.

To configure UDP to use multiple unicast messages to send a group message instead of using IP multicasting, the ip_mcast property has to be set to false.

If we disable ip_mcast, we now also have to change the discovery protocol (PING). Because PING requires IP multicasting to be enabled in the transport, we cannot use it. Some of the alternatives are TCPPING (static list of member addresses), TCPGOSSIP (external lookup service), FILE_PING (shared directory), BPING (using broadcasts) or JDBC_PING (using a shared database).

See Initial membership discovery for details on configuration of different discovery protocols.

5.2.3. TCP

TCP is a replacement for UDP as transport in cases where IP multicast cannot be used. This may be the case when operating over a WAN, where routers might discard IP multicast packets. Usually, UDP is used as transport in LANs, while TCP is used for clusters spanning WANs.

The properties for a typical stack based on TCP might look like this (edited for brevity):

<TCP bind_port="7800" />
<TCPPING initial_hosts="${jgroups.tcpping.initial_hosts:HostA[7800],HostB[7801]}"
<VERIFY_SUSPECT timeout="1500"  />
<pbcast.NAKACK2 use_mcast_xmit="false"
<pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000"
<pbcast.GMS print_local_addr="true" join_timeout="2000"

The transport protocol, uses TCP (from TCP/IP) to send unicast and multicast messages. In the latter case, it sends multiple unicast messages.


Discovers the initial membership to determine coordinator. Join request will then be sent to coordinator.


Double checks that a suspected member is really dead


Reliable and FIFO multicast message delivery


Reliable unicast message delivery


Distributed garbage collection of messages seen by all members


Membership services. Takes care of joining and removing new/old members, emits view changes

When using TCP, each message to all of the cluster members is sent as multiple unicast messages (one to each member). Due to the fact that IP multicasting cannot be used to discover the initial members, another mechanism has to be used to find the initial membership. There are a number of alternatives (see Initial membership discovery for a discussion of all discovery protocols):

  • TCPPING: uses a list of well-known group members that it contacts for initial membership

  • TCPGOSSIP: this requires a GossipRouter (see below), which is an external process, acting as a lookup service. Cluster members register with under their cluster name, and new members query the GossipRouter for initial cluster membership information.

5.2.4. TCP_NIO2

This is a TCP/IP based implementation based on non blocking IO (NIO2).

Details at TCP_NIO2.


A protocol stack using TCP and TCPPING looks like this (other protocols omitted):

<TCP bind_port="7800" /> +
<TCPPING initial_hosts="HostA[7800],HostB[7800]"
         port_range="2" />

The concept behind TCPPING is that some selected cluster members assume the role of well-known hosts from which the initial membership information can be retrieved. In the example, HostA and HostB are designated members that will be used by TCPPING to lookup the initial membership. The property bind_port in TCP means that each member should try to assign port 7800 for itself. If this is not possible it will try the next higher port (7801) and so on, until it finds an unused port.

TCPPING will try to contact both HostA and HostB, starting at port 7800 and ending at port 7800 + port_range, in the above example ports 7800 - 7802. Assuming that at least one of HostA or HostB is up, a response will be received. To be absolutely sure to receive a response, it is recommended to add all the hosts on which members of the cluster will be running to the configuration.


TCPGOSSIP uses one or more GossipRouters to (1) register itself and (2) fetch information about already registered cluster members. A configuration looks like this:

<TCP />
<TCPGOSSIP initial_hosts="HostA[5555],HostB[5555]" />

The initial_hosts property is a comma-delimited list of GossipRouters. In the example there are two GossipRouters on HostA and HostB, at port 5555.

A member always registers with all GossipRouters listed, but fetches information from the first available GossipRouter. If a GossipRouter cannot be accessed, it will be marked as failed and removed from the list. A task is then started, which tries to periodically reconnect to the failed process. On reconnection, the failed GossipRouter is marked as OK, and re-inserted into the list.

The advantage of having multiple GossipRouters is that, as long as at least one is running, new members will always be able to retrieve the initial membership.

Note that the GossipRouter should be started before any of the members.

5.2.5. TUNNEL

Firewalls are usually placed at the connection to the internet. They shield local networks from outside attacks by screening incoming traffic and rejecting connection attempts to host inside the firewalls by outside machines. Most firewall systems allow hosts inside the firewall to connect to hosts outside it (outgoing traffic), however, incoming traffic is most often disabled entirely.

Tunnels are host protocols which encapsulate other protocols by multiplexing them at one end and demultiplexing them at the other end. Any protocol can be tunneled by a tunnel protocol.

The most restrictive setups of firewalls usually disable all incoming traffic, and only enable a few selected ports for outgoing traffic. In the solution below, it is assumed that one TCP port is enabled for outgoing connections to the GossipRouter.

JGroups has a mechanism that allows a programmer to tunnel a firewall. The solution involves a GossipRouter, which has to be outside of the firewall, so other members (possibly also behind firewalls) can access it.

The solution works as follows. A channel inside a firewall has to use protocol TUNNEL instead of UDP or TCP as transport. The recommended discovery protocol is PING. Here’s a configuration:

<TUNNEL gossip_router_hosts="HostA[12001]" />
<PING />

TUNNEL uses a GossipRouter (outside the firewall) running on HostA at port 12001 for tunneling. Note that it is not recommended to use TCPGOSSIP for discovery if TUNNEL is used (use PING instead). TUNNEL accepts one or multiple GossipRouters tor tunneling; they can be listed as a comma delimited list of host[port] elements specified in property gossip_router_hosts.

TUNNEL establishes a TCP connection to the GossipRouter process (outside the firewall) that accepts messages from members and passes them on to other members. This connection is initiated by the host inside the firewall and persists as long as the channel is connected to a group. A GossipRouter will use the same connection to send incoming messages to the channel that initiated the connection. This is perfectly legal, as TCP connections are fully duplex. Note that, if GossipRouter tried to establish its own TCP connection to the channel behind the firewall, it would fail. But it is okay to reuse the existing TCP connection, established by the channel.

Note that TUNNEL has to be given the hostname and port of the GossipRouter process. This example assumes a GossipRouter is running on HostA at port12001. TUNNEL accepts one or multiple router hosts as a comma delimited list of host[port] elements specified in property gossip_router_hosts.

Any time a message has to be sent, TUNNEL forwards the message to GossipRouter, which distributes it to its destination: if the message’s destination field is null (send to all group members), then GossipRouter looks up the members that belong to that group and forwards the message to all of them via the TCP connections they established when connecting to GossipRouter. If the destination is a valid member address, then that member’s TCP connection is looked up, and the message is forwarded to it.

Note To do so, GossipRouter maintains a mapping between cluster names and member addresses, and TCP connections.

A GossipRouter is not a single point of failure. In a setup with multiple gossip routers, the routers do not communicate among themselves, and a single point of failure is avoided by having each channel simply connect to multiple available routers. In case one or more routers go down, the cluster members are still able to exchange messages through any of the remaining available router instances, if there are any.

For each send invocation, a channel goes through a list of available connections to routers and attempts to send the message on each connection until it succeeds. If a message can not be sent on any of the connections, an exception is raised. The default policy for connection selection is random. However, we provide an plug-in interface for other policies as well.

The GossipRouter configuration is static and is not updated for the lifetime of the channel. A list of available routers has to be provided in the channel’s configuration file.

To tunnel a firewall using JGroups, the following steps have to be taken:

  • ✓ Check that a TCP port (e.g. 12001) is enabled in the firewall for outgoing traffic

  • ✓ Start the GossipRouter:

java org.jgroups.stack.GossipRouter -port 12001
  • ✓ Configure the TUNNEL protocol layer as instructed above.

  • ✓ Create a channel

The general setup is shown in Tunneling a firewall:

Figure 4. Tunneling a firewall

First, the GossipRouter process is created on host B. Note that host B should be outside the firewall, and all channels in the same group should use the same GossipRouter process. When a channel on host A is created, its TCPGOSSIP protocol will register its address with the GossipRouter and retrieve the initial membership (assume this is C). Now, a TCP connection with the GossipRouter is established by A; this will persist until A crashes or voluntarily leaves the group. When A multicasts a message to the cluster, GossipRouter looks up all cluster members (in this case, A and C) and forwards the message to all members, using their TCP connections. In the example, A would receive its own copy of the multicast message it sent, and another copy would be sent to C.

This scheme allows for example Java applets , which are only allowed to connect back to the host from which they were downloaded, to use JGroups: the HTTP server would be located on host B and the gossip and GossipRouter daemon would also run on that host. An applet downloaded to either A or C would be allowed to make a TCP connection to B. Also, applications behind a firewall would be able to talk to each other, joining a group.

However, there are several drawbacks: first, having to maintain a TCP connection for the duration of the connection might use up resources in the host system (e.g. in the GossipRouter), leading to scalability problems, second, this scheme is inappropriate when only a few channels are located behind firewalls, and the vast majority can indeed use IP multicast to communicate, and finally, it is not always possible to enable outgoing traffic on 2 ports in a firewall, e.g. when a user does not own the firewall.

5.3. The transport in detail

The transport is always the protocol at the bottom of the stack, responsible for sending and receiving messages.

It contains most of the resources, such as the thread pool for handling of incoming messages, sockets for sending and receiving of messages, and thread and socket factories.

The transport is shown in The transport protocol.

Figure 5. The transport protocol

The transport consists of a thread pool (java.util.concurrent.ThreadPoolExecutor) which handles all types of messages (internal, OOB and regular) and is also used by the timer to fire tasks (e.g. retransmission tasks) at fixed or dynamic intervals.

When a (UDP or TCP) socket receives a message or message batch, it passes the message to the thread pool for processing.

When the thread pool is disabled, then we use the thread of the caller (e.g. multicast or unicast receiver threads or the ConnectionTable) to send the message up the stack and into the application.

Otherwise, the packet will be processed by a thread from the thread pool, which sends the message up the stack. When all current threads are busy, another thread might be created, up to the maximum number of threads defined. Alternatively, the packet might get dropped if the pool is exhausted.

The point of using a thread pool is that the receiver threads should only receive the packets and forward them to the thread pools for processing, because unmarshalling and processing is slower than simply receiving the message and can benefit from parallelization.

5.3.1. Configuration

Here’s an example of the new configuration:

    thread_pool.keep_alive_time="20000" />

The attributes for the thread pools are prefixed with thread_pool respectively.

The attributes are listed below. They roughly correspond to the options of java.util.concurrent.ThreadPoolExecutor.

Table 3. Attributes of the thread pool
Name Description


Determines how threads are named that are running from thread pools in concurrent stack. Valid values include any combination of "cl" letters, where "c" includes the cluster name and "l" includes local address of the channel. The default is "cl".


Whether or not to use a thread pool. If set to false, the caller’s thread is used.


The minimum number of threads to use.


The maximum number of threads to use.


Number of milliseconds until an idle thread is removed from the pool

5.3.2. Message delivery and ordering

A message is considered delivered as soon as the receive() callback returns. While messages are received in a non-defined order, the reliable protocols (NAKACK2 and UNICAST3) establish an order in which messages are delivered.

Regular messages or message batches from a sender P are delivered in the order in which they were sent. E.g. if P sent messages 4 and 5, then the application’s receive() callback will be invoked with 4, and when 4 returns, with message 5. Alternatively, the application might receive a message batch containing messages 4 and 5. When iterating through that batch, message 4 will be consumed before message 5.

Regular messages from different senders P and Q are delivered in parallel. E.g if P sends 4 and 5 and Q sends 56 and 57, then the receive() callback might get invoked in parallel for P4 and Q57. Therefore the receive() callbacks have to be thread-safe.

In contrast, OOB messages are delivered in an undefined order, e.g. messages P4 and P5 might get delivered as P4 → P5 (P4 followed by P5) in some receivers and P5 → P4 in others. It is also possible that P4 is delivered in parallel with P5, each message getting delivered by a different thread.

The only guarantee for both regular and OOB messages is that a message will get delivered exactly once. Dropped messages are retransmitted and duplicate messages are dropped.

Out-of-band messages

OOB messages completely ignore any ordering constraints the stack might have.

This is necessary in cases where we don’t want the message processing to wait until all other messages from the same sender have been processed, e.g. in the heartbeat case: if sender P sends 5 messages and then a response to a heartbeat request received from some other node, then the time taken to process P’s 5 messages might take longer than the heartbeat timeout, so that P might get falsely suspected!

However, if the heartbeat response is marked as OOB, then it will get processed in parallel to the other 5 messages from P and not trigger a false suspicion.

The unit tests UNICAST_OOB_Test and NAKACK_OOB_Test demonstrate how OOB messages influence the ordering, for both unicast and multicast messages.

5.3.3. Replacing the thread pool and factories

The following thread pools and factories are in TP:

Name Description

Thread pool

This is the pool for handling incoming messages. It can be fetched using getThreadPool() and replaced using setThreadPool(). When replacing the thread pool, the old thread pool will be shutdown and all of its tasks cancelled first.

Thread factory

This is the thread factory (org.jgroups.util.ThreadFactory) of the thread pool, which handles incoming messages. A thread pool factory is used to name threads and possibly make them daemons. It can be accessed using getThreadPoolThreadFactory() and setThreadPoolThreadFactory().

Socket factory

This is responsible for creation and deletion of sockets. It can be fetched using getSocketFactory() and set using setSocketFactory().

Note Note that the thread pool and (thread and socket) factories should be replaced after a channel has been created and before it is connected (JChannel.connect()).

5.3.4. Sharing of thread pools between channels in the same JVM

The thread pool can be shared between instances running inside the same JVM. This can be done by creating an implementation of Executor, a number of channels and then setting the same executor in all channels via setThreadPool(Executor e).

The advantage here is that multiple channels running within the same JVM can pool (and therefore save) threads.

The disadvantage is that thread naming will not show to which channel instance an incoming thread belongs to.

5.3.5. Using a custom socket factory

JGroups creates all of its sockets through a SocketFactory, which is located in the transport (TP). The factory has methods to create sockets (Socket, ServerSocket, DatagramSocket and MulticastSocket), close sockets and list all open sockets. Every socket creation method has a service name, which could be for example "jgroups.fd_sock.srv_sock". The service name is used to look up a port (e.g. in a config file) and create the correct socket.

To provide one’s own socket factory, the following has to be done: the code below creates a SocketFactory implementation and sets it in the transport:

JChannel ch;
MySocketFactory factory; // e.g. extends DefaultSocketFactory
ch=new JChannel("config.xml");
ch.setSocketFactory(new MySocketFactory());

5.4. Handling network partitions

Network partitions can be caused by switch, router or network interface crashes, among other things. If we have a cluster {A,B,C,D,E} spread across 2 subnets {A,B,C} and {D,E} and the switch to which D and E are connected crashes, then we end up with a network partition, with subclusters {A,B,C} and {D,E}.

A, B and C can ping each other, but not D or E, and vice versa. We now have 2 coordinators, A and D. Both subclusters operate independently, for example, if we maintain a shared state, subcluster {A,B,C} replicate changes to A, B and C.

This means, that if during the partition, some clients access {A,B,C}, and others {D,E}, then we end up with different states in both subclusters. When a partition heals, the merge protocol (e.g. MERGE3) will notify A and D that there were 2 subclusters and merge them back into {A,B,C,D,E}, with A being the new coordinator and D ceasing to be coordinator.

The question is what happens with the 2 diverged substates ?

There are 2 solutions to merging substates: first we can attempt to create a new state from the 2 substates, and secondly we can shut down all members of the non primary partition, such that they have to re-join and possibly reacquire the state from a member in the primary partition.

In both cases, the application has to handle a MergeView (subclass of View), as shown in the code below:

public void viewAccepted(View view) {
    if(view instanceof MergeView) {
        MergeView tmp=(MergeView)view;
        List<View> subgroups=tmp.getSubgroups();
        // merge state or determine primary partition
        // run in a separate thread!

It is essential that the merge view handling code run on a separate thread if it needs more than a few milliseconds, or else it would block the calling thread.

The MergeView contains a list of views, each view represents a subgroups and has the list of members which formed this group.

5.4.1. Merging substates

The application has to merge the substates from the various subgroups ({A,B,C} and {D,E}) back into one single state for {A,B,C,D,E}. This task has to be done by the application because JGroups knows nothing about the application state, other than it is a byte buffer.

If the in-memory state is backed by a database, then the solution is easy: simply discard the in-memory state and fetch it (eagerly or lazily) from the DB again. This of course assumes that the members of the 2 subgroups were able to write their changes to the DB. However, this is often not the case, as connectivity to the DB might have been severed by the network partition.

Another solution could involve tagging the state with time stamps. On merging, we could compare the time stamps for the substates and let the substate with the more recent time stamps win.

Yet another solution could increase a counter for a state each time the state has been modified. The state with the highest counter wins.

Again, the merging of state can only be done by the application. Whatever algorithm is picked to merge state, it has to be deterministic.

5.4.2. The primary partition approach

The primary partition approach is simple: on merging, one subgroup is designated as the primary partition and all others as non-primary partitions. The members in the primary partition don’t do anything, whereas the members in the non-primary partitions need to drop their state and re-initialize their state from fresh state obtained from a member of the primary partition.

The code to find the primary partition needs to be deterministic, so that all members pick the same primary partition. This could be for example the first view in the MergeView, or we could sort all members of the new MergeView and pick the subgroup which contained the new coordinator (the one from the consolidated MergeView). Another possible solution could be to pick the largest subgroup, and, if there is a tie, sort the tied views lexicographically (all Addresses have a compareTo() method) and pick the subgroup with the lowest ranked member.

Here’s code which picks as primary partition the first view in the MergeView, then re-acquires the state from the new coordinator of the combined view:

public static void main(String[] args) throws Exception {
    final JChannel ch=new JChannel("/home/bela/udp.xml");
    ch.setReceiver(new ReceiverAdapter() {
        public void viewAccepted(View new_view) {
            handleView(ch, new_view);

    private static void handleView(JChannel ch, View new_view) {
        if(new_view instanceof MergeView) {
            ViewHandler handler=new ViewHandler(ch, (MergeView)new_view);
            // requires separate thread as we don't want to block JGroups

    private static class ViewHandler extends Thread {
        JChannel ch;
        MergeView view;

        private ViewHandler(JChannel ch, MergeView view) {

        public void run() {
            List<View> subgroups=view.getSubgroups();
            View tmp_view=subgroups.firstElement(); // picks the first
            Address local_addr=ch.getLocalAddress();
            if(!tmp_view.getMembers().contains(local_addr)) {
                System.out.println("Not member of the new primary partition ("
                                   + tmp_view + "), will re-acquire the state");
                try {
                    ch.getState(null, 30000);
                catch(Exception ex) {
            else {
                System.out.println("Not member of the new primary partition ("
                                   + tmp_view + "), will do nothing");

The handleView() method is called from viewAccepted(), which is called whenever there is a new view. It spawns a new thread which gets the subgroups from the MergeView, and picks the first subgroup to be the primary partition. Then, if it was a member of the primary partition, it does nothing, and if not, it reaqcuires the state from the coordinator of the primary partition (A).

The downside to the primary partition approach is that work (= state changes) on the non-primary partition is discarded on merging. However, that’s only problematic if the data was purely in-memory data, and not backed by persistent storage. If the latter’s the case, use state merging discussed above.

It would be simpler to shut down the non-primary partition as soon as the network partition is detected, but that a non trivial problem, as we don’t know whether {D,E} simply crashed, or whether they’re still alive, but were partitioned away by the crash of a switch. This is called a split brain syndrome, and means that none of the members has enough information to determine whether it is in the primary or non-primary partition, by simply exchanging messages.

5.4.3. The Split Brain syndrome and primary partitions

In certain situations, we can avoid having multiple subgroups where every subgroup is able to make progress, and on merging having to discard state of the non-primary partitions.

If we have a fixed membership, e.g. the cluster always consists of 5 nodes, then we can run code on a view reception that determines the primary partition. This code

  • assumes that the primary partition has to have at least 3 nodes

  • any cluster which has less than 3 nodes doesn’t accept modfications. This could be done for shared state for example, by simply making the {D,E} partition read-only. Clients can access the {D,E} partition and read state, but not modify it.

  • As an alternative, clusters without at least 3 members could shut down, so in this case D and E would leave the cluster.

The algorithm is shown in pseudo code below:

On initialization:
    - Mark the node as read-only

On view change V:
    - If V has >= N members:
        - If not read-write: get state from coord and switch to read-write
    - Else: switch to read-only

Of course, the above mechanism requires that at least 3 nodes are up at any given time, so upgrades have to be done in a staggered way, taking only one node down at a time. In the worst case, however, this mechanism leaves the cluster read-only and notifies a system admin, who can fix the issue. This is still better than shutting the entire cluster down.

5.5. Flushing: making sure every node in the cluster received a message

To change this, we can turn on virtual synchrony (by adding FLUSH to the top of the stack), which guarantees that

  • A message M sent in V1 will be delivered in V1. So, in the example above, M1 would get delivered in view V1; by A, B and C, but not by D.

  • The set of messages seen by members in V1 is the same for all members before a new view V2 is installed. This is important, as it ensures that all members in a given view see the same messages. For example, in a group {A,B,C}, C sends 5 messages. A receives all 5 messages, but B doesn’t. Now C crashes before it can retransmit the messages to B. FLUSH will now ensure, that before installing V2={A,B} (excluding C), B gets C’s 5 messages. This is done through the flush protocol, which has all members reconcile their messages before a new view is installed. In this case, A will send C’s 5 messages to B.

Sometimes it is important to know that every node in the cluster received all messages up to a certain point, even if there is no new view being installed. To do this (initiate a manual flush), an application programmer can call JChannel.startFlush() to start a flush and JChannel.stopFlush() to terminate it.

JChannel.startFlush() flushes all pending messages out of the system. This stops all senders (calling JChannel.down() during a flush will block until the flush has completed)[2]. When startFlush() returns, the caller knows that (a) no messages will get sent anymore until stopFlush() is called and (b) all members have received all messages sent before startFlush() was called.

JChannel.stopFlush() terminates the flush protocol, no blocked senders can resume sending messages.

Note that the FLUSH protocol has to be present on top of the stack, or else the flush will fail.

5.6. Large clusters

This section is a collection of best practices and tips and tricks for running large clusters on JGroups. By large clusters, we mean several hundred nodes in a cluster. These recommendations are captured in udp-largecluster.xml which is shipped with JGroups.

Note This is work-in-progress, and udp-largecluster.xml is likely to see changes in the future.

5.7. STOMP support

STOMP is a JGroups protocol which implements the STOMP protocol. Transactions and acks have not been implemented yet.

Adding the STOMP protocol to a configuration means that

  • Clients written in different languages can subscribe to destinations, send messages to destinations, and receive messages posted to (subscribed) destinations. This is similar to JMS topics.

  • Clients don’t need to join any cluster; this allows for light weight clients, and we can run many of them.

  • Clients can access a cluster from a remote location (e.g. across a WAN).

  • STOMP clients can send messages to cluster members, and vice versa.

The location of a STOMP protocol in a stack is shown in STOMP in a protocol stack.

Figure 6. STOMP in a protocol stack

The STOMP protocol should be near the top of the stack.

A STOMP instance listens on a TCP socket for client connections. The port and bind address of the server socket can be defined via properties.

A client can send SUBSCRIBE commands for various destinations. When a SEND for a given destination is received, STOMP adds a header to the message and broadcasts it to all cluster nodes. Every node then in turn forwards the message to all of its connected clients which have subscribed to the same destination. When a destination is not given, STOMP simply forwards the message to all connected clients.

Traffic can be generated by clients and by servers. In the latter case, we could for example have code executing in the address space of a JGroups (server) node. In the former case, clients use the SEND command to send messages to a JGroups server and receive messages via the MESSAGE command. If there is code on the server which generates messages, it is important that both client and server code agree on a marshalling format, e.g. JSON, so that they understand each other’s messages.

Clients can be written in any language, as long as they understand the STOMP protocol. Note that the JGroups STOMP protocol implementation sends additional information (e.g. INFO) to clients; non-JGroups STOMP clients should simply ignore them.

JGroups comes with a STOMP client (org.jgroups.client.StompConnection) and a demo (StompDraw). Both need to be started with the address and port of a JGroups cluster node. Once they have been started, the JGroups STOMP protocol will notify clients of cluster changes, which is needed so client can failover to another JGroups server node when a node is shut down. E.g. when a client connects to C, after connection, it’ll get a list of endpoints (e.g. A,B,C,D). When C is terminated, or crashes, the client automatically reconnects to any of the remaining nodes, e.g. A, B, or D. When this happens, a client is also re-subscribed to the destinations it registered for.

The JGroups STOMP protocol can be used when we have clients, which are either not in the same network segment as the JGroups server nodes, or which don’t want to become full-blown JGroups server nodes. STOMP architecture shows a typical setup.

Figure 7. STOMP architecture

There are 4 nodes in a cluster. Say the cluster is in a LAN, and communication is via IP multicasting (UDP as transport). We now have clients which do not want to be part of the cluster themselves, e.g. because they’re in a different geographic location (and we don’t want to switch the main cluster to TCP), or because clients are frequently started and stopped, and therefore the cost of startup and joining wouldn’t be amortized over the lifetime of a client. Another reason could be that clients are written in a different language, or perhaps, we don’t want a large cluster, which could be the case if we for example have 10 JGroups server nodes and 1000 clients connected to them.

In the example, we see 9 clients connected to every JGroups cluster node. If a client connected to node A sends a message to destination /topics/chat, then the message is multicast from node A to all other nodes (B, C and D). Every node then forwards the message to those clients which have previously subscribed to /topics/chat.

When node A crashes (or leaves) the JGroups STOMP clients (org.jgroups.client.StompConnection) simply pick another server node and connect to it.

For more information about STOMP see the blog entry at

5.8. Bridging between remote clusters

In 2.12, the RELAY protocol was added to JGroups (for the properties see RELAY). It allows for bridging of remote clusters. For example, if we have a cluster in New York (NYC) and another one in San Francisco (SFO), then RELAY allows us to bridge NYC and SFO, so that multicast messages sent in NYC will be forwarded to SFO and vice versa.

The NYC and SFO clusters could for example use IP multicasting (UDP as transport), and the bridge could use TCP as transport. The SFO and NYC clusters don’t even need to use the same cluster name.

Relaying between different clusters shows how the two clusters are bridged.

Figure 8. Relaying between different clusters

The cluster on the left side with nodes A (the coordinator), B and C is called "NYC" and use IP multicasting (UDP as transport). The cluster on the right side ("SFO") has nodes D (coordinator), E and F.

The bridge between the local clusters NYC and SFO is essentially another cluster with the coordinators (A and D) of the local clusters as members. The bridge typically uses TCP as transport, but any of the supported JGroups transports could be used (including UDP, if supported across a WAN, for instance).

Only a coordinator relays traffic between the local and remote cluster. When A crashes or leaves, then the next-in-line (B) takes over and starts relaying.

Relaying is done via the RELAY protocol added to the top of the stack. The bridge is configured with the bridge_props property, e.g. bridge_props="/home/bela/tcp.xml". This creates a JChannel inside RELAY.

Note that property "site" must be set in both subclusters. In the example above, we could set site="nyc" for the NYC subcluster and site="sfo" for the SFO subcluster.

The design is described in detail in JGroups/doc/design/RELAY.txt (part of the source distribution). In a nutshell, multicast messages received in a local cluster are wrapped and forwarded to the remote cluster by a relay (= the coordinator of a local cluster). When a remote cluster receives such a message, it is unwrapped and put onto the local cluster.

JGroups uses subclasses of UUID (PayloadUUID) to ship the site name with an address. When we see an address with site="nyc" on the SFO side, then RELAY will forward the message to the SFO subcluster, and vice versa. When C multicasts a message in the NYC cluster, A will forward it to D, which will re-broadcast the message on its local cluster, with the sender being D. This means that the sender of the local broadcast will appear as D (so all retransmit requests got to D), but the original sender C is preserved in the header. At the RELAY protocol, the sender will be replaced with the original sender ( nodeC) having site="nyc". When node F wants to reply to the sender of the multicast, the destination of the message will be C, which is intercepted by the RELAY protocol and forwarded to the current relay (D). D then picks the correct destination © and sends the message to the remote cluster, where A makes sure C (the original sender) receives it.

An important design goal of RELAY is to be able to have completely autonomous clusters, so NYC doesn’t for example have to block waiting for credits from SFO, or a node in the SFO cluster doesn’t have to ask a node in NYC for retransmission of a missing message.


RELAY presents a global view to the application, e.g. a view received by nodes could be {D,E,F,A,B,C}. This view is the same on all nodes, and a global view is generated by taking the two local views, e.g. A|5 {A,B,C} and D|2 {D,E,F}, comparing the coordinators' addresses (the UUIDs for A and D) and concatenating the views into a list. So if D’s UUID is greater than A’s UUID, we first add D’s members into the global view ({D,E,F}), and then A’s members.

Therefore, we’ll always see all of A’s members, followed by all of D’s members, or the other way round.

To see which nodes are local and which ones remote, we can iterate through the addresses (PayloadUUID) and use the site (PayloadUUID.getPayload()) name to for example differentiate between "nyc" and "sfo".

5.8.2. Configuration

To setup a relay, we need essentially 3 XML configuration files: 2 to configure the local clusters and 1 for the bridge.

To configure the first local cluster, we can copy udp.xml from the JGroups distribution and add RELAY on top of it: <RELAY bridge_props="/home/bela/tcp.xml" />. Let’s say we call this config relay.xml.

The second local cluster can be configured by copying relay.xml to relay2.xml. Then change the mcast_addr and/or mcast_port, so we actually have 2 different cluster in case we run instances of both clusters in the same network. Of course, if the nodes of one cluster are run in a different network from the nodes of the other cluster, and they cannot talk to each other, then we can simply use the same configuration.

The site property needs to be configured in relay.xml and relay2.xml, and it has to be different. For example, relay.xml could use site="nyc" and relay2.xml could use site="sfo".

The bridge is configured by taking the stock tcp.xml and making sure both local clusters can see each other through TCP.

5.9. Relaying between multiple sites (RELAY2)

Note RELAY2 was added to JGroups in the 3.2 release.

Similar to Bridging between remote clusters, RELAY2 provides clustering between sites. However, the differences to RELAY are:

  • Clustering can be done between multiple sites. Currently (3.2), sites have to be directly reachable. In 3.3, hierarchical setups of sites will be implemented.

  • Virtual (global) views are not provided anymore. If we have clusters SFO={A,B,C} and LON={X,Y,Z}, then both clusters are completed autonomous and don’t know about each other’s existence.

  • Not only unicasts, but also multicasts can be routed between sites (configurable).

To use RELAY2, it has to be placed at the top of the configuration, e.g.:

<relay.RELAY2 site="LON" config="/home/bela/relay2.xml"
              relay_multicasts="true" />

The above configuration has a site name which will be used to route messages between sites. To do that, addresses contain the site-ID, so we always know which site the address is from. E.g. an address A1:LON in the SFO site is not local, but will be routed to the remote site SFO.

The relay_multicasts property determines whether or not multicast messages (with dest = null) are relayed to the other sites, or not. When we have a site LON, connected to sites SFO and NYC, if a multicast message is sent in site LON, and relay_multicasts is true, then all members of sites SFO and NYC will receive the message.

The config property points to an XML file which defines the setup of the sites, e.g.:

<RelayConfiguration xmlns="urn:jgroups:relay:1.0">

        <site name="lon">
                <bridge config="/home/bela/global.xml" name="global"/>

        <site name="nyc">
                <bridge config="/home/bela/global.xml" name="global"/>

        <site name="sfo">
                <bridge name="global" config="/home/bela/global.xml"/>

This defines 3 sites LON, SFO and NYC. All the sites are connected to a global cluster (bus) "global" (defined by /home/bela/global.xml). All inter-site traffic will be sent via this global cluster (which has to be accessible by all of the sites). Intra-site traffic is sent via the cluster that’s defined by the configuration of which RELAY2 is the top protocol.

The above configuration is not mandatory, ie. instead of a global cluster, we could define separate clusters between LON and SFO and LON and NYC. However, in such a setup, due to lack of hierarchical routing, NYC and SFO wouldn’t be able to send each other messages; only LON would be able to send message to SFO and NYC.

5.9.1. Relaying of multicasts

If relay_multicasts is true then any multicast received by the site master of a site (ie. the coordinator of the local cluster, responsible for relaying of unicasts and multicasts) will relay the multicast to all connected sites. This means that - beyond setting relay_multicasts - nothing has to be done in order to relay multicasts across all sites.

A recipient of a multicast message which originated from a different site will see that the sender’s address is not a UUID, but a subclass (SiteUUID) which is the UUID plus the site suffix, e.g. A1:SFO. Since a SiteUUID is a subclass of a UUID, both types can be mixed and matched, placed into hashmaps or lists, and they implement compareTo() and equals() correctly.

When a reply is to be sent to the originator of the multicast message, Message.getSrc() provides the target address for the unicast response message. This is also a SiteUUID, but the sender of the response neither has to know nor take any special action to send the response, as JGroups takes care of routing the response back to the original sender.

5.9.2. Relaying of unicasts

As discussed above, relaying of unicasts is done transparently. However, if we don’t have a target address (e.g. as a result of reception of a multicast), there is a special address SiteMaster which identifies the site master; the coordinator of a local cluster responsible for relaying of messages.

Class SiteMaster is created with the name of a site, e.g. new SiteMaster("LON"). When a unicast with destination SiteMaster("LON") is sent, then we relay the message to the current site master of LON. If the site master changes, messages will get relayed to a different node, which took over the role of the site master from the old (perhaps crashed) site master.

Sometimes only certain members of a site should become site masters; e.g. the more powerful boxes (as routing needs some additional CPU power), or multi-homed hosts which are connected to the external network (over which the sites are connected with each other).

To do this, RELAY2 can generate special addresses which contain the knowledge about whether a member should be skipped when selecting a site master from a view, or not. If can_become_site_master is set to false in RELAY2, then the selection process will skip that member. However, if all members in a given view are marked with can_become_site_master=false, then the first member of the view will get picked.

When we have all members in a view marked with can_become_site_master=false, e.g. {B,C,D}, then B is the site master. If we now start a member A with can_become_site_master=true, then B will stop being the site master and A will become the new site master.

5.9.3. Invoking RPCs across sites

Invoking RPCs across sites is more or less transparent, except for the case when we cannot reach a member of a remote site. If we want to invoke method foo() in A1, A2 (local) and SiteMaster("SFO"), we could write the following code:

List<Address> dests=new ArrayList<Address>(view.getMembers());
dests.add(new SiteMaster("SFO"));
RspList<Object> rsps;
rsps=disp.callRemoteMethods(dests, call,
              new RequestOptions(ResponseMode.GET_ALL, 5000).setAnycasting(true));
for(Rsp rsp: rsps.values()) {
        System.out.println("<< unreachable: " + rsp.getSender());
        System.out.println("<< " + rsp.getValue() + " from " + rsp.getSender());

First, we add the members (A1 and A2) of the current (local) view to the destination set. Then we add the special address SiteMaster("SFO") which acts as a placeholder for the current coordinator of the SFO site.

Next, we invoke the call with dests as target set and block until responses from all A1, A2 and SiteMaster("SFO") have been received, or until 5 seconds have elapsed.

Next, we check the response list. And here comes the bit that’s new in 3.2: if a site is unreachable, a Rsp has an additional field "unreachable", which means that we could not reach the site master of SFO for example. Note that this is not necessarily an error, as a site maybe currently down, but the caller now has the option of checking on this new status field.

5.9.4. Configuration

Let’s configure an example which consists of 3 sites SFO, LON and NYC and 2 members in each site. First we define the configuration for the local cluster (site) SFO. To do this, we could for example copy udp.xml from the JGroups distro (and name it sfo.xml) and add RELAY2 to the top (as shown above). RELAY2’s config property points to relay2.xml as shown above as well. The relay2.xml file defines a global cluster with global.xml, which uses TCP and MPING for the global cluster (copy for example tcp.xml to create global.xml)

Now copy sfo.xml to lon.xml and nyc.xml. The RELAY2 configuration stays the same for lon.xml and nyc.xml, but the multicast address and/or multicast port has to be changed in order to create 3 separate local clusters. Therefore, modify both lon.xml and nyc.xml and change mcast_port and / or mcast_addr in UDP to use separate values, so the clusters don’t interfere with each other.

To test whether we have 3 different clusters, start the Draw application (shipped with JGroups):

java -Djgroups.bind_addr= org.jgroups.demos.Draw -props ./sfo.xml -name sfo1
java -Djgroups.bind_addr= org.jgroups.demos.Draw -props ./sfo.xml -name sfo2
java -Djgroups.bind_addr= org.jgroups.demos.Draw -props ./lon.xml -name lon1
java -Djgroups.bind_addr= org.jgroups.demos.Draw -props ./lon.xml -name lon2
java -Djgroups.bind_addr= org.jgroups.demos.Draw -props ./nyc.xml -name nyc1
java -Djgroups.bind_addr= org.jgroups.demos.Draw -props ./nyc.xml -name nyc2

We should now have 3 local clusters (= sites) of 2 instances each. When RELAY2.relay_multicasts is true, if you draw in one instance, we should see the drawing in all 6 instances. This means that relaying of multicasting between sites works. If this doesn’t work, run a few Draw instances on global.xml, to see if they find each other.

Note that the first member of each cluster always joins the global cluster (defined by global.xml) too. This is necessary to relay messages between sites.

To test unicasts between sites, you can use the org.jgroups.demos.RelayDemoRpc program: start it as follows:

java org.jgroups.demos.RelayDemoRpc -props ./sfo.xml -name sfo1

Start 2 instances in 3 sites and then use

mcast lon sfo nyc

to invoke RPCs on all local members and site masters SFO, NYC and LON. If one of the sites is down, you’ll get a message stating the site is unreachable.

5.10. Daisychaining

Daisychaining refers to a way of disseminating messages sent to the entire cluster.

The idea behind it is that it is inefficient to broadcast a message in clusters where IP multicasting is not available. For example, if we only have TCP available (as is the case in most clouds today), then we have to send a broadcast (or group) message N-1 times. If we want to broadcast M to a cluster of 10, we send the same message 9 times.

Example: if we have {A,B,C,D,E,F}, and A broadcasts M, then it sends it to B, then to C, then to D etc. If we have a 1 GB switch, and M is 1GB, then sending a broadcast to 9 members takes 9 seconds, even if we parallelize the sending of M. This is due to the fact that the link to the switch only sustains 1GB / sec. (Note that I’m conveniently ignoring the fact that the switch will start dropping packets if it is overloaded, causing TCP to retransmit, slowing things down)…​

Let’s introduce the concept of a round. A round is the time it takes to send or receive a message. In the above example, a round takes 1 second if we send 1 GB messages. In the existing N-1 approach, it takes X * (N-1) rounds to send X messages to a cluster of N nodes. So to broadcast 10 messages a the cluster of 10, it takes 90 rounds.


The idea is that, instead of sending a message to N-1 members, we only send it to our neighbor, which forwards it to its neighbor, and so on. For example, in {A,B,C,D,E}, D would broadcast a message by forwarding it to E, E forwards it to A, A to B, B to C and C to D. We use a time-to-live field, which gets decremented on every forward, and a message gets discarded when the time-to-live is 0.

The advantage is that, instead of taxing the link between a member and the switch to send N-1 messages, we distribute the traffic more evenly across the links between the nodes and the switch. Let’s take a look at an example, where A broadcasts messages m1 and m2 in cluster {A,B,C,D}, --> means sending:

5.10.1. Traditional N-1 approach

  • Round 1: A(m1) --> B

  • Round 2: A(m1) --> C

  • Round 3: A(m1) --> D

  • Round 4: A(m2) --> B

  • Round 5: A(m2) --> C

  • Round 6: A(m2) --> D

It takes 6 rounds to broadcast m1 and m2 to the cluster.

5.10.2. Daisychaining approach

  • Round 1: A(m1) --> B

  • Round 2: A(m2) --> B || B(m1) --> C

  • Round 3: B(m2) --> C || C(m1) --> D

  • Round 4: C(m2) --> D

In round 1, A send m1 to B.

In round 2, A sends m2 to B, but B also forwards m1 (received in round 1) to C.

In round 3, A is done. B forwards m2 to C and C forwards m1 to D (in parallel, denoted by ``||`).

In round 4, C forwards m2 to D.

5.10.3. Switch usage

Let’s take a look at this in terms of switch usage: in the N-1 approach, A can only send 125MB/sec, no matter how many members there are in the cluster, so it is constrained by the link capacity to the switch. (Note that A can also receive 125MB/sec in parallel with today’s full duplex links).

So the link between A and the switch gets hot.

In the daisychaining approach, link usage is more even: if we look for example at round 2, A sending to B and B sending to C uses 2 different links, so there are no constraints regarding capacity of a link. The same goes for B sending to C and C sending to D.

In terms of rounds, the daisy chaining approach uses X + (N-2) rounds, so for a cluster size of 10 and broadcasting 10 messages, it requires only 18 rounds, compared to 90 for the N-1 approach!

5.10.4. Performance

To measure performance of DAISYCHAIN, a performance test (test.Perf) was run, with 4 nodes connected to a 1 GB switch; and every node sending 1 million 8K messages, for a total of 32GB received by every node. The config used was tcp.xml.

The N-1 approach yielded a throughput of 73 MB/node/sec, and the daisy chaining approach 107MB/node/sec!

5.10.5. Configuration

DAISYCHAIN can be placed directly on top of the transport, regardless of whether it is UDP or TCP, e.g.

<TCP .../>
<TCPPING .../>
Note Daisychaining is experimental. While results show that performance for multicast messages (= messages to all cluster nodes) is excellent, it has never been tested extensively.

5.11. Tagging messages with flags

A message can be tagged with a selection of flags, which alter the way certain protocols treat the message. This is done as follows:

Message msg=new Message().setFlag(Message.Flag.OOB, Message.Flag.NO_FC);

Here we tag the message to be OOB (out of band) and to bypass flow control.

The advantage of tagging messages is that we don’t need to change the configuration, but instead can override it on a per-message basis.

The available flags are:


This tags a message as out-of-band, which will get it processed by the out-of-band thread pool at the receiver’s side. Note that an OOB message does not provide any ordering guarantees, although OOB messages are reliable (no loss) and are delivered only once. See Out-of-band messages for details.


This flag causes the transport not to bundle the message, but to send it immediately. See Message bundling and performance for a discussion of the DONT_BUNDLE flag with respect to performance of blocking RPCs.


This flag bypasses any flow control protocol (see Flow control) for a discussion of flow control protocols.


When sending unicast or multicast messages, some protocols (UNICAST3, NAKACK2) add sequence numbers to the messages in order to (1) deliver them reliably and (2) in order.
If we don’t want reliability, we can tag the message with flag NO_RELIABILITY. This means that a message tagged with this flag may not be received, may be received more than once, or may be received out of order.
A message tagged with NO_RELIABILITY will simply bypass reliable protocols such as UNICAST3 and NAKACK2.
For example, if we send multicast message M1, M2 (NO_RELIABILITY), M3 and M4, and the starting sequence number is #25, then M1 will have seqno #25, M3 will have #26 and M4 will have #27. We can see that we don’t allocate a seqno for M2 here.


If we use a total order configuration with SEQUENCER (SEQUENCER), then we can bypass SEQUENCER (if we don’t need total order for a given message) by tagging the message with flag NO_TOTAL_ORDER.


If we use RELAY (see Bridging between remote clusters) and don’t want a message to be relayed to the other site(s), then we can tag the message with NO_RELAY.


When this flag is set, a message send will block until the receiver (unicast) or receivers (multicast) have acked reception of the message, or until a timeout occurs. See Synchronous messages for details.


This is the same as RSVP, but doesn’t block the sender of a message (invoker of an RPC). The call therefore returns immediately, but RSVP will resend the message until it has received all acks, or the timeout kicked in.


If this flag is set and the message is a multicast message (dest == null), then the transport by default (1) multicasts the message, (2) loops it back up the stack (on a separate thread) and (3) discards the multicast when received.
When DONT_LOOPBACK is set, the message will be multicast, but it will not be looped back up the stack. This is useful for example when the sender doesn’t want to receive its own multicast. Contrary to JChannel.setDiscardOwnMessages(), this flag can be set per message and the processing is done at the transport level rather than the JChannel level.
An example is the Discovery protocol: when sending a discovery request, the sender is only interested in responses from other members and therefore doesn’t need to receive its own discovery multicast request.
Note that this is a transient flag, so Message.setTransientFlag() has to be used instead of Message.setFlag()

Note Note that DONT_LOOPBACK does not make any sense for unicast messages, as the sender of a message sent to itself will never receive it.

5.12. Performance tests

There are a number of performance tests shipped with JGroups. The section below discusses MPerf and UPerf.

5.12.1. MPerf

MPerf is a test which measures multicast performance. This doesn’t mean IP multicast performance, but point-to-multipoint performance. Point-to-multipoint means that we measure performance of one-to-many messages; in other words, messages sent to all cluster members.

MPerf is dynamic; it doesn’t need a setup file to define the number of senders, number of messages to be sent and message size.

Instead, all the configuration needed by an instance of MPerf is an XML stack configuration, and configuration changes done in one member are automatically broadcast to all other members.

MPerf can be started as follows:

java -cp $CLASSPATH org.jgroups.tests.perf.MPerf -props ./fast.xml

This assumes that we’re using IPv4 addresses (otherwise IPv6 addresses are used) and the JGroups JAR on the classpath.

A screen shot of MPerf looks like this (could be different, depending on the JGroups version):

[belasmac] /Users/bela$ -props ~/fast.xml -name A

----------------------- MPerf -----------------------
Date: Mon Sep 05 14:26:55 CEST 2016
Run by: bela
JGroups version: 4.0.0-SNAPSHOT

GMS: address=A, cluster=mperf, physical address=
** [A|0] (1) [A]
[1] Send [2] View
[3] Set num msgs (1000000) [4] Set msg size (1KB) [5] Set threads (10) [6] New config (/Users/bela/fast.xml)
[7] Number of senders (all) [o] Toggle OOB (false)
[x] Exit this [X] Exit all [c] Cancel sending

We’re starting MPerf with -props ~/fast.xml and -name A. The -props option points to a JGroups configuration file, and -name gives the member the name "A".

A few instances of MPerf can now be started and each instance should join the same cluster.

MPerf can then be run by pressing [1]. In this case, every member in the cluster (in the example, we have members A and B) will send 1 million 1K messages. Once all messages have been received, MPerf will write a summary of the performance results to stdout:

[1] Send [2] View
[3] Set num msgs (1000000) [4] Set msg size (1KB) [5] Set threads (10) [6] New config (/Users/bela/fast.xml)
[7] Number of senders (all) [o] Toggle OOB (false)
[x] Exit this [X] Exit all [c] Cancel sending
-- sending 1000000 msgs
++ sent 100000
-- received 200000 msgs (217 ms, 921658.99 msgs/sec, 921.66MB/sec)
++ sent 200000
++ sent 300000
-- received 400000 msgs (225 ms, 888888.89 msgs/sec, 888.89MB/sec)
++ sent 400000
++ sent 500000
-- received 600000 msgs (228 ms, 877192.98 msgs/sec, 877.19MB/sec)
++ sent 600000
++ sent 700000
-- received 800000 msgs (277 ms, 722021.66 msgs/sec, 722.02MB/sec)
++ sent 800000
++ sent 900000
-- received 1000000 msgs (412 ms, 485436.89 msgs/sec, 485.44MB/sec)
++ sent 1000000
-- received 1200000 msgs (305 ms, 655737.7 msgs/sec, 655.74MB/sec)
-- received 1400000 msgs (294 ms, 680272.11 msgs/sec, 680.27MB/sec)
-- received 1600000 msgs (228 ms, 877192.98 msgs/sec, 877.19MB/sec)
-- received 1800000 msgs (223 ms, 896860.99 msgs/sec, 896.86MB/sec)
-- received 2000000 msgs (237 ms, 843881.86 msgs/sec, 843.88MB/sec)


A: 2000000 msgs, 2GB received, time=2646ms, msgs/sec=755857.9, throughput=755.86MB
B: 2000000 msgs, 2GB received, time=2642ms, msgs/sec=757002.27, throughput=757MB

 Average/node:    2000000 msgs, 2GB received, time=2644ms, msgs/sec=756429.65, throughput=756.43MB
 Average/cluster: 4000000 msgs, 4GB received, time=2644ms, msgs/sec=1512859.3, throughput=1.51GB

In the sample run above, we see member A’s screen. A sends 1 million messages and waits for its 1 million and the 1 million messages from B to be received before it dumps some stats to stdout. The stats include the number of messages and bytes received, the time, the message rate and throughput averaged over the 2 members. It also shows the aggregated performance over the entire cluster.

In the sample run above (both processes on the same box), we got an average 756 MB of data per member per second, and an aggregated 1.5 GB per second for the entire cluster (A and B in this case).

Parameters such as the number of messages to be sent, the message size and the number of threads to be used to send the messages can be configured by pressing the corresponding numbers. After pressing return, the change will be broadcast to all cluster members, so that we don’t have to go to each member and apply the same change. Also, new members started, will fetch the current configuration and apply it.

For example, if we set the message size in A to 2000 bytes, then the change would be sent to B, which would apply it as well. If we started a third member C, it would also have a configuration with a message size of 2000.

Another feature is the ability to restart all cluster members with a new configuration. For example, if we modified ./fast.xml, we could select [6] to make all cluster members disconnect and close their existing channels and start a new channel based on the modified fast.xml configuration.

The new configuration file doesn’t even have to be accessible on all cluster members; only on the member which makes the change. The file contents will be read by that member, converted into a byte buffer and shipped to all cluster members, where the new channel will then be created with the byte buffer (converted into an input stream) as config.

Being able to dynamically change the test parameters and the JGroups configuration makes MPerf suited to be run in larger clusters; unless a new JGroups version is installed, MPerf will never have to be restarted manually.

5.12.2. UPerf

UPerf is used to measure point-to-point (= unicast) communication between members. Start a few members like this:

java -cp $CLASSPATH org.jgroups.tests.perf.UPerf -props ./fast.xml

They will form a cluster. When [1] is pressed, every node will invoke 20000 synchronous RPCs on other members, each time randomly selecting a member from the cluster. This will be done by 25 threads, but both number of RPCs and sender threads can be changed dynamically across the entire cluster at runtime.

With an 80% chance, a request will mimic a GET which is a small request returning a (by default) 1K response. With a 20% chance, the request is a PUT which is a 1K request and a small response. The read-write ration can be changed via [r].

GETs and PUTs mimic a distributed cache where GETs query information from the cache and PUT update information.

When done, every member sends its results back to the node on which the test was started, which then tallies the results, computes averages etc and prints the result of this round to stdout.

Here’s a sample run on member A:

[1] Invoke RPCs [6] Sender threads (25) [7] Num msgs (20000) [8] Msg size (1KB)
[s] Sync (true) [o] OOB (true) [b] Msg bundling (true)
[a] Anycast count (2) [r] Read percentage (0.80)
[l] local gets (false) [d] print details (false)  [i] print invokers (false)
[v] View [x] Exit [X] Exit all

invoking 20000 RPCs of 1KB, sync=true, oob=true, msg_bundling=true

done (in 877 ms)

======================= Results: ===========================
D: 23121.39 reqs/sec (15813 gets, 4187 puts, get RTT 971.37 us, put RTT 1495.74 us)
A: 22805.02 reqs/sec (15826 gets, 4174 puts, get RTT 992.44 us, put RTT 1541.44 us)
B: 24449.88 reqs/sec (15807 gets, 4193 puts, get RTT 873.63 us, put RTT 1551.84 us)
C: 22371.36 reqs/sec (15826 gets, 4174 puts, get RTT 937.02 us, put RTT 1755.55 us)

Throughput: 23161.55 reqs/sec/node (23.16MB/sec)
Roundtrip:  gets avg = 932.40 us, puts avg = 1646.17 us

This run was on a cluster consisting of {A,B,C,D} and the test was initiated on member A. When everyone is done, the results for A, B, C and D are printed individually, then averages for throughout and round-trip times are computed and also printed to stdout.

In this round, every node managed to invoke roughly 23'000 sync RPCs per second on randomly selected other members. The average GET time was slightly under 1 ms and PUT was roughly 1.6 ms.

5.13. Ergonomics

Ergonomics is similar to the dynamic setting of optimal values for the JVM, e.g. garbage collection, memory sizes etc. In JGroups, ergonomics means that we try to dynamically determine and set optimal values for protocol properties. Examples are thread pool size, flow control credits, heartbeat frequency and so on.

There is an ergonomics property which can be enabled or disabled for every protocol. The default is true. To disable it, set it to false, e.g.:

<UDP... />
<PING ergonomics="false"/>

Here we leave ergonomics enabled for UDP (the default is true), but disable it for PING.

Ergonomics is work-in-progress, and will be implemented over multiple releases.

5.14. Supervising a running stack

SUPERVISOR (SUPERVISOR) provides a rule based fault detection and correction protocol. It allows for rules to be installed, which are periodically invoked. When invoked, a condition can be checked and corrective action can be taken to fix the problem. Essentially, SUPERVISOR acts like a human administrator, except that condition checking and action triggering is done automatically.

An example of a rule is org.jgroups.protocols.rules.CheckFDMonitor: invoked periodically, it checks if the monitor task in FD is running when the membership is 2 or more and - if not - restarts it. The sections below show how to write the rule and how to invoke it.

All rules to be installed in SUPERVISOR are listed in an XML file, e.g. rules.xml:

<rules xmlns="urn:jgroups:rules:1.0">
     <rule name="rule1" class="org.jgroups.protocols.rules.CheckFDMonitorRule"

There is only one rule "rule1" present, which is run every second. The name of the class implementing the rule is "org.jgroups.protocols.rules.CheckFDMonitorRule", and its implementation is:

public class CheckFDMonitor extends Rule {
    protected FD fd;

    public String name() {return "sample";}

    public String description() {
        return "Starts FD.Monitor if membership > 1 and monitor isn't running";

    public void init() {
        if(fd == null) {
  "FD was not found, uninstalling myself (sample)");

    public boolean eval() {
        return sv.getView() != null && sv.getView().size() > 1
            && !fd.isMonitorRunning();

    public String condition() {
        View view=sv.getView();
        return "Membership is " + (view != null? view.size() : "n/a") +
            ", FD.Monitor running=" + fd.isMonitorRunning();

    public void trigger() throws Throwable {
        System.out.println(sv.getLocalAddress() + ": starting failure detection");

CheckFDMonitor extends abstract class Rule which sets a reference to SUPERVISOR and the log when the rule has been installed.

Method name() needs to return a unique name by which the rule can be uninstalled later if necessary.

Description() should provide a meaningful description (used by JMX).

In init(), a reference to FD is set by getting the protocol stack from the SUPERVISOR (sv). If not found, e.g. because there is no FD protocol present in a given stack, the rule uninstalls itself.

Method eval() is called every second. It checks that the monitor task in FD is running (when the membership is 2 or more) and, if not, returns true. In that case, method trigger() will get called by the code in the Rule superclass and it simply restarts the stopped monitor task.

Note that rules can be installed and uninstalled dynamically at runtime, e.g. via op=SUPERVISOR.installRule["myrule", 1000,"org.jgroups.protocols.rules.CheckFDMonitor"] op=SUPERVISOR.uninstallRule["myrule"] op=SUPERVISOR.dumpRules

5.15. Probe

Probe is the Swiss Army Knife of JGroups; it allows to fetch information about the members running in a cluster, get and set properties of the various protocols, and invoke methods in all cluster members.

Probe can even insert protocols into running cluster members, or remove/replace existing protocols. Note that this doesn’t make sense though with stateful protocols such as NAKACK. But this feature is helpful, it could be used for example to insert a diagnostics or stats protocol into a running system. When done, the protocol can be removed again.

Probe is a script ( in the bin directory of the source distribution) that can be invoked on any of the hosts in same network in which a cluster is running. The script essentially calls org.jgroups.tests.Probe which is part of the JGroups JAR.

Otherwise, probe can be run as follows:

java -cp jgroups.jar org.jgroups.tests.Probe

For IPv6 stacks, the system property can be omitted.

Note Probe by default uses IP multicasting to send probe requests to all cluster nodes. However, if IP multicasting is not available or disabled in a network, probe can also be given the address of a single member via the -addr option. That member then returns the addresses of the other cluster members, and probe sends the request to all members individually.

The way probe works is that every stack has an additional multicast socket that by default listens on for diagnostics requests from probe. The configuration is located in the transport protocol (e.g. UDP), and consists of the following properties:

Table 4. Properties for diagnostics / probe
Name Description


Whether or not to enable diagnostics (default: true). When enabled, this will create a MulticastSocket and we have one additional thread listening for probe requests. When disabled, we’ll have neither the thread nor the socket created.


The multicast address which the MulticastSocket should join. The default is for IPv4 and ff0e::0:75:75 for IPv6.


The port on which the MulticastSocket should listen. The default is 7500.

Probe is extensible; by implementing a ProbeHandler and registering it with the transport (TP.registerProbeHandler()), any protocol, or even applications can register functionality to be invoked via probe. Refer to the javadoc for details.

To get information about the cluster members running in the local network, we can use the following probe command:

[belasmac] /Users/bela$

-- sending probe on /

#1 (100 bytes):
view=[A|1] (2) [A, B]

#2 (100 bytes):
view=[A|1] (2) [A, B]

2 responses (2 matches, 0 non matches)
[belasmac] /Users/bela$

This gets us 2 responses, from A and B. "A" and "B" are the logical names, but we also see the UUIDs. They’re both in the same cluster ("draw") and both have the same view ([A|1] [A, B]). The physical address and the version of both members is also shown.

Note that -help lists the command line options.

To fetch all of the JMX information from all protocols, we can invoke probe jmx.

However, this dumps all of the JMX attributes from all protocols of all cluster members, so make sure to pipe the output into a file and awk and sed it for legibility!

However, we can also JMX information from a specific protocol, e.g. FRAG2 (slightly edited>:

[linux]/home/bela$  jmx=FRAG2

-- send probe on /

#1 (318 bytes):
local_addr=B [88588976-5416-b054-ede9-0bf8d4b56c02]
jmx=FRAG2={id=5, level=off, num_received_msgs=131, frag_size=60000,
           num_sent_msgs=54, stats=true, num_sent_frags=0,
           name=FRAG2, ergonomics=true, num_received_frags=0}

view=[A|1] [A, B]

#2 (318 bytes):
local_addr=A [1a1f543c-2332-843b-b523-8d7653874de7]
jmx=FRAG2={id=5, level=off, num_received_msgs=131, frag_size=60000,
           num_sent_msgs=77, stats=true, num_sent_frags=0,
           name=FRAG2, ergonomics=true, num_received_frags=0}

view=[A|1] [A, B]

2 responses (2 matches, 0 non matches)

We can also get information about specific properties in a given protocol:

[belasmac] /Users/bela$  jmx=NAKACK2.xmit

-- sending probe on /

#1 (597 bytes):
local_addr=A [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 2 mbr(s)]
NAKACK2={xmit_from_random_member=false, xmit_interval=500, xmit_reqs_received=0, xmit_reqs_sent=0, xmit_rsps_received=0, xmit_rsps_sent=0, xmit_table_capacity=204800, xmit_table_max_compaction_time=30000, xmit_table_missing_messages=0, xmit_table_msgs_per_row=2000, xmit_table_num_compactions=0, xmit_table_num_current_rows=100, xmit_table_num_moves=0, xmit_table_num_purges=1, xmit_table_num_resizes=0, xmit_table_num_rows=100, xmit_table_resize_factor=1.2, xmit_table_undelivered_msgs=0, xmit_task_running=true}

#2 (597 bytes):
local_addr=B [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 2 mbr(s)]
NAKACK2={xmit_from_random_member=false, xmit_interval=500, xmit_reqs_received=0, xmit_reqs_sent=0, xmit_rsps_received=0, xmit_rsps_sent=0, xmit_table_capacity=204800, xmit_table_max_compaction_time=30000, xmit_table_missing_messages=0, xmit_table_msgs_per_row=2000, xmit_table_num_compactions=0, xmit_table_num_current_rows=100, xmit_table_num_moves=0, xmit_table_num_purges=1, xmit_table_num_resizes=0, xmit_table_num_rows=100, xmit_table_resize_factor=1.2, xmit_table_undelivered_msgs=0, xmit_task_running=true}

2 responses (2 matches, 0 non matches)
[belasmac] /Users/bela$

This returns all JMX attributes that start with "xmit" in all NAKACK2 protocols of all cluster members. We can also pass a list of attributes:

[belasmac] /Users/bela$  jmx=NAKACK2.xmit,num

-- sending probe on /

#1 (646 bytes):
local_addr=A [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 2 mbr(s)]
NAKACK2={num_messages_received=115, num_messages_sent=26, xmit_from_random_member=false, xmit_interval=500, xmit_reqs_received=0, xmit_reqs_sent=0, xmit_rsps_received=0, xmit_rsps_sent=0, xmit_table_capacity=204800, xmit_table_max_compaction_time=30000, xmit_table_missing_messages=0, xmit_table_msgs_per_row=2000, xmit_table_num_compactions=0, xmit_table_num_current_rows=100, xmit_table_num_moves=0, xmit_table_num_purges=1, xmit_table_num_resizes=0, xmit_table_num_rows=100, xmit_table_resize_factor=1.2, xmit_table_undelivered_msgs=0, xmit_task_running=true}

#2 (646 bytes):
local_addr=B [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 2 mbr(s)]
NAKACK2={num_messages_received=115, num_messages_sent=89, xmit_from_random_member=false, xmit_interval=500, xmit_reqs_received=0, xmit_reqs_sent=0, xmit_rsps_received=0, xmit_rsps_sent=0, xmit_table_capacity=204800, xmit_table_max_compaction_time=30000, xmit_table_missing_messages=0, xmit_table_msgs_per_row=2000, xmit_table_num_compactions=0, xmit_table_num_current_rows=100, xmit_table_num_moves=0, xmit_table_num_purges=1, xmit_table_num_resizes=0, xmit_table_num_rows=100, xmit_table_resize_factor=1.2, xmit_table_undelivered_msgs=0, xmit_task_running=true}

2 responses (2 matches, 0 non matches)
[belasmac] /Users/bela$

This returns all attributes of NAKACK2 that start with "xmit" or "num".

To invoke an operation, e.g. to set the logging level in all UDP protocols from "warn" to "trace", we can use op=UPD.setLevel["trace"]. This raises the logging level in all UDP protocols of all cluster members, which is useful to diagnose a running system.

Operation invocation uses reflection, so any method defined in any protocol can be invoked. This is a powerful tool to get diagnostics information from a running cluster.

For further information, refer to the command line options of probe ( -h).

5.15.1. Looking at details of RPCs with probe

Probe can also be used to inspect for every node P:

  • the number of unicast RPCs invoked (sync or async)

  • the number of multicast RPCs invoked (sync or async)

  • the number of anycast RPCs invoked (sync or async)

For sync RPCs, it is also possible to get the min/max/avg times for RPCs to a given destination.

Since taking the times for all sync RPCs takes time (2x System.nanoTime() for each RPC), this is disabled by default and has to be enabled (assuming we have 4 nodes running): rpcs-enable-details

From now on, timings for sync RPCs will be taken (async RPCs are not timed and therefore not affected by the timing costs). To disable this, probe rpcs-disable-details can be called.

To get RPC stats, rpcs and rpcs-details can be used:

[belasmac] /Users/bela/JGroups$ rpcs rpcs-details

-- sending probe on /
#1 (481 bytes):
local_addr=C [ip=, version=3.6.8-SNAPSHOT, cluster=uperf, 4 mbr(s)]
uperf: sync  multicast RPCs=0
uperf: async unicast   RPCs=0
uperf: async multicast RPCs=0
uperf: sync  anycast   RPCs=67480
uperf: async anycast   RPCs=0
uperf: sync  unicast   RPCs=189064
D: async: 0, sync: 130434, min/max/avg (ms): 0.13/924.88/2.613
A: async: 0, sync: 130243, min/max/avg (ms): 0.11/926.35/2.541
B: async: 0, sync: 63346, min/max/avg (ms): 0.14/73.94/2.221

#2 (547 bytes):
local_addr=A [ip=, version=3.6.8-SNAPSHOT, cluster=uperf, 4 mbr(s)]
uperf: sync  multicast RPCs=5
uperf: async unicast   RPCs=0
uperf: async multicast RPCs=0
uperf: sync  anycast   RPCs=67528
uperf: async anycast   RPCs=0
uperf: sync  unicast   RPCs=189200
<all>: async: 0, sync: 5, min/max/avg (ms): 2.11/9255.10/4917.072
C: async: 0, sync: 130387, min/max/avg (ms): 0.13/929.71/2.467
D: async: 0, sync: 63340, min/max/avg (ms): 0.13/63.74/2.469
B: async: 0, sync: 130529, min/max/avg (ms): 0.13/929.71/2.328

#3 (481 bytes):
local_addr=B [ip=, version=3.6.8-SNAPSHOT, cluster=uperf, 4 mbr(s)]
uperf: sync  multicast RPCs=0
uperf: async unicast   RPCs=0
uperf: async multicast RPCs=0
uperf: sync  anycast   RPCs=67255
uperf: async anycast   RPCs=0
uperf: sync  unicast   RPCs=189494
C: async: 0, sync: 130616, min/max/avg (ms): 0.13/863.93/2.494
A: async: 0, sync: 63210, min/max/avg (ms): 0.14/54.35/2.066
D: async: 0, sync: 130177, min/max/avg (ms): 0.13/863.93/2.569

#4 (482 bytes):
local_addr=D [ip=, version=3.6.8-SNAPSHOT, cluster=uperf, 4 mbr(s)]
uperf: sync  multicast RPCs=0
uperf: async unicast   RPCs=0
uperf: async multicast RPCs=0
uperf: sync  anycast   RPCs=67293
uperf: async anycast   RPCs=0
uperf: sync  unicast   RPCs=189353
C: async: 0, sync: 63172, min/max/avg (ms): 0.13/860.72/2.399
A: async: 0, sync: 130342, min/max/avg (ms): 0.13/862.22/2.338
B: async: 0, sync: 130424, min/max/avg (ms): 0.13/866.39/2.350

The example output shows stats for members C, A, B and D. When looking at the output of member A, we can see that A

  • invoked 5 sync multicast RPCs

  • invoked 67528 sync anycasts (RPCs to a subset of the cluster, sent as a number of unicasts)

  • invoked 189200 sync unicast RPCs

  • sent 5 sync multicast RPCs which took an average of 4.9 seconds and a max of 9 seconds. The reason is that these were multicast RPCs in UPerf which started the test on each node and waited until it got results from all nodes. So these times are essentially the times it took the individual tests to run

  • invoked 63340 sync unicast RPCs on D, which took a min of 0.13 ms, a max of 63.74 ms and an average of 2.469 ms per RPC.

To reset the numbers, rpcs-reset can be called.

5.16. Determining the coordinator and controlling view generation

In 3.4 the membership change algorithm was made pluggable; now application code can be called to determine how a new view is created. This is done for both regular views, e.g. caused by joins, leaves or crashes, and for merge views.

The tenet that the coordinator is always the first member of a view has not changed, but because the view generation can be done by application code, that code essentially also controls which member should be the coordinator.

This can be used to for example pin the coordinatorship to only certain beefy servers. Another example is to make sure that only one of the previous coordinators becomes the new coordinator after a merge. This reduces the frequency with which the coordinator moves around and thus increases stability for singleton services (services which are started only on one node in a given cluster).

To do this, interface MembershipChangePolicy has to be implemented:

public interface MembershipChangePolicy {
    List<Address> getNewMembership(final Collection<Address> current_members,
                                   final Collection<Address> joiners,
                                   final Collection<Address> leavers,
                                   final Collection<Address> suspects);

    List<Address> getNewMembership(final Collection<Collection<Address>> subviews);

The first method is called whenever a regular view needs to be created. Parameter current_members is a list of the current members in the view. Joiners is the list of new members, leavers the members which want to leave the cluster and suspects the members which were suspected to have crashed.

The default policy adds the joiners to the end of the current members and removes suspected and leaving members.

The second method accepts a list of membership lists; each list represents a subview that needs to get merged into a new MergeView. For example, we could have {A,B,C}, {M,N,O,P} and {X,Y,Z}. A, M and X are the respective coordinators of the subviews and the task of the code is to determine the single coordinator which will be coordinator of the merged view. The default implementation adds all subview coordinators to a sorted set, takes the first (say M), adds it to the resulting list and then adds the subviews in turn. This could result in a MergeView like {M,A,B,C,N,O,P,X,Y,Z}.

Ordering and duplicate elements
In both regular and merge views, it is important that there are no duplicate members. It is entirely possible to get overlapping subviews in the case of a merge, for instance: {A,B,C}, {C,D} and {C,D}. This cannot result in C or D being present in the resulting merge view multiple times.

A MembershipChangePolicy can be set in GMS via property membership_change_policy, which accepts the fully qualified classname of the implementation of MembershipChangePolicy. There is also a setter, setMembershipChangePolicy() which can be used to set the change policy programmatically.

The following example shows how to pin coordinatorship to a certain subset of nodes in a cluster.

Beefy nodes need to be marked as such, and this is done by using a special address, generated by an address generator (see Generating custom addresses) in JChannel:

    channel.setAddressGenerator(new AddressGenerator() {
        public Address generateAddress() {
            return PayloadUUID.randomUUID(channel.getName(), "beefy");

First we check if the current node that’s about to be started needs to be marked as beefy. This would typically be passed to the instance via a command flag. If so, we grab the current channel (before it is started) and set an AddressGenerator which simply creates a subclass of UUID, a PayloadUUID.

The MembershipChangePolicy now knows if a node is beefy or not by checking if the node’s address is a PayloadUUID (versus a regular UUID).

A possible implementation of MembershipChangePolicy is shown below:

public List<Address> getNewMembership(final Collection<Address> current_members,
                                      final Collection<Address> joiners,
                                      final Collection<Address> leavers,
                                      final Collection<Address> suspects) {
    Membership retval=new Membership();

    // add the beefy nodes from the current membership first
    for(Address addr: current_members) {
        if(addr instanceof PayloadUUID)

    // then from joiners
    for(Address addr: joiners) {
        if(addr instanceof PayloadUUID)

    // then add all non-beefy current nodes

    // finally the non-beefy joiners

    return retval.getMembers();

The idea is simple: we want beefy servers to be the first elements of a view. However, when a new beefy server joins, it should not become the new coordinator if the current coordinator already is a beefy server, but add itself to the end of the beefy servers, in front of non-beefy servers.

First we create a Membership, which is an ordered list without duplicates. We then iterate through the current membership and add the beefy servers to the list. The same is done with beefy joiners.

After that, we simply add all other current members (duplicates are suppressed by Membership) and joiners and remove suspected and leaving members.

The effect of this is that - while there are beefy servers in a view - the oldest beefy server will be the coordinator, then the second-oldest and so on. When no beefy servers are left, the oldest non-beefy server will be coordinator. When a beefy server joins again, it will become coordinator, taking the coordinatorship away from the previous non-beefy server.

5.17. ForkChannels: light-weight channels to piggy-back messages over an existing channel

A ForkChannel is a subclass of JChannel (JChannel) implementing only a subset of methods (unimplemented methods throw an UnsupportedOperationException). It is a light-weight channel, referencing a JChannel (main channel), and it is cheap to create a ForkChannel, connect to a cluster, disconnect from it and close the channel.

A ForkChannel can be forked off of an existing stack (hence the name) and can add its own protocols to the newly created fork stack. Fork stacks can be created declaratively (at main channel creation time) or dynamically using the programmatic API.

The main use case for ForkChannels are

  • No need to configure and create a separate channel, but use of an existing JChannel (e.g. grabbed from Infinispan or WildFly) for private communication. Example: if we’re running an Infinispan cache in a cluster and need the cluster nodes to communicate with each other, then we can create a ForkChannel to do that. The main channel used by Infinispan does not see the communication going on over the private fork channel, and vice versa. This is because a fork channel is given a unique ID and that ID is used to deliver messages sent by it only to fork channels with the same ID.

  • If we cannot for some reason modify the main stack’s configuration, we can create a fork channel and a corresponding fork stack and add the protocols we need to that fork stack. Example: an application needs a fork stack with COUNTER (a distributed atomic counter) on top. To do so, it can create a fork stack with COUNTER and a fork channel connecting to that stack, and it will now have distributed atomic counter capabilities on its fork stack, which is not available in the main stack.

The architecture is shown in Architecture of a ForkChannel.

FORK architecture
Figure 9. Architecture of a ForkChannel

In the example, a main channel and 5 fork channels are shown. They are all running in the same JVM.

The brown stack to the left is the main stack and it has the main channel connected to it. Not all protocols are shown, but we’ve listed the GMS, MFC, FORK and FRAG2 protocols. The FORK protocol needs to be present in the main stack, or else fork stacks can not be created.

The FORK protocol of the main stack contains 2 fork stacks: "counter" and "lock". These are fork stack IDs and are used when creating a fork channel to determine whether fork channels share the same fork stack, or not.

The blue stack in the middle is a fork-stack with fork stack ID "counter". It adds protocol COUNTER to the protocols provided by the main stack. Therefore a message passing down through fork stack "counter" will pass through protocols COUNTER, FORK, MFC and GMS.

Fork channels have an ID, too, e.g. "fork-ch1". The combination of fork stack ID and fork channel ID is used to demultiplex incoming messages. For example, if fork channel 2 sends a message, it’ll pass through COUNTER and into FORK. There, a header is added to the message, containing fork channel ID="fork-ch2" and fork stack ID="counter". Then the message passes down the main stack, through MFC, GMS and so on.

When the message is received, it passes up the reverse order: first GMS, then MFC, then it is received by FORK. If there is no header, FORK passes the message up the main stack, where it passes through FRAG2 and ends up in the main channel. If a header is present, the fork stack ID is used to find the correct fork-stack ("counter"). If no fork stack is found, a warning message is logged. The message then passes through COUNTER. Finally, the fork channel ID ("fork-ch2") is used to find the right fork channel and the message is passed to it.

Note that a fork stack can have more than 1 protocol; for example the yellow fork stack on the right side has 2 protocols. A fork stack can also have 0 protocols. In that case, it is only used to have a private channel for communication, and no additional protocols are required on top of the main stack.

Fork channels sharing the same fork stack also share state. For example, fork channels fork-ch1 and fork-ch2 share COUNTER, which means they will see each other’s increments and decrements of the same counter. If fork stack "lock" also had a COUNTER protocol, and fork-ch1 anf fork-ch4 accessed a counter with the same name, they would still not see each other’s changes, as they’d have 2 different COUNTER protocols.

5.17.1. Configuration

Fork stacks can be created programmatically or declaratively. Let’s take a look at the latter first. The XML fragment below shows this:

<MFC max_credits="2M" min_threshold="0.4"/>
<FORK config="/home/bela/fork-stacks.xml" />
<FRAG2 frag_size="60K" />

FORK refers to an external file to configure its fork stacks:

<fork-stacks xmlns="fork-stacks">
    <fork-stack id="counter">
            <COUNTER bypass_bundling="true"/>

    <fork-stack id="lock">
             <CENTRAL_LOCK num_backups="2"/>


The file fork-stacks.xml defines 2 fork stacks: "counter" and "lock". Each fork-stack element has an id attribute which defines the fork stack’s ID. Note that all fork stacks have to have unique IDs.

After the fork-stack element, the child element starting with config is a regular JGroups XML config file schema, where protocols are defined from bottom to top. For example, fork stack "lock" defines that CENTRAL_LOCK is the first protocol on top of FORK for the given fork stack, and STATS is on top of CENTRAL_LOCK.

When FORK is initialized, it will create the 2 fork stacks. When fork channels are created (see the next section), they can pick one of the 2 existing fork stacks to be created over, or they can dynamically create new fork stacks.

5.17.2. Creation of fork channels

A fork channel is created by instantiating a new ForkChannel object:

JChannel main_ch=new JChannel("/home/bela/udp.xml").name("A");
ForkChannel fork_ch=new ForkChannel(main_ch, "lock", "fork-ch4",
                                    new CENTRAL_LOCK(), new STATS());

First the main channel is created. Note that udp.xml may or may not contain FORK, but for this example, we assume it is present.

Then the ForkChannel is created. It is passed the main channel, the fork stack ID ("lock") and the fork channel ID ("fork-ch4"), plus a list of already instantiated protocols (CENTRAL_LOCK and STATS). If FORK already contains a fork stack with ID="lock", the existing fork stack will be used, or else a new one will be created with protocols CENTRAL_LOCK and STATS. Then a new fork channel with ID="fork-ch4" will be added to the top of fork stack "lock". An exception will be thrown if a fork channel with the same ID already exists.

The ForkChannel now calls connect(), but the cluster name is ignored as fork channels have the same cluster name as they main channel the reference. The local address, name, view and state are also the same. This means, that even though connect() was called, the fork channel is not yet connected. As soon as the main channel is connected, the fork channel will be connected, too.

The lifetime of a fork channel is always dominated by the main channel: if the main channel is closed, all fork channels atttached to it are in closed state, too, and trying to send a message will throw an exception.

The example above showed the simplified constructor, which requires the FORK protocol to be present in the stack. There’s another constructor which allows for FORK to be created dynamically if not present:

public ForkChannel(final Channel main_channel,
                   String fork_stack_id, String fork_channel_id,
                   boolean create_fork_if_absent,
                   int position,
                   Class<? extends Protocol> neighbor,
                   Protocol ... protocols) throws Exception;

In addition to passing the main channel, the fork stack and channel IDs and the list of protocols, this constructor also allows a user to create FORK in the main stack if not present. To do so, create_fork_if_absent has to be set to true (else an exception is thrown if FORK is not found), and the neighbor protocol (e.g. FRAG2.class) has to be defined, plus the position (ProtocolStack.ABOVE/BELOW) relative to the neighbor protocol has to be defined as well.

The design of FORK / ForkChannel is discussed in more detail in FORK.txt

6. List of Protocols

This chapter describes the most frequently used protocols, and their configuration. Ergonomics (Ergonomics) strives to reduce the number of properties that have to be configured, by dynamically adjusting them at run time, however, this is not yet in place.

Meanwhile, we recommend that users should copy one of the predefined configurations (shipped with JGroups), e.g. udp.xml or tcp.xml, and make only minimal changes to it.

This section is work in progress; we strive to update the documentation as we make changes to the code.

6.1. Properties availabe in every protocol

The table below lists properties that are available in all protocols, as they’re defined in the superclass of all protocols, org.jgroups.stack.Protocol.

Table 5. Properties of org.jgroups.stack.Protocol
Name Description


Whether the protocol should collect protocol-specific runtime statistics. What those statistics are (or whether they even exist) depends on the particular protocol. See the org.jgroups.stack.Protocol javadoc for the available API related to statistics. Default is true.


Turns on ergonomics. See Ergonomics for details.


Gives the protocol a different ID if needed so we can have multiple instances of it in the same stack

6.2. System properties

The table below lists system properties which can be used to override attribute values, mostly in protocols. For example, if we have a config like this:

<UDP bind_addr="" />

, then the bind address will be However, if we run the system with -Djgroups.bind_addr= (see below), the bind address will be

Note that if we use our own variables, like this:

<UDP bind_addr="${my.bind_addr:}" />

, then system property my.bind_addr takes precedence over jgroups.bind_addr. In the above case, the actual bind address chosen will be:

System properties

Bind address picked

-Dmy.bind_addr= -Djgroups.bind_addr=



Table 6. System properties
Name Description


The network interface to be used. Example: -Djgroups.bind_addr= or -Djgroups.bind_addr=match-interface:eth0. Overrides attribute bind_addr in the transport protocol (see below).


The external bind address to be used. Overrides external_addr in the transport protocol.


The external port to be used by the transport.


The network interface client sockets in TCP should bind to. Overrides client_bind_addr in TCP


The list of initial hosts in TCPPING


The multicast address used by UDP


The multicast port used by UDP


The TTL used by UDP


The multicast address used by MPING


The multicast port used by MPING


The TTL used by MPING


The file where the mappings between IDs and classes are defined. Default: jg-magic-map.xml


The file where the mappings between IDs and protocols are defined. Default: jg-protocol-ids.xml


The max number of elements in the NameCache which holds mappings between addresses and logical names


The max age (in milliseconds) a mapping between address and logical name is kept in the NameCache. Not that elements are only evicted if there’s not enough room.


Needed if an IPv4 multicast address is used in an IPv6 system. The prefix (default: ff0e::) will prefix the IPv4 multicast address, e.g.


If true, the JDK logger (java.util.logging.Logger) will be used


The fully qualified name of a class implementing a logger to be used. See Logging for details.


System prop for defining the default number of headers in a Message (default: 4).

6.3. Transport

TP is the base class for all transports, e.g. UDP and TCP. All of the properties defined here are inherited by the subclasses. The properties for TP are:

Table 7. TP
Name Description


The bind address which should be used by this transport. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL, NON_LOOPBACK, match-interface, match-host, match-address


The port to which the transport binds. Default of 0 binds to any (ephemeral) port. See also port_range


The max number of elements in a bundler if the bundler supports size limitations


Number of spins before a real lock is acquired


The type of bundler used ("ring-buffer", "transfer-queue" (default), "sender-sends" or "no-bundler") or the fully qualified classname of a Bundler implementation


The wait strategy for a RingBuffer


Address for diagnostic probing. Default is


Comma delimited list of interfaces (IP addresses or interface names) that the diagnostics multicast socket should bind to


Authorization passcode for diagnostics. If specified every probe query will be authorized


Port for diagnostic probing. Default is 7500


TTL of the diagnostics multicast socket


Switch to enable diagnostic probing. Default is true


Use "external_addr" if you have hosts on different networks, behind firewalls. On each firewall, set up a port forwarding rule (sometimes called "virtual server") to the local IP (e.g. of the host then on each host, set "external_addr" TCP transport parameter to the external (public IP) address of the firewall.


Used to map the internal port (bind_port) to an external port. Only used if > 0


whether or not warnings about messages from different groups are logged


whether or not warnings about messages from members with a different version are discarded


Time (in ms) after which entries in the logical address cache marked as removable can be removed. 0 never removes any entries (not recommended)


Max number of elements in the logical address cache before eviction starts


Interval (in ms) at which the reaper task scans logical_addr_cache and removes entries marked as removable. 0 disables reaping.


Whether or not to make a copy of a message before looping it back up. Don’t use this; might get removed without warning


Loop back the message on a separate thread or use the current thread. Don’t use this; might get removed without warning


Maximum number of bytes for messages to be queued until they are sent


The fully qualified name of a class implementing MessageProcessingPolicy


Max number of messages buffered for consumption of the delivery thread in MaxOneThreadPerSender. 0 creates an unbounded buffer


The range of valid ports, from bind_port to end_port. 0 only binds to bind_port and fails if taken


Comma delimited list of interfaces (IP addresses or interface names) to receive multicasts on


If true, the transport should use all available interfaces to receive multicast messages


Time during which identical warnings about messages from a member from a different cluster will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.


Time during which identical warnings about messages from a member with a different version will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.


Thread naming pattern for threads in this channel. Valid values are "pcl": "p": includes the thread name, e.g. "Incoming thread-1", "UDP ucast receiver", "c": includes the cluster name, e.g. "MyCluster", "l": includes the local address of the current member, e.g. ""


Enable or disable the thread pool


Timeout in milliseconds to remove idle threads from pool


Maximum thread pool size for the thread pool


Minimum thread pool size for the thread pool


Interval (in ms) at which the time service updates its timestamp. 0 disables the time service


If true, the common fork-join pool will be used; otherwise a custom ForkJoinPool will be created


If enabled, a ForkJoinPool will be used rather than a ThreadPoolExecutor


Use IP addresses (IpAddressUUID) instead of UUIDs as addresses. This is currently not compatible with RELAY2: disable if RELAY2 is used.


Timeout (in ms) to determine how long to wait until a request to fetch the physical address for a given logical address will be sent again. Subsequent requests for the same physical address will therefore be spaced at least who_has_cache_timeout ms apart

bind_addr can be set to the address of a network interface, e.g. It can also be set for the entire stack using system property -Djgroups.bind_addr, which provides a value for bind_addr unless it has already been set in the XML config.

The following special values are also recognized for bind_addr:


Picks a global IP address if available. If not, falls back to a SITE_LOCAL IP address.


Picks a site local (non routable) IP address, e.g. from the or address range.


Picks a link-local IP address, from through


Picks any non loopback address.


Pick a loopback address, e.g.


Pick an address which matches a pattern against the interface name, e.g. match-interface:eth.\*


Pick an address which matches a pattern against the host address, e.g. match-address:192.168.\*


Pick an address which matches a pattern against the host name, e.g. match-host:linux.\*

An example of setting the bind address in UDP to use a site local address is:

<UDP bind_addr="SITE_LOCAL" />

This will pick any address of any interface that’s site-local, e.g. a 192.168.x.x or 10.x.x.x address.

Since 4.0, it is possible to define a list of addresses in bind_addr. Each entry of the list will be tried and the first entry that works will be used. Example:

<UDP bind_addr="match-interface:eth2,,match-interface:en.\*," />

This would try to bind to eth2 first. If not found, then an interface with address would be tried, then an interface starting with en would be tried. If still not found, we’d bind to

6.3.1. UDP

UDP uses IP multicast for sending messages to all members of a group and UDP datagrams for unicast messages (sent to a single member). When started, it opens a unicast and multicast socket: the unicast socket is used to send/receive unicast messages, whereas the multicast socket sends and receives multicast messages. The channel’s physical address will be the address and port number of the unicast socket.

A protocol stack with UDP as transport protocol is typically used with clusters whose members run in the same subnet. If running across subnets, an admin has to ensure that IP multicast is enabled across subnets. It is often the case that IP multicast is not enabled across subnets. In such cases, the stack has to either use UDP without IP multicasting or other transports such as TCP.

Table 8. UDP
Name Description


If true, disables IP_MULTICAST_LOOP on the MulticastSocket (for sending and receiving of multicast packets). IP multicast packets send on a host P will therefore not be received by anyone on P. Use with caution.


Multicast toggle. If false multiple unicast datagrams are sent instead of one multicast. Default is true


The time-to-live (TTL) for multicast datagram packets. Default is 8


The multicast address used for sending and receiving packets


The multicast port used for sending and receiving packets. Default is 7600


Number of multicast receiver threads, all reading from the same MulticastSocket. If de-serialization is slow, increasing the number of receiver threads might yield better performance.


Receive buffer size of the multicast datagram socket. Default is 500'000 bytes


Send buffer size of the multicast datagram socket. Default is 100'000 bytes


Suppresses warnings on Mac OS (for now) about not enough buffer space when sending a datagram packet


Traffic class for sending unicast and multicast datagrams. Default is 8


Number of unicast receiver threads, all reading from the same DatagramSocket. If de-serialization is slow, increasing the number of receiver threads might yield better performance.


Receive buffer size of the unicast datagram socket. Default is 64'000 bytes


Send buffer size of the unicast datagram socket. Default is 100'000 bytes

6.3.2. TCP

Specifying TCP in your protocol stack tells JGroups to use TCP to send messages between cluster members. Instead of using a multicast bus, the cluster members create a mesh of TCP connections.

For example, while UDP sends 1 IP multicast packet when sending a message to a cluster of 10 members, TCP needs to send the message 9 times. It sends the same message to the first member, to the second member, and so on (excluding itself as the message is looped back internally).

This is slow, as the cost of sending a group message is O(n) with TCP, where it is O(1) with UDP. As the cost of sending a group message with TCP is a function of the cluster size, it becomes higher with larger clusters.

Note We recommend to use UDP for larger clusters, whenever possible
Table 9. BasicTCP
Name Description


The address of a local network interface which should be used by client sockets to bind to. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK


The local port a client socket should bind to. If 0, an ephemeral port will be picked.


Max time connection can be idle before being reaped (in ms)


If true, client sockets will not explicitly bind to bind_addr but will defer to the native socket


SO_LINGER in msec. Default of -1 disables it


Max time to block on reading of peer address


Reaper interval in msec. Default is 0 (no reaping)


Receiver buffer size in bytes


Send buffer size in bytes


Max time allowed for a socket creation in connection table


Should TCP no delay flag be turned on

6.3.3. TCP_NIO2

TCP_NIO2 is similar to TCP, but uses NIO (= Non blocking IO) to send messages to and receive messages from members. Contrary to TCP, it doesn’t use 1 thread per connection, but handles accepts, connects, reads and writes in a single thread.

All of these operations are guaranteed to never block.

For example, if a read is supposed to receive 1000 bytes and only reveived 700, the read reads the 700 bytes, saves them somewhere and later - when the remaining 300 bytes have been received - is notified to complete the read and then returns the 1000 bytes to the application.

Using a single thread is not a problem, as operations will never block. The only potentially blocking operation, namely delivering messages up to the application, is done via the regular or OOB thread pools, as usual.

While TCP and TCP_NIO2 both have the N-1 problem of sending cluster wide messages (contrary to UDP), TCP_NIO2 is able to handle a larger number of connections than TCP, as it doesn’t use the thread-per-connection model, and - contrary to TCP, but similar to UDP - it doesn’t block when sending or receiving messages.

Table 10. BasicTCP
Name Description


The address of a local network interface which should be used by client sockets to bind to. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK


The local port a client socket should bind to. If 0, an ephemeral port will be picked.


Max time connection can be idle before being reaped (in ms)


If true, client sockets will not explicitly bind to bind_addr but will defer to the native socket


SO_LINGER in msec. Default of -1 disables it


Max time to block on reading of peer address


Reaper interval in msec. Default is 0 (no reaping)


Receiver buffer size in bytes


Send buffer size in bytes


Max time allowed for a socket creation in connection table


Should TCP no delay flag be turned on

Table 11. TCP_NIO2
Name Description


If true, a partial write will make a copy of the data so a buffer can be reused


The max number of outgoing messages that can get queued for a given peer connection (before dropping them). Most messages will ge retransmitted; this is mainly used at startup, e.g. to prevent dropped discovery requests or responses (sent unreliably, without retransmission).


Number of ms a reader thread on a given connection can be idle (not receiving any messages) until it terminates. New messages will start a new reader

6.3.4. TUNNEL

TUNNEL is described in TUNNEL.

Table 12. TUNNEL
Name Description


A comma-separated list of GossipRouter hosts, e.g. HostA[12001],HostB[12001]


Interval in msec to attempt connecting back to router in case of torn connection. Default is 5000 msec


Should TCP no delay flag be turned on


Whether to use blocking (false) or non-blocking (true) connections. If GossipRouter is used, this needs to be false; if GossipRouterNio is used, it needs to be true

6.4. Initial membership discovery

The task of the discovery is to find an initial membership, which is used to determine the current coordinator. Once a coordinator is found, the joiner sends a JOIN request to the coord.

Discovery is also called periodically by MERGE2 (see [MERGE2]), to see if we have diverging cluster membership information.

6.4.1. Discovery

Discovery is the superclass for all discovery protocols and therefore its properties below can be used in any subclass.

Discovery sends a discovery request, and waits for num_initial_members discovery responses, or timeout ms, whichever occurs first, before returning. Note that break_on_coord_rsp="true" will return as soon as we have a response from a coordinator.

Table 13. Discovery
Name Description


If true then the discovery is done on a separate timer thread. Should be set to true when discovery is blocking and/or takes more than a few milliseconds


If enabled, use a separate thread for every discovery request. Can be used with or without async_discovery


Return from the discovery phase as soon as we have 1 coordinator response


Expiry time of discovery responses in ms


Max size of the member list shipped with a discovery request. If we have more, the mbrs field in the discovery request header is nulled and members return the entire membership, not individual members


The max rank of this member to respond to discovery requests, e.g. if max_rank_to_reply=2 in {A,B,C,D,E}, only A (rank 1) and B (rank 2) will reply. A value ⇐ 0 means everybody will reply. This attribute is ignored if TP.use_ip_addrs is false.


Whether or not to return the entire logical-physical address cache mappings on a discovery request, or not.


When a new node joins, and we have a static discovery protocol (TCPPING), then send the contents of the discovery cache to new and existing members if true (and we’re the coord). Addresses JGRP-1903


If greater than 0, we’ll wait a random number of milliseconds in range [0..stagger_timeout] before sending a discovery response. This prevents traffic spikes in large clusters when everyone sends their discovery response at the same time


If a persistent disk cache (PDC) is present, combine the discovery results with the contents of the disk cache before returning the results

Discovery and local caches

Besides finding the current coordinator in order to send a JOIN request to it, discovery also fetches information about members and adds it to its local caches. This information includes the logical name, UUID and IP address/port of each member. When discovery responses are received, the information in it will be added to the local caches.

Since 3.5 it is possible to define this information in a single file, with each line providing information about one member. The file contents look like this:

m1.1 1   T
m2.1 2 F
m3.1 3  F

This file defines information about 3 members m1.1, m2.1 and m3.1. The first element ("m1.1") is the logical name. Next comes the UUID (1), followed by the IP address and port ( T means that the member is the current coordinator.

Methods dumpCache() can be used to write the current contents of any member to a file (in the above format) and addToCache() can be used to add the contents of a file to any member. These operations can for example be invoked via JMX or

Refer to the section on FILE_PING for more information on how to use these files to speed up the discovery process.

6.4.2. PING

Initial (dirty) discovery of members. Used to detect the coordinator (oldest member), by mcasting PING requests to an IP multicast address.

Each member responds with a packet {C, A}, where C=coordinator’s address and A=own address. After N milliseconds or M replies, the joiner determines the coordinator from the responses, and sends a JOIN request to it (handled by GMS). If nobody responds, we assume we are the first member of a group.

Unlike TCPPING, PING employs dynamic discovery, meaning that the member does not have to know in advance where other cluster members are.

PING uses the IP multicasting capabilities of the transport to send a discovery request to the cluster. It therefore requires UDP as transport.

6.4.3. TCPPING

TCPPING is used with TCP as transport, and uses a static list of cluster members’s addresses. See Using TCP and TCPPING for details.

Table 14. TCPPING
Name Description


Comma delimited list of hosts to be contacted for initial membership


max number of hosts to keep beyond the ones in initial_hosts


Number of additional ports to be probed for membership. A port_range of 0 does not probe additional ports. Example: initial_hosts=A[7800] port_range=0 probes A:7800, port_range=1 probes A:7800 and A:7801

Note It is recommended to include the addresses of all cluster members in initial_hosts.


TCPGOSSIP uses an external GossipRouter to discover the members of a cluster. See Using TCP and TCPGOSSIP for details.

Name Description


Comma delimited list of hosts to be contacted for initial membership


Interval (ms) by which a disconnected stub attempts to reconnect to the GossipRouter


Max time for socket creation. Default is 1000 msec


Whether to use blocking (false) or non-blocking (true) connections. If GossipRouter is used, this needs to be false; if GossipRouterNio is used, it needs to be true

6.4.5. MPING

MPING (=Multicast PING) uses IP multicast to discover the initial membership. It can be used with all transports, but usually is used in combination with TCP. TCP usually requires TCPPING, which has to list all cluster members explicitly, but MPING doesn’t have this requirement. The typical use case for this is when we want TCP as transport, but multicasting for discovery so we don’t have to define a static list of initial hosts in TCPPING

MPING uses its own multicast socket for discovery. Properties bind_addr (can also be set via -Djgroups.bind_addr=), mcast_addr and mcast_port can be used to configure it.

Note that MPING requires a separate thread listening on the multicast socket for discovery requests.

Table 16. MPING
Name Description


Bind address for multicast socket. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK


The interface (NIC) which should be used by this transport


Time to live for discovery packets. Default is 8


Multicast address to be used for discovery


Multicast port for discovery packets. Default is 7555


List of interfaces to receive multicasts on


If true, the transport should use all available interfaces to receive multicast messages


List of interfaces to send multicasts on


Whether send messages are sent on all interfaces. Default is false

6.4.6. FILE_PING

FILE_PING can be used instead of GossipRouter in cases where no external process is desired.

Since 3.5, the way FILE_PING performs discovery has changed. The following paragraphs describe the new mechanism to discover members via FILE_PING or subclasses (e.g. S3_PING or GOOGLE_PING), so this applies to all cloud-based stores as well.

Instead of storing 1 file per member in the file system or cloud store, we only store 1 file for all members. This has the advantage, especially in cloud stores, that the number of reads is not a function of the cluster size, e.g. we don’t have to perform 1000 reads for member discovery in a 1000 node cluster, but just a single read.

This is important as the cost of 1000 times the round trip time of a (REST) call to the cloud store is certainly higher that the cost of a single call. There may also be a charge for calls to the cloud, so a reduced number of calls lead to reduced charges for cloud store access, especially in large clusters.

The current coordinator is always in charge of writing the file; participants never write it, but only read it. When there is a split and we have multiple coordinator, we may also have multiple files.

The name of a file is always UUID.logical_name.list, e.g. 0000-0000-000000000001.m1.1.list, which has a UUID of 1, a logical name of "m1.1" and the suffix ".list".

Removing a member which crashed or left gracefully

When we have view {A,B,C,D} (A being the coordinator), the file 2f73fcac-aecb-2a98-4300-26ca4b1016d2.A.list might have the following contents:

C 	c0a6f4f8-a4a3-60c1-8420-07c81c0256d6 	F
D 	9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e 	F
A 	2f73fcac-aecb-2a98-4300-26ca4b1016d2 	T
B 	c6afa01d-494f-f340-c0db-9795102ac2a3 	F

It shows the 4 members with their UUIDs, IP addreses and ports, and the coordinator (A). When we now make C leave (gracefully, or by killing it), the file should have 3 lines, but it doesn’t:

C 	c0a6f4f8-a4a3-60c1-8420-07c81c0256d6 	F
D 	9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e 	F
A 	2f73fcac-aecb-2a98-4300-26ca4b1016d2 	T
B 	c6afa01d-494f-f340-c0db-9795102ac2a3 	F

Indeed, the entry for C is still present! Why?

The reason is that the entry for C is marked as removable, but the entry is not removed straight away, because that would require a call to the store, which might be expensive, or cost money. For instance, if the backend store is cloud based, then the REST call to the cloud store might cost money.

Therefore, removable members are only removed when the logical cache size exceeds its capacity. The capacity is defined in TP.logical_addr_cache_max_size. Alternatively, if TP.logical_addr_cache_reaper_interval is greater than 0, then a reaper task will scan the logical cache every logical_addr_cache_reaper_interval milliseconds and remove elements marked as removable and older than TP.logical_addr_cache_expiration milliseconds.

We can look at the logical cache with JMX or probe (slightly edited):

[belasmac] /Users/bela/jgroups-azure$ uuids

#1 (338 bytes):
local_addr=A [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 3 mbr(s)]
uuids=3 elements:
A: 2f73fcac-aecb-2a98-4300-26ca4b1016d2: (9 secs old)
D: 9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e: (5 secs old)
B: c6afa01d-494f-f340-c0db-9795102ac2a3: (1 secs old)

#2 (338 bytes):
local_addr=B [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 3 mbr(s)]
uuids=3 elements:
A: 2f73fcac-aecb-2a98-4300-26ca4b1016d2: (1 secs old)
D: 9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e: (5 secs old)
B: c6afa01d-494f-f340-c0db-9795102ac2a3: (2 secs old)

#3 (339 bytes):
local_addr=D [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 3 mbr(s)]
uuids=3 elements:
A: 2f73fcac-aecb-2a98-4300-26ca4b1016d2: (1 secs old)
D: 9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e: (11 secs old)
B: c6afa01d-494f-f340-c0db-9795102ac2a3: (1 secs old)

3 responses (3 matches, 0 non matches)

This shows that the reaper must have removed the stale entry for C already.

If we start C again and then kill it again and immediately look at the file, then the contents are:

D 	9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e 	F
A 	2f73fcac-aecb-2a98-4300-26ca4b1016d2 	T
B 	c6afa01d-494f-f340-c0db-9795102ac2a3 	F
C 	5b36fe23-b151-6859-3953-97addfa2534d 	F

We can see that C is still present.

Note If we restart C a couple of time, the file will actually list multiple Cs. However, each entry is is different, as only the logical name is the same, but the actual addresses (UUIDs) are different.

Running probe immediately after restarting C, before the reaper kicks in, it indeed shows the old C as being removable:

[belasmac] /Users/bela/jgroups-azure$ uuids

#1 (423 bytes):
local_addr=A [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 3 mbr(s)]
uuids=4 elements:
A: 2f73fcac-aecb-2a98-4300-26ca4b1016d2: (5 secs old)
C: 5b36fe23-b151-6859-3953-97addfa2534d: (5 secs old, removable)
D: 9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e: (9 secs old)
B: c6afa01d-494f-f340-c0db-9795102ac2a3: (11 secs old)

#2 (423 bytes):
local_addr=B [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 3 mbr(s)]
uuids=4 elements:
A: 2f73fcac-aecb-2a98-4300-26ca4b1016d2: (15 secs old)
C: 5b36fe23-b151-6859-3953-97addfa2534d: (5 secs old, removable)
D: 9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e: (9 secs old)
B: c6afa01d-494f-f340-c0db-9795102ac2a3: (5 secs old)

#3 (424 bytes):
local_addr=D [ip=, version=4.0.0-SNAPSHOT, cluster=draw, 3 mbr(s)]
uuids=4 elements:
A: 2f73fcac-aecb-2a98-4300-26ca4b1016d2: (15 secs old)
C: 5b36fe23-b151-6859-3953-97addfa2534d: (5 secs old, removable)
D: 9db6cf43-138c-d7cb-8eb3-2aa4e7cb5f7e: (5 secs old)
B: c6afa01d-494f-f340-c0db-9795102ac2a3: (11 secs old)

3 responses (3 matches, 0 non matches)

Here, we can see that C is marked as removable. Once its entry is 60 seconds old (logical_addr_cache_expiration), then the reaper (if configured to run) will remove the element on its next run.

Configuration with a preconfigured bootstrap file

To speed up the discovery process when starting a large cluster, a predefined bootstrap file can be used. Every node then needs to have an entry in the file and its UUID and IP address:port needs to be the same as in the file. For example, when using the following bootstrap file:

m1.1 1   T
m2.1 2 F
m3.1 3  F

, the member called "m1.1" needs to have a UUID of 1, and needs to run on host on port 7800. The UUID can be injected via an AddressGenerator (see UPerf for an example).

When a member starts, it loads the bootstrap file, which contains information about all other members, and thus (ideally) never needs to run a discovery process. In the above example, the new joiner also knows that the current coordinator (marked with a T) is m1.1, so it can send its JOIN request to that node.

When the coordinator changes, or members not listed in the file join, the current coordinator writes the file again, so all members have access to the updated information when needed.

If a bootstrap discovery file is to be used, it needs to be placed into the file system or cloud store in the correct location and with the right name (see the Discovery section for naming details).

The design is discussed in more detail in CloudBasedDiscovery.txt

Removal of zombie files

By default, a new coordinator C never removes a file created by an old coordinator A. E.g. in {A,B,C,D} (with coordinator A), if C becomes coordinator on a split {A,B} | {C,D}, then C doesn’t remove A's file, as there is no way for C to know whether A crashed or whether A was partitioned away.

Every coordinator P installs a shutdown hook which removes P's file on termination. However, this doesn’t apply to a process killed ungracefully, e.g. by kill -9. In this case, no shutdown hook will get called. If we had view {A,B,C}, and A was killed via kill -9, and B takes over, we’d have files A.list and B.list.

To change this, attribute remove_old_coords_on_view_change can be set to true. In this case, files created by old coordinators will be removed. In the scenario above, where A crashed, B would remove A.list.

However, if we have a split between {A,B} and {C,D}, C would remove A.list. To prevent this, every coordinator writes its file again on a view change that has left members or in which the coordinator changed.

There is still a case which can end up with a zombie file that’s never removed: when we have a single member A and it is killed via kill -9. In this case, file A.list will never get cleaned up and subsequent joiners will ask A to join, up to GMS.max_join_attempts times.

Zombie cleanup can be solved by setting remove_all_files_on_view_change to true. In this case, a coordinator removes all files on a view change that has members leaving or changes the coordinator.

Note Setting remove_old_coords_on_view_change or remove_all_files_on_view_change to true generates more traffic to the file system or cloud store. If members are always shut down gracefully, or never killed via kill -9, then it is recommended to set both attributes to false.
Table 17. FILE_PING
Name Description


The max number of times my own information should be written to the storage after a view change


Interval (in ms) at which the info writer should kick in


The absolute path of the shared file


If set, a shutdown hook is registered with the JVM to remove the local address from the store. Default is true


If true, on a view change, the new coordinator removes all data except its own


If true, on a view change, the new coordinator removes files from old coordinators

6.4.7. JDBC_PING

JDBC_PING uses a DB to store information about cluster nodes used for discovery. All cluster nodes are supposed to be able to access the same DB.

When a node starts, it queries information about existing members from the database, determines the coordinator and then asks the coord to join the cluster. It also inserts information about itself into the table, so others can subsequently find it.

When a node P has crashed, the current coordinator removes P’s information from the DB. However, if there is a network split, then this can be problematic, as crashed members cannot be told from partitioned-away members.

For instance, if we have {A,B,C,D}, and the split creates 2 subclusters {A,B} and {C,D}, then A would remove {C,D} because it thinks they crashed, and - likewise - C would remove {A,B}.

To solve this, every member re-inserts its information into the DB after a view change. So when C and D's view changes from {A,B,C,D} to {C,D}, both sides of the split re-insert their information. Ditto for the other side of the network split.

The re-insertion is governed by attributes info_writer_max_writes_after_view and info_writer_sleep_time: the former defines the number of times re-insertion should be done (in a timer task) after each view change and the latter is the sleep time (in ms) between re-insertions.

The value of this is that dead members are removed from the DB (because they cannot do re-insertion), but network splits are handled, too.

Another attribute clear_table_on_view_change governs how zombies are handled. Zombies are table entries for members which crashed, but weren’t removed for some reason. E.g. if we have a single member A and kill it (via kill -9), then it won’t get removed from the table.

If clear_table_on_view_change is set to true, then the coordinator clears the table after a view change (instead of only removing the crashed members), and everybody re-inserts its own information. This attribute can be set to true if automatic removal of zombies is desired. However, it is costly, therefore if no zombies ever occur (e.g. because processes are never killed with kill -9), or zombies are removed by a system admin, then it should be set to false.

Note Processes killed with kill -3 are removed from the DB as a shutdown handler will be called on kill -3 (but not on kill -9).
Table 18. JDBC_PING
Name Description


SQL to clear the table


The JDBC connection driver name


The JDBC connection password


The JDBC connection URL


The JDBC connection username


Finds a given entry by its address and cluster name, used to implement a contains()


To use a DataSource registered in JNDI, specify the JNDI name here. This is an alternative to all connection_* configuration options: if this property is not empty, then all connection relatedproperties must be empty.


SQL used to delete a row. Customizable, but keep the order of parameters and pick compatible types: 1)Own Address, as String 2)Cluster name, as String


If not empty, this SQL statement will be performed at startup.Customize it to create the needed table on those databases which permit table creation attempt without loosing data, such as PostgreSQL and MySQL (using IF NOT EXISTS). To allow for creation attempts, errors performing this statement will be loggedbut not considered fatal. To avoid any DDL operation, set this to an empty string.


SQL used to insert a new row. Customizable, but keep the order of parameters and pick compatible types: 1)Own Address, as String 2)Cluster name, as String 3)Serialized PingData as byte[]


SQL used to fetch all node’s PingData. Customizable, but keep the order of parameters and pick compatible types: only one parameter needed, String compatible, representing the Cluster name. Must return a byte[], the Serialized PingData as it was stored by the insert_single_sql statement. Must select primary keys subsequently for cleanup to work properly

6.4.8. BPING

BPING uses UDP broadcasts to discover other nodes. The default broadcast address (dest) is, and should be replaced with a subnet specific broadcast, e.g.

Table 19. BPING
Name Description


Port for discovery packets


Target address for broadcasts. This should be restricted to the local subnet, e.g.


Sends discovery packets to ports 8555 to (8555+port_range)


RACKSPACE_PING uses Rackspace Cloud Files Storage to discover initial members. Each node writes a small object in a shared Rackspace container. New joiners read all addresses from the container and ping each of the elements of the resulting set of members. When a member leaves, it deletes its corresponding object.

This objects are stored under a container called jgroups, and each node will write an object name after the cluster name, plus a "/" followed by the address, thus simulating a hierarchical structure.

Name Description


Rackspace API access key


Name of the root container


Rackspace region, either UK or US


Rackspace username

6.4.10. S3_PING

S3_PING uses Amazon S3 to discover initial members. New joiners read all addresses from this bucket and ping each of the elements of the resulting set of members. When a member leaves, it deletes its corresponding file.

It’s designed specifically for members running on Amazon EC2, where multicast traffic is not allowed and thus MPING or PING will not work. When Amazon RDS is preferred over S3, or if a shared database is used, an alternative is to use JDBC_PING.

Each instance uploads a small file to an S3 bucket and each instance reads the files out of this bucket to determine the other members.

There are three different ways to use S3_PING, each having its own tradeoffs between security and ease-of-use. These are described in more detail below:

  • Private buckets, Amazon AWS credentials given to each instance

  • Public readable and writable buckets, no credentials given to each instance

  • Public readable but private writable buckets, pre-signed URLs given to each instance Pre-signed URLs are the most secure method since writing to buckets still requires authorization and you don’t have to pass Amazon AWS credentials to every instance. However, they are also the most complex to setup.

Here’s a configuration example for private buckets with credentials given to each instance:

<S3_PING location="my_bucket" access_key="access_key"
         secret_access_key="secret_access_key" timeout="2000"

Here’s an example for public buckets with no credentials:

<S3_PING location="my_bucket"
         timeout="2000" num_initial_members="3"/>

And finally, here’s an example for public readable buckets with pre-signed URLs:

<S3_PING pre_signed_put_url=""
         timeout="2000" num_initial_members="3"/>
Table 21. S3_PING
Name Description


The access key to AWS (S3)


The name of the AWS server


The port at which AWS is listening


When non-null, we use this pre-signed URL for DELETEs


When non-null, we use this pre-signed URL for PUTs


When non-null, we set location to prefix-UUID


The secret access key to AWS (S3)


Skip the code which checks if a bucket exists in initialization


Whether or not to use SSL to connect to host:port

6.4.11. AWS_PING

This is a protocol written by Meltmedia, which uses the AWS API. It is not part of JGroups, but can be downloaded at

6.4.12. Native S3 PING

This implementation by Zalando uses the AWS SDK. It is not part of JGroups, but can be found at


GOOGLE_PING is a subclass of S3_PING and inherits most of the functionality. It uses Google Cloud Storage to store information about individual members.

The snippet below shows a sample config:

           timeout="2000" num_initial_members="3"/>

This will use a bucket "jgroups-bucket" or create one if it doesn’t exist, then create another folder under it with the cluster name, and finally use 1 object per member in that location for member info.

6.4.14. DNS_PING

DNS_PING uses DNS A or SRV entries to perform discovery. Initially this protocol was designed for Kubernetes and OpenShift but it suitable for any type of DNS discovery.

In order to enable DNS discovery for application deployed on Kubernetes/OpenShift one must create a Governing Headless Service with proper selector covering desired Pods. The Service will ensure that DNS entries are populated as soon as Pods are in Ready state.

The snippet below shows a sample config:

            dns_query="jgroups-dns-ping.myproject.svc.cluster.local" />

This will turn on DNS discovery using DNS server at address and DNS query jgroups-dns-ping.myproject.svc.cluster.local.

It is also possible to use SRV entries for discovery as shown below:

            dns_record_type="SRV" />

Kubernetes SRV entries are created using the following scheme: For more information, please refer to Kubernetes DNS Admin Guide.

Note Note that both KUBE_PING and DNS_PING can be used in Kubernetes/OpenShift. The main difference between them is that KUBE_PING uses Kubernetes API for discovery whereas DNS_PING uses DNS entries. Having said that, DNS_PING should be used together with a Governing Service, which makes it perfect fit for Stateful Sets.

6.4.15. SWIFT_PING

SWIFT_PING uses Openstack Swift to discover initial members. Each node writes a small object in a shared container. New joiners read all addresses from the container and ping each of the elements of the resulting set of members. When a member leaves, it deletes its corresponding object.

These objects are stored under a container called jgroups (by default), and each node will write an object name after the cluster name, plus a "/" followed by the address, thus simulating a hierarchical structure.

Currently only Openstack Keystone authentication is supported. Here is a sample configuration block:

<SWIFT_PING timeout="2000"
    tenant="demo" />
Table 22. SWIFT_PING
Name Description


Authentication type


Authentication url


Name of the root container




Openstack Keystone tenant name



6.4.16. KUBE_PING

This discovery protocol can be used with OpenShift [2] and uses an OpenShift internal mechanism to discover cluster members. KUBE_PING is hosted on jgroups-extras; refer to [1] for details.

6.4.17. AZURE_PING

This is a discovery protocol that allows cluster nodes to run on the Azure cloud [1]. For details refer to [2].

6.4.18. PDC - Persistent Discovery Cache

The Persistent Discovery Cache can be used to cache the results of the discovery process persistently. E.g. if we have TCPPING.initial_hosts configured to include only members A and B, but have a lot more members, then other members can bootstrap themselves and find the right coordinator even when neither A nor B are running.

An example of a TCP-based stack configuration is:

<TCP />
<PDC cache_dir="/tmp/jgroups"  />
<TCPPING timeout="2000" num_initial_members="20"
         initial_hosts="[7000]" port_range="0"
         use_disk_cache="true" />
Table 23. PDC
Name Description


The absolute path of the directory for the disk cache. The mappings will be stored as individual files in this directory

6.5. Merging after a network partition

If a cluster gets split for some reasons (e.g. network partition), this protocol merges the subclusters back into one cluster. It is only run by the coordinator (the oldest member in a cluster), which periodically multicasts its presence and view information. If another coordinator (for the same cluster) receives this message, it will initiate a merge process. Note that this merges subgroups {A,B} and {C,D,E} back into {A,B,C,D,E}, but it does not merge state. The application has to handle the callback to merge state. See Handling network partitions for suggestion on merging states.

Following a merge, the coordinator of the merged group can shift from the typical case of "the coordinator is the member who has been up the longest." During the merge process, the coordinators of the various subgroups need to reach a common decision as to who the new coordinator is. In order to ensure a consistent result, each coordinator combines the addresses of all the members in a list and then sorts the list. The first member in the sorted list becomes the coordinator. The sort order is determined by how the address implements the interface. Then JGroups compares based on the UUID. So, take a hypothetical case where two machines were running, with one machine running three separate cluster members and the other two members. If communication between the machines were cut, the following subgroups would form: {A,B} and {C,D,E} Following the merge, the new view would be: {C,D,A,B,E}, with C being the new coordinator.

Note that "A", "B" and so on are just logical names, attached to UUIDs, but the actual sorting is done on the actual UUIDs.

6.5.1. MERGE3

If a cluster gets split for some reasons (e.g. network partition), this protocol merges the subclusters back into one cluster.

All members periodically send an INFO message with their address (UUID), logical name, physical address and ViewId. The ViewId (ViewId) is used to see if we have diverging views among the cluster members: periodically, every coordinator looks at the INFO messages received so far and checks if there are any inconsistencies.

If inconsistencies are found, the merge leader will be the member with the lowest address (UUID).

The merge leader then asks the senders of the inconsistent ViewIds for their full views. Once received, it simply passes a MERGE event up the stack, where the merge will be handled (by GMS) in exactly the same way as if MERGE2 has generated the MERGE event.

The advantages of MERGE3 are:

  • Sending of INFO messages is spread out over time, preventing message peaks which might cause packet loss. This is especially important in large clusters.

  • Only 1 merge should be running at any time. There are no competing merges going on.

  • An INFO message carries the logical name and physical address of a member. This allows members to update their logical/physical address caches.

  • On the downside, MERGE3 has constant (small) traffic by all members.

  • MERGE3 was written for an IP multicast capable transport (UDP), but it also works with other transports (such as TCP), although it isn’t as efficient on TCP as on UDP.

<MERGE3 max_interval="10000" min_interval="5000" check_interval="15000"/>

This means that every member sends out an INFO message at a random interval in range [5000 .. 10000] ms. Every 15 seconds (check_interval), every coordinator checks if it received a ViewId differing from its own, and initiates a merge if true.

  • We have subclusters {A,B,C}, {D,E} and {F}. The subcluster coordinators are A, D and F

  • The network partition now heals

  • D checks its received ViewIds, and sees entries from itself and A

    • Since broadcasting of INFO messages is unreliable (as MERGE3 is underneath NAKACK2 in the stack), the last INFO message from F might have been dropped

  • D or A initiates a merge, which results in view {A,B,C,D,E}

  • A bit later, on the next check, F sees that its ViewId diverges from the ViewId sent in an INFO message by C

  • F and A initiate a new merge which results in merge view {A,B,C,D,E,F}

Increasing check_interval decreases the chance of partial merges (as shown above), but doesn’t entirely eliminate them: members are not started at exactly the same time, and therefore their check intervals overlap. If a member’s interval elapsed just after receiving INFO messages from a subset of the subclusters (e.g. briefly after a partition healed), then we will still have a partial merge.

Table 24. MERGE3
Name Description


Interval (in ms) after which we check for view inconsistencies


Interval (in milliseconds) when the next info message will be sent. A random value is picked from range [1..max_interval]


The max number of merge participants to be involved in a merge. 0 sets this to unlimited.


Minimum time in ms before sending an info message


If true, only coordinators periodically check view consistency, otherwise everybody runs this task ( Might get removed without notice.

6.6. Failure Detection

The task of failure detection is to probe members of a group and see whether they are alive. When a member is suspected of having failed, then a SUSPECT message is sent to all nodes of the cluster. It is not the task of the failure detection layer to exclude a crashed member (this is done by the group membership protocol, GMS), but simply to notify everyone that a node in the cluster is suspected of having crashed.

The SUSPECT message is handled by the GMS protocol of the current coordinator only; all other members ignore it.

6.6.1. FD

Failure detection based on a logical ring and heartbeat messages.

Members form a logical ring; e.g. in view {A,B,C,D}, A pings B, which pings C, which pings D, which pings A. Pinging means sending a heartbeat.

Each member sends this heartbeat every timeout ms to the neighbor to its right. When a member receives a heartbeat, it sends back an ack. When the ack is received the timestamp of when a member last heard from its neighbor is reset.

When a member doesn’t receive any heartbeat acks from its neighbor for timeout * max_tries ms, that member is declared suspected, and will be excluded by GMS.

This is done by FD multicasting a SUSPECT(P) message which is handled by the current coordinator by double-checking the health of P (using VERIFY_SUSPECT) and - if P still doesn’t reply - by excluding P from the membership.

Note that setting msg_counts_as_heartbeat in P to true causes the timestamp of P in the pinging member to be reset.

<FD timeout="3000" max_tries="4" />
  • The membership is {A,B,C,D,E}.

  • Now C and D crash at the same time

  • B’s next heartbeats won’t get an ack

  • After roughly 12 seconds (4 * 3 secs), B suspects C

    • B now starts sending heartbeats to D

  • A (the coordinator) handles the SUSPECT(C) message from B and uses VERIFY_SUSPECT to double-check that C is really dead

  • After VERIFY_SUSPECT.timeout ms, A creates a new view {A,B,D,E} excluding C

  • After ca. 12 seconds, B sends a SUSPECT(D) message to the coordinator, which eventually also excludes D

Table 25. FD
Name Description


Number of times to send an are-you-alive message


Treat messages received from members as heartbeats. Note that this means we’re updating a value in a hashmap every time a message is passing up the stack through FD, which is costly.


Timeout to suspect a node P if neither a heartbeat nor data were received from P.

6.6.2. FD_ALL

Failure detection based on simple heartbeat protocol. Every member periodically multicasts a heartbeat. Every member also maintains a table of all members (minus itself). When data or a heartbeat from P are received, we reset the timestamp for P to the current time. Periodically, we check for expired members whose timestamp is greater than the timeout, and suspect those.

<FD_ALL timeout="12000" interval="3000" timeout_check_interval="2000"/>
  • The membership is {A,B,C,D,E}.

  • Every member broadcasts a heartbeat every 3 seconds. When received, the sender’s timestamp in the table is set to the current time

  • Every member also checks every 2 seconds if any member’s timestamp exceeds the timeout and suspects that member if this is the case

  • Now C and D crash at the same time

  • After roughly 12-13 seconds, A broadcasts a SUSPECT(C,D) message

  • The coordinator (A) uses VERIFY_SUSPECT to double check if C and D are dead

  • A creates a new view {A,B,E} which excludes C and D

Note Contrary to FD which suspects adjacent crashed members C and D one by one, FD_ALL suspects C and D in constant time. FD takes N * (timeout * max_tries) ms, whereas FD_ALL takes timeout ms
Table 26. FD_ALL
Name Description


Interval at which a HEARTBEAT is sent to the cluster


Treat messages received from members as heartbeats. Note that this means we’re updating a value in a hashmap every time a message is passing up the stack through FD_ALL, which is costly. Default is false


Timeout after which a node P is suspected if neither a heartbeat nor data were received from P


Interval at which the HEARTBEAT timeouts are checked


Uses TimeService to get the current time rather than System.currentTimeMillis. Might get removed soon, don’t use !

6.6.3. FD_ALL2

Similar to FD_ALL, but doesn’t use any timestamps. Instead, a boolean flag is associated with each member. When a message or heartbeat (sent every interval ms) from P is received, P’s flag is set to true. The heartbeat checker checks every timeout ms for members whose flag is false, suspects those, and - when done - resets all flags to false again. The times it takes to suspect a member are the same as for FD_ALL

Table 27. FD_ALL2
Name Description


Interval at which a HEARTBEAT is sent to the cluster


Treat messages received from members as heartbeats. Note that this means we’re updating a value in a hashmap every time a message is passing up the stack through FD_ALL2, which is costly. Default is false


Timeout after which a node P is suspected if neither a heartbeat nor data were received from P

6.6.4. FD_SOCK

Failure detection protocol based on a ring of TCP sockets created between cluster members, similar to FD but not using heartbeat messages.

Each member in a cluster connects to its neighbor (the last member connects to the first), thus forming a ring. Member B is suspected when its neighbor A detects abnormal closing of its TCP socket (presumably due to a crash of B). However, if B is about to leave gracefully, it lets its neighbor A know, so that A doesn’t suspect B.

  • The membership is {A,B,C,D,E}.

  • Members C and D are killed at the same time

  • B notices that C abnormally closed its TCP socket and broadcasts a SUSPECT(C) message

  • The current coordinator (A) asks VERIFY_SUSPECT to double check that C is dead

  • Meanwhile, B tries to create a TCP socket to the next-in-line (D) but fails. It therefore broadcasts a SUSPECT(D) message

  • A also handles this message and asks VERIFY_SUSPECT to double check if D is dead

  • After VERIFY_SUSPECT can’t verify that C and D are still alive, A creates a new view {A,B,E} and installs it

  • The time taken for FD_SOCK to suspect a member is very small (a few ms)

Note It is recommended to use FD_SOCK and FD or FD_ALL together in the same stack: FD_SOCK detects killed nodes immediately, and FD_ALL (with a higher timeout) detects hung members or kernel panics / crashed switches (which don’t close the TCP connection) after the timeout.
Table 28. FD_SOCK
Name Description


The NIC on which the ServerSocket should listen on. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK


Max age (in ms) an element marked as removed has to have until it is removed


Max number of elements in the cache until deleted elements are removed


Start port for client socket. Default value of 0 picks a random port


Use "external_addr" if you have hosts on different networks, behind firewalls. On each firewall, set up a port forwarding rule (sometimes called "virtual server") to the local IP (e.g. of the host then on each host, set "external_addr" TCP transport parameter to the external (public IP) address of the firewall.


Used to map the internal port (bind_port) to an external port. Only used if > 0


Timeout for getting socket cache from coordinator


Whether to use KEEP_ALIVE on the ping socket or not. Default is true


Number of attempts coordinator is solicited for socket cache until we give up


Number of ports to probe for start_port and client_bind_port


Max time in millis to wait for ping Socket.connect() to return


Start port for server socket. Default value of 0 picks a random port


Interval for broadcasting suspect messages

6.6.5. FD_HOST

To detect the crash or freeze of entire hosts and all of the cluster members running on them, FD_HOST can be used. It is not meant to be used in isolation, as it doesn’t detect crashed members on the local host, but in conjunction with other failure detection protocols, such as FD_ALL or FD_SOCK.

FD_HOST can be used when we have multiple cluster members running on a physical box. For example, if we have members {A,B,C,D} running on host 1 and {M,N,O,P} running on host 2, and host 1 is powered down, then A, B, C and D are suspected and removed from the cluster together, typically in one view change.

By default, FD_HOST uses InetAddress.isReachable() to perform liveness checking of other hosts, but if property cmd is set, then any script or command can be used. FD_HOST will launch the command and pass the IP address ot the host to be checked as argument. Example: cmd="ping -c 3".

A typical failure detection configuration would look like this:

<FD_ALL timeout="60000" interval="20000"/>
<FD_HOST interval="10000" timeout="35000" />

If we have members {A,B,C} on host, {M,N,O} on and {X,Y,Z} on, then the behavior is as follows:

Table 29. Failure detection behavior
Scenario Behavior

Any member (say O) crashes

FD_SOCK detects this immediately (as the TCP socket was closed). O is suspected and removed

Member Y hangs

FD_ALL starts missing heartbeats from Y (note that host is up) and suspects Y after 60 seconds. Y is removed from the view.

Host is shutdown (shutdown -h now)

Since this is a graceful shutdown, the OS closes all sockets. FD_SOCK therefore suspects A, B and C and removes them from the view immediately.

The power supply to host is cut, or panicked

FD_HOST detects that is not alive and suspects A, B and C after ~35 to 45s.

Member N leaves

Since this is a graceful leave, none of the failure detection protocols kick in

Table 30. FD_HOST
Name Description


Max time (in ms) that a liveness check for a single host can take


The command used to check a given host for liveness. Example: "ping". If null, InetAddress.isReachable() will be used by default


The interval (in ms) at which the hosts are checked for liveness


Max time (in ms) after which a host is suspected if it failed all liveness checks


Uses TimeService to get the current time rather than System.currentTimeMillis. Might get removed soon, don’t use !


Verifies that a suspected member is really dead by pinging that member one last time before excluding it, and dropping the suspect message if the member does respond.

VERIFY_SUSPECT tries to minimize false suspicions.

The protocol works as follows: it catches SUSPECT events traveling up the stack. Then it verifies that the suspected member is really dead. If yes, it passes the SUSPECT event up the stack, otherwise it discards it. VERIFY_SUSPECT Has to be placed somewhere above the failure detection protocol and below the GMS protocol (receiver of the SUSPECT event). Note that SUSPECT events may be reordered by this protocol.

Name Description


Interface for ICMP pings. Used if use_icmp is true The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK


Number of verify heartbeats sent to a suspected member


Number of millisecs to wait for a response from a suspected member


Use InetAddress.isReachable() to verify suspected member instead of regular messages


Send the I_AM_NOT_DEAD message back as a multicast rather than as multiple unicasts (default is false)

6.7. Reliable message transmission

6.7.1. NAKACK2

NAKACK2 provides reliable delivery and FIFO (= First In First Out) properties for messages sent to all nodes in a cluster.

It performs lossless and FIFO delivery of multicast messages, using negative acks. E.g. when receiving P:1, P:3, P:4, a receiver delivers only P:1, and asks P for retransmission of message 2, queuing P3-4. When P2 is finally received, the receiver will deliver P2-4 to the application.

Reliable delivery means that no message sent by a sender will ever be lost, as all messages are numbered with sequence numbers (by sender) and retransmission requests are sent to the sender of a message if that sequence number is not received.

Note Note that NAKACK2 can also be configured to send retransmission requests for M to anyone in the cluster, rather than only to the sender of M.

FIFO order means that all messages from a given sender are received in exactly the order in which they were sent.

Table 32. NAKACK2
Name Description


Size of the queue to hold messages received after creating the channel, but before being connected (is_server=false). After becoming the server, the messages in the queue are fed into up() and the queue is cleared. The motivation is to avoid retransmissions (see for details). 0 disables the queue.


Should messages delivered to application be discarded


discards warnings about promiscuous traffic


If true, trashes warnings about retransmission messages not found in the xmit_table (used for testing)


Timeout to rebroadcast messages. Default is 2000 msec


Max number of messages to ask for in a retransmit request. 0 disables this and uses the max bundle size in the transport


If enabled, multicasts the highest sent seqno every xmit_interval ms. This is skipped if a regular message has been multicast, and the task aquiesces if the highest sent seqno hasn’t changed for resend_last_seqno_max_times times. Used to speed up retransmission of dropped last messages (JGRP-1904)


Max number of times the last seqno is resent before acquiescing if last seqno isn’t incremented


Time during which identical warnings about messages from a non member will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.


Retransmit retransmit responses (messages) using multicast rather than unicast


Use a multicast to request retransmission of missing messages


Ask a random member for retransmission of a missing message. Default is false


Interval (in milliseconds) at which missing messages (from all retransmit buffers) are retransmitted


Number of milliseconds after which the matrix in the retransmission table is compacted (only for experts)


Number of elements of a row of the matrix in the retransmission table; gets rounded to the next power of 2 (only for experts). The capacity of the matrix is xmit_table_num_rows * xmit_table_msgs_per_row


Number of rows of the matrix in the retransmission table (only for experts)


Resize factor of the matrix in the retransmission table (only for experts)

6.7.2. UNICAST2

UNICAST3 provides reliable delivery and FIFO (= First In First Out) properties for point-to-point messages between a sender and a receiver.

Reliable delivery means that no message sent by a sender will ever be lost, as all messages are numbered with sequence numbers (by sender) and retransmission requests are sent to the sender of a message if that sequence number is not received. UNICAST3 uses a mixture of positive and negative acks (similar to NAKACK2). This reduces the communication overhead required for sending an ack for every message.

FIFO order means that all messages from a given sender are received in exactly the order in which they were sent.

On top of a reliable transport, such as TCP, UNICAST3 is not really needed. However, concurrent delivery of messages from the same sender is prevented by UNICAST3 by acquiring a lock on the sender’s retransmission table, so unless concurrent delivery is desired, UNICAST3 should not be removed from the stack even if TCP is used.

Details of UNICAST3’s design can be found here: UNICAST3

Table 33. UNICAST3
Name Description


Send an ack immediately when a batch of ack_threshold (or more) messages is received. Otherwise send delayed acks. If 1, ack single messages (similar to UNICAST)


Time (in ms) until a connection marked to be closed will get removed. 0 disables this


Time (in milliseconds) after which an idle incoming or outgoing connection is closed. The connection will get re-established when used again. 0 disables connection reaping


If true, trashes warnings about retransmission messages not found in the xmit_table (used for testing)


Max number of milliseconds we try to retransmit a message to any given member. After that, the connection is removed. Any new connection to that member will start with seqno #1 again. 0 disables this


Max number of messages to ask for in a retransmit request. 0 disables this and uses the max bundle size in the transport


Min time (in ms) to elapse for successive SEND_FIRST_SEQNO messages to be sent to the same sender


Interval (in milliseconds) at which messages in the send windows are resent


Number of milliseconds after which the matrix in the retransmission table is compacted (only for experts)


Number of elements of a row of the matrix in the retransmission table; gets rounded to the next power of 2 (only for experts). The capacity of the matrix is xmit_table_num_rows * xmit_table_msgs_per_row


Number of rows of the matrix in the retransmission table (only for experts)


Resize factor of the matrix in the retransmission table (only for experts)

6.7.3. RSVP

The RSVP protocol is not a reliable delivery protocol per se, but augments reliable protocols such as NAKACK, UNICAST or UNICAST2. It should be placed somewhere above these in the stack.

Table 34. RSVP
Name Description


When true, we pass the message up to the application and only then send an ack. When false, we send an ack first and only then pass the message up to the application.


Interval (in milliseconds) at which we resend the RSVP request. Needs to be < timeout. 0 disables it.


Whether an exception should be thrown when the timeout kicks in, and we haven’t yet received all acks. An exception would be thrown all the way up to JChannel.send(). If we use RSVP_NB, this will be ignored.


Max time in milliseconds to block for an RSVP’ed message (0 blocks forever).

6.8. Message stability

To serve potential retransmission requests, a member has to store received messages until it is known that every member in the cluster has received them. Message stability for a given message M means that M has been seen by everyone in the cluster.

The stability protocol periodically (or when a certain number of bytes have been received) initiates a consensus protocol, which multicasts a stable message containing the highest message numbers for a given member. This is called a digest.

When everyone has received everybody else’s stable messages, a digest is computed which consists of the minimum sequence numbers of all received digests so far. This is the stability vector, and contain only message sequence numbers that have been seen by everyone.

This stability vector is the broadcast to the group and everyone can remove messages from their retransmission tables whose sequence numbers are smaller than the ones received in the stability vector. These messages can then be garbage collected.

6.8.1. STABLE

STABLE garbage collects messages that have been seen by all members of a cluster. Each member has to store all messages because it may be asked to retransmit. Only when we are sure that all members have seen a message can it be removed from the retransmission buffers. STABLE periodically gossips its highest and lowest messages seen. The lowest value is used to compute the min (all lowest seqnos for all members), and messages with a seqno below that min can safely be discarded.

Note that STABLE can also be configured to run when N bytes have been received. This is recommended when sending messages at a high rate, because sending stable messages based on time might accumulate messages faster than STABLE can garbage collect them.

Table 35. STABLE
Name Description


Average time to send a STABLE message


Maximum number of bytes received in all messages before sending a STABLE message is triggered


Wether or not to send the STABLE messages to all members of the cluster, or to the current coordinator only. The latter reduces the number of STABLE messages, but also generates more work on the coordinator


Delay before stability message is sent

6.9. Group Membership

Group membership takes care of joining new members, handling leave requests by existing members, and handling SUSPECT messages for crashed members, as emitted by failure detection protocols. The algorithm for joining a new member is essentially:

- loop
- find initial members (discovery)
- if no responses:
    - become singleton group and break out of the loop
- else:
    - determine the coordinator (oldest member) from the responses
    - send JOIN request to coordinator
    - wait for JOIN response
    - if JOIN response received:
        - install view and break out of the loop
    - else
        - sleep for 5 seconds and continue the loop

6.9.1. pbcast.GMS

Table 36. GMS
Name Description



Whether or not to install a new view locally first before broadcasting it (only done in coord role). Set to true if a state transfer protocol is detected


Join timeout


Leave timeout


Logs failures for collecting all view acks if true


Logs warnings for reception of views less than the current, and for views which don’t include self


Max view bundling timeout if view bundling is turned on. Default is 50 msec


Number of join attempts before we give up and become a singleton. Zero means never give up.


The fully qualified name of a class implementing MembershipChangePolicy.


Timeout (in ms) to complete merge


Max number of old members to keep in history. Default is 50


Number of views to store in history


Print local address of this member after connect. Default is true


Print physical address(es) on startup


Timeout to resume ViewHandler


If true, then GMS is allowed to send VIEW messages with delta views, otherwise it always sends full views. See for details.


Use flush for view changes. Default is true


Time in ms to wait for all VIEW acks (0 == wait forever. Default is 2000 msec


View bundling toggle

Joining a new member

Consider the following situation: a new member wants to join a group. The prodedure to do so is:

  • Multicast an (unreliable) discovery request (ping)

  • Wait for n responses or m milliseconds (whichever is first)

  • Every member responds with the address of the coordinator

  • If the initial responses are > 0: determine the coordinator and start the JOIN protocol

  • If the initial response are 0: become coordinator, assuming that no one else is out there

However, the problem is that the initial mcast discovery request might get lost, e.g. when multiple members start at the same time, the outgoing network buffer might overflow, and the mcast packet might get dropped. Nobody receives it and thus the sender will not receive any responses, resulting in an initial membership of 0. This could result in multiple coordinators, and multiple subgroups forming. How can we overcome this problem ? There are two solutions:

  1. Increase the timeout, or number of responses received. This will only help if the reason of the empty membership was a slow host. If the mcast packet was dropped, this solution won’t help

  2. Add the MERGE2 or MERGE3 protocol. This doesn’t actually prevent multiple initial cordinators, but rectifies the problem by merging different subgroups back into one. Note that this might involve state merging which needs to be done by the application.

6.10. Flow control

Flow control takes care of adjusting the rate of a message sender to the rate of the slowest receiver over time. If a sender continuously sends messages at a rate that is faster than the receiver(s), the receivers will either queue up messages, or the messages will get discarded by the receiver(s), triggering costly retransmissions. In addition, there is spurious traffic on the cluster, causing even more retransmissions.

Flow control throttles the sender so the receivers are not overrun with messages.

This is implemented through a credit based system, where each sender has max_credits credits and decrements them whenever a message is sent. The sender blocks when the credits fall below 0, and only resumes sending messages when it receives a replenishment message from the receivers.

The receivers maintain a table of credits for all senders and decrement the given sender’s credits as well, when a message is received.

When a sender’s credits drops below a threshold, the receiver will send a replenishment message to the sender. The threshold is defined by min_bytes or min_threshold.

Note that flow control can be bypassed by setting message flag Message.NO_FC. See Tagging messages with flags for details.

The properties for FlowControl are shown below and can be used in MFC and UFC:

Table 37. FlowControl
Name Description


Max time (in ms) to block


Max times to block for the listed messages sizes (Message.getLength()). Example: "1000:10,5000:30,10000:500"


Max number of bytes to send per receiver until an ack must be received to proceed


Computed as max_credits x min_theshold unless explicitly set


The threshold (as a percentage of max_credits) at which a receiver sends more credits to a sender. Example: if max_credits is 1'000'000, and min_threshold 0.25, then we send ca. 250'000 credits to P once we’ve got only 250'000 credits left for P (we’ve received 750'000 bytes from P)

6.10.1. MFC and UFC

Note Flow control is implemented with MFC (Multicast Flow Control) and Unicast Flow Control (UFC). The reason for 2 separate protocols (which have a common superclass FlowControl) is that multicast flow control should not be impeded by unicast flow control, and vice versa. Also, performance for the separate implementations could be increased, plus they can be individually omitted.

For example, if no unicast flow control is needed, UFC can be left out of the stack configuration.


MFC has currently no properties other than those inherited by FlowControl (see above).


UFC has currently no properties other than those inherited by FlowControl (see above).

6.11. Fragmentation

6.11.1. FRAG and FRAG2

FRAG and FRAG2 fragment large messages into smaller ones, send the smaller ones, and at the receiver side, the smaller fragments will get assembled into larger messages again, and delivered to the application. FRAG and FRAG2 work for both unicast and multicast messages.

The difference between FRAG and FRAG2 is that FRAG2 does 1 less copy than FRAG, so it is the recommended fragmentation protocol. FRAG serializes a message to know the exact size required (including headers), whereas FRAG2 only fragments the payload (excluding the headers), so it is faster.

The properties of FRAG2 are:

Table 38. FRAG2
Name Description


The max number of bytes in a message. Larger messages will be fragmented

Contrary to FRAG, FRAG2 does not need to serialize a message in order to break it into smaller fragments: it looks only at the message’s buffer, which is a byte array anyway. We assume that the size addition for headers and src and dest addresses is minimal when the transport finally has to serialize the message, so we add a constant (by default 200 bytes). Because of the efficiency gained by not having to serialize the message just to determine its size, FRAG2 is generally recommended over FRAG.

6.12. Ordering


SEQUENCER provider total order for multicast (=group) messages by forwarding messages to the current coordinator, which then sends the messages to the cluster on behalf of the original sender. Because it is always the same sender (whose messages are delivered in FIFO order), a global (or total) order is established.

Sending members add every forwarded message M to a buffer and remove M when they receive it. Should the current coordinator crash, all buffered messages are forwarded to the new coordinator.

Name Description


Size of the set to store received seqnos (for duplicate checking)


Number of acks needed before going from ack-mode to normal mode. 0 disables this, which means that ack-mode is always on

6.12.2. Total Order Anycast (TOA)

A total order anycast is a totally ordered message sent to a subset of the cluster members. TOA intercepts messages with an AnycastMessage (carrying a list of addresses) and handles sending of the message in total order. Say the cluster is {A,B,C,D,E} and the Anycast is to {B,C}.

Skeen’s algorithm is used to send the message: B and C each maintain a logical clock (a counter). When a message is to be sent, TOA contacts B and C and asks them for their counters. B and C return their counters (incrementing them for the next request).

The originator of the message then sets the message’s ID to be the max of all returned counters and sends the message. Receivers then deliver the messages in order of their IDs.

The main use of TOA is currently in Infinispan’s transactional caches with partial replication: it is used to apply transactional modifications in total order, so that no two-phase commit protocol has to be run and no locks have to be acquired.

As shown in "Exploiting Total Order Multicast in Weakly Consistent Transactional Caches", when we have many conflicts by different transactions modifying the same keys, TOM fares better than 2PC.

Note that TOA is experimental (as of 3.1).

6.13. State Transfer

6.13.1. pbcast.STATE_TRANSFER

STATE_TRANSFER is the existing transfer protocol, which transfers byte[] buffers around. However, at the state provider’s side, JGroups creates an output stream over the byte[] buffer, and passes the ouput stream to the getState(OutputStream) callback, and at the state requester’s side, an input stream is created and passed to the setState(InputStream) callback.

This allows us to continue using STATE_TRANSFER, until the new state transfer protocols are going to replace it (perhaps in 4.0).

In order to transfer application state to a joining member of a cluster, STATE_TRANSFER has to load entire state into memory and send it to a joining member. The major limitation of this approach is that for state transfers that are very large this would likely result in memory exhaustion.

For large state transfer use either the STATE or STATE_SOCK protocol. However, if the state is small, STATE_TRANSFER is okay.

6.13.2. StreamingStateTransfer

StreamingStateTransfer is the superclass of STATE and STATE_SOCK (see below). Its properties are:

Table 40. StreamingStateTransfer
Name Description


Size (in bytes) of the state transfer buffer


Maximum number of pool threads serving state requests


Keep alive for pool threads serving state requests

6.13.3. pbcast.STATE


STATE was renamed from (2.x) STREAMING_STATE_TRANSFER, and refactored to extend a common superclass StreamingStateTransfer. The other state transfer protocol extending StreamingStateTransfer is STATE_SOCK (see STATE_SOCK).

STATE uses a streaming approach to state transfer; the state provider writes its state to the output stream passed to it in the getState(OutputStream) callback, which chunks the stream up into chunks that are sent to the state requester in separate messages.

The state requester receives those chunks and feeds them into the input stream from which the state is read by the setState(InputStream) callback.

The advantage compared to STATE_TRANSFER is that state provider and requester only need small (transfer) buffers to keep a part of the state in memory, whereas STATE_TRANSFER needs to copy the entire state into memory.

If we for example have a list of 1 million elements, then STATE_TRANSFER would have to create a byte[] buffer out of it, and return the byte[] buffer, whereas a streaming approach could iterate through the list and write each list element to the output stream. Whenever the buffer capacity is reached, we’d then send a message and the buffer would be reused to receive more data.


STATE has currently no properties other than those inherited by StreamingStateTransfer (see above).

6.13.4. STATE_SOCK

STATE_SOCK is also a streaming state transfer protocol, but compared to STATE, it doesn’t send the chunks as messages, but uses a TCP socket connection between state provider and requester to transfer the state.

The state provider creates a server socket at a configurable bind address and port, and the address and port are sent back to a state requester in the state response. The state requester then establishes a socket connection to the server socket and passes the socket’s input stream to the setState(InputStream) callback.


The configuration options of STATE_SOCK are listed below:

Table 41. STATE_SOCK
Name Description


The interface (NIC) used to accept state requests. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK


The interface (NIC) which should be used by this transport


The port listening for state requests. Default value of 0 binds to any (ephemeral) port


Use "external_addr" if you have hosts on different networks, behind firewalls. On each firewall, set up a port forwarding rule (sometimes called "virtual server") to the local IP (e.g. of the host then on each host, set "external_addr" TCP transport parameter to the external (public IP) address of the firewall.


Used to map the internal port (bind_port) to an external port. Only used if > 0

6.13.5. BARRIER

BARRIER is used by some of the state transfer protocols, as it lets existing threads complete and blocks new threads to get both the digest and state in one go.

In 3.1, a new mechanism for state transfer will be implemented, eliminating the need for BARRIER. Until then, BARRIER should be used when one of the state transfer protocols is used. BARRIER is part of every default stack which contains a state transfer protocol.

Table 42. BARRIER
Name Description


Max time (in ms) to wait until the threads which passed the barrier before it was closed have completed. If this time elapses, an exception will be thrown and state transfer will fail. 0 = wait forever


Max time barrier can be closed. Default is 60000 ms

6.14. pbcast.FLUSH

Flushing forces group members to send all their pending messages prior to a certain event. The process of flushing acquiesces the cluster so that state transfer or a join can be done. It is also called the stop-the-world model as nobody will be able to send messages while a flush is in process. Flush is used in:

State transfer

When a member requests state transfer, it tells everyone to stop sending messages and waits for everyone’s ack. Then it have received everyone’s asks, the application asks the coordinator for its state and ships it back to the requester. After the requester has received and set the state successfully, the requester tells everyone to resume sending messages.

View changes (e.g.a join)

Before installing a new view V2, flushing ensures that all messages sent in the current view V1 are indeed delivered in V1, rather than in V2 (in all non-faulty members). This is essentially Virtual Synchrony.

FLUSH is designed as another protocol positioned just below the channel, on top of the stack (e.g. above STATE_TRANSFER). The STATE_TRANSFER and GMS protocols request a flush by sending an event up the stack, where it is handled by the FLUSH protcol. Another event is sent back by the FLUSH protocol to let the caller know that the flush has completed. When done (e.g. view was installed or state transferred), the protocol sends a message, which will allow everyone in the cluster to resume sending.

A channel is notified that the FLUSH phase has been started by the Receiver.block() callback.

Table 43. FLUSH
Name Description


When set, FLUSH is bypassed, same effect as if FLUSH wasn’t in the config at all


Reconciliation phase toggle. Default is true


Timeout to wait for UNBLOCK after STOP_FLUSH is issued. Default is 2000 msec


Retry timeout after an unsuccessful attempt to quiet the cluster (first flush phase). Default is 3000 msec


Timeout (per atttempt) to quiet the cluster during the first flush phase. Default is 2000 msec


Max time to keep channel blocked in flush. Default is 8000 msec

6.15. Security

Security is used to prevent (1) non-authorized nodes being able to join a cluster and (2) non-members being able to communicate with cluster members.

(1) is handled by AUTH or SASL which allows only authenticated nodes to join a cluster.

(2) is handled by the encryption protocol (SYM_ENCRYPT or ASYM_ENCRYPT) which encrypts messages between cluster members such that a non-member cannot understand them.

6.15.1. Encryption

Encryption is based on a shared secret key that all members of a cluster have. The key is either acquired from a shared keystore (symmetric encryption) or a new joiner fetches it from the coordinator via public/private key exchange (asymmetric encryption).

A sender encrypts a message with the shared secret key and the receivers decrypt it with the same secret key.

By default, the entire message (including the headers) is encrypted, but it is also possible to only encrypt the payload (this is configurable). If the headers are not encrypted, it is possible to use replay attacks, because the sequence numbers (seqnos) of a message are seen. For example, if a seqno is 50, then an attacker might copy the message, and increment the seqno. This is prevented by copying and signing the message.

A message can be signed, which is a hash over the encrypted message, encrypted with the secret key. If the hash shipped with a message doesn’t match the hash computed over the received message, the message will be discarded by a receiver, and no attempt is made to decrypt it.

The cost of encrypting the entire message includes serializing the entire message (including headers, flags, destination address etc) and encrypting it into the buffer of a new message (to the same destination). If message signing is enabled, the cost of computing a hashcode and encrypting it is added to the above cost.

Attributes present in both symmetric and asymmetric encryption include sign_msgs and encrypt_entire_message.


This is done by SYM_ENCRYPT. The configuration includes mainly attributes that define the keystore, e.g. keystore_name (name of the keystore, needs to be found on the classpath), store_password, key_password and alias.

SYM_ENCRYPT uses store type JCEKS (for details between JKS and JCEKS see here), however keytool uses JKS, therefore a keystore generated with keytool will not be accessible.

To generate a keystore compatible with JCEKS, use the following command line options to keytool:

keytool -genseckey -alias myKey -keypass changeit -storepass changeit  -keyalg Blowfish -keysize 56 -keystore defaultStore.keystore -storetype  JCEKS

SYM_ENCRYPT could then be configured as follows:

<SYM_ENCRYPT sym_algorithm="AES"

Note that defaultStore.keystore will have to be found in the claspath.

Note Both SYM_ENCRYPT and ASYM_ENCRYPT should be placed directly under NAKACK2 (see sample configurations, e.g. sym-encrypt.xml or asym-encrypt.xml).
Name Description


Alias used for recovering the key. Change the default


Password for recovering the key. Change the default


File on classpath that contains keystore repository


The type of the keystore. Types are listed in


Password used to check the integrity/unlock the keystore. Change the default


Contrary to SYM_ENCRYPT, the secret key is not fetched from a shared keystore, but from the current coordinator C. After new member P joined the cluster (passing the join check done by AUTH), P sends a request to get the secret key (including P’s public key) to C.

C then sends the secret key back to P, encrypted with P’s public key, and P decrypts it with its private key and installs it. From then on, P encrypts and decrypts messages using the secret key.

When a member leaves, C can optionally (based on change_key_on_leave) create a new secret key, and every cluster member needs to fetch it again, using the public/private key exchange described above.

A stack configured to use asymmetric encryption could look like this:

    <ASYM_ENCRYPT encrypt_entire_message="true"

    <AUTH auth_class="org.jgroups.auth.MD5Token"
    <pbcast.GMS join_timeout="2000" />

The configuration snippet shows ASYM_ENCRYPT positioned just below NAKACK2, so that headers of the important retransmission protocols NAKACK2 and UNICAST3 are encrypted, too. Note that AUTH should be part of the configuration, or else unauthenticated nodes would be able to acquire the secret key from the coordinator.

Name Description


When a member leaves the view, change the secret key, preventing old members from eavesdropping

6.15.2. AUTH

Authentication is performed by AUTH. Its main use is to make sure only authenticated members can join a cluster. Other scenarios where a check is performed are:

  • Merging: make sure only authenticated members can merge into a new cluster

  • View installation (if enabled): views and merge views can only be installed by authenticated members

So authentication makes sure that rogue nodes will never be able to be members of a cluster, be it via joining or merging. Note that while AUTH is optional with SYM_ENCRYPT, it is required by ASYM_ENCRYPT: there’s a sanity check that will prevent a member to start if ASYM_ENCRYPT is present but AUTH is absent.

AUTH provides pluggable security that defines if a node should be allowed to join a cluster. AUTH sits below the GMS protocol and listens for JOIN REQUEST messages. When a JOIN REQUEST is received it tries to find an AuthHeader object, inside of which should be an implementation of the AuthToken object.

AuthToken is an abstract class, implementations of which are responsible for providing the actual authentication mechanism. Some basic implementations of AuthToken are provide in the org.jgroups.auth package (SimpleToken, MD5Token and X509Token). Effectivly all these implementations do is encrypt a string (found in the jgroups config) and pass that on the JOIN REQUEST.

When authentication is successful, the message is simply passed up the stack to the GMS protocol. When it fails, the AUTH protocol creates a JOIN RESPONSE message with a failure string and passes it back down the stack. This failure string informs the client of the reason for failure. Clients will then fail to join the group and will throw a SecurityException. If this error string is null then authentication is considered to have passed.

For more information refer to the wiki at AUTH.

Table 46. AUTH
Name Description


The fully qualified name of the class implementing the AuthToken interface


Do join or merge responses from the coordinator also need to be authenticated

AuthToken implementations

The AuthToken implememntations are listed below. Check the javadoc for details.

Name Description


Uses a simple string (password) which is shared, and sent along with the authentication request


A fixed list of IP address:port pairs. If the requester is not in this list, authentication fails


Uses a regular expression to match against IP address or hostname


Uses Kerberos for authentication


Uses an MD5 hash of a simple string (similar to SimpleString above, but hashed instead of plaintext)


Uses a shared X.509 certificate


Uses a challenge-response mechanism

6.15.3. SASL

SASL is an alternative to the AUTH protocol which provides a layer of authentication to JGroups by allowing the use of one of the SASL mechanisms made available by the JDK. SASL sits below the GMS protocol and listens for JOIN / MERGE REQUEST messages. When a JOIN / MERGE REQUEST is received it tries to find a SaslHeader object which contains the initial response required by the chosen SASL mech. This initiates a sequence of challenge/response messages which, if successful, culminates in allowing the new node to join the cluster. The actual validation logic required by the SASL mech must be provided by the user in the form of a standard implementation.

When authentication is successful, the message is simply passed up the stack to the GMS protocol. When it fails, the SASL protocol creates a JOIN / MERGE RESPONSE message with a failure string and passes it back down the stack. This failure string informs the client of the reason for failure. Clients will then fail to join the group and will throw a SecurityException. If this error string is null then authentication is considered to have passed.

SASL can be (minimally) configured as follows:

<config ... >
    <UDP />
    <PING />
    <pbcast.NAKACK />
    <UNICAST3 />
    <pbcast.STABLE />
    <SASL mech="DIGEST-MD5"
    <pbcast.GMS />


The mech property specifies the SASL mech you want to use, as defined by RFC-4422. You will also need to provide two callback handlers, one used when the node is running as coordinator (server_callback_handler) and one used in all other cases (client_callback_handler). Refer to the JDK’s SASL reference guide for more details:

The JGroups package comes with a simple properties-based CallbackHandler which can be used when a more complex Kerberos/LDAP approach is not needed. To use this set both the (server_callback_handler) and the (client_callback_handler) to org.jgroups.auth.sasl.SimpleAuthorizingCallbackHandler. This CallbackHandler can be configured either programmatically by passing to the constructor an instance of java.util.Properties containing the appropriate properties, or via standard Java system properties (i.e. set on the command-line using the -DpropertyName=propertyValue notation. The following properties are available:

  • - the path to a property file which contains principal/credential mappings represented as principal=password

  • sasl.local.principal - the name of the principal that is used to identify the local node. It must exist in the file

  • - (optional) the path to a property file which contains principal/roles mappings represented as principal=role1,role2,role3

  • sasl.role - (optional) if present, authorizes joining nodes only if their principal is

  • sasl.realm - (optional) the name of the realm to use for the SASL mechanisms that require it

Table 47. SASL
Name Description


The CallbackHandler to use when a node acts as a client (i.e. it is not the coordinator




The name to use when a node is acting as a client (i.e. it is not the coordinator. Will also be used to obtain the subject if using a JAAS login module


The password to use when a node is acting as a client (i.e. it is not the coordinator. Will also be used to obtain the subject if using a JAAS login module


The name of the JAAS login module to use to obtain a subject for creating the SASL client and server (optional). Only required by some SASL mechs (e.g. GSSAPI)


The name of the mech to require for authentication. Can be any mech supported by your local SASL provider. The JDK comes standard with CRAM-MD5, DIGEST-MD5, GSSAPI, NTLM


Properties specific to the chosen mech


The CallbackHandler to use when a node acts as a server (i.e. it is the coordinator




The fully qualified server name


How long to wait (in ms) for a response to a challenge

6.16. Misc

6.16.1. Statistics

STATS exposes various statistics, e.g. number of received multicast and unicast messages, number of bytes sent etc. It should be placed directly over the transport

6.16.2. COMPRESS

COMPRESS compresses messages larger than min_size, and uncompresses them at the receiver’s side. Property compression_level determines how thorough the compression algorith should be (0: no compression, 9: highest compression).

Table 48. COMPRESS
Name Description


Compression level (from (0=no compression, 1=best speed, 9=best compression). Default is 9


Minimal payload size of a message (in bytes) for compression to kick in. Default is 500 bytes


Number of inflaters/deflaters for concurrent processing. Default is 2

6.16.3. NAMING

If IpAddressUUIDs are used, then the address/logical_name cache may not be populated for all members. Note that this doesn’t affect correctness, but instead of logical names, the real IP addresses of some members will be printed (e.g. in debug logs).

To prevent this, NAMING can be added to the stack. The typical location is somewhere towards the bottom of the stack, e.g. above the discovery protocol (e.g. PING).

Note NAMING is only needed when TP.use_ip_addrs is true.
Table 49. NAMING
Name Description


Stagger timeout (in ms). Staggering will be a random timeout in range [0 .. stagger_timeout]

6.16.4. RELAY

RELAY bridges traffic between seperate clusters, see Bridging between remote clusters for details.

Table 50. RELAY
Name Description


Name of the bridge cluster


Properties of the bridge cluster (e.g. tcp.xml)


Drops views received from below and instead generates global views and passes them up. A global view consists of the local view and the remote view, ordered by view ID. If true, no protocolwhich requires (local) views can sit on top of RELAY


If set to false, don’t perform relaying. Used e.g. for backup clusters; unidirectional replication from one cluster to another, but not back. Can be changed at runtime


Description of the local cluster, e.g. "nyc". This is added to every address, so itshould be short. This is a mandatory property and must be set

6.16.5. RELAY2

RELAY2 provides clustering between different sites (local clusters), for multicast and unicast messages. See Relaying between multiple sites (RELAY2) for details.

Table 51. RELAY2
Name Description


If true, the creation of the relay channel (and the connect()) are done in the background. Async relay creation is recommended, so the view callback won’t be blocked


Whether or not this node can become the site master. If false, and we become the coordinator, we won’t start the bridge(s)


If true, a site master forwards messages received from other sites to randomly chosen members of the local site for load balancing, reducing work for itself


Name of the relay configuration


Whether or not we generate our own addresses in which we use can_become_site_master. If this property is false, can_become_site_master is ignored


Maximum number of site masters. Setting this to a value greater than 1 means that we can have multiple site masters. If the value is greater than the number of cluster nodes, everyone in the site will be a site master (and thus join the global cluster


Whether or not to relay multicast (dest=null) messages


Name of the site (needs to be defined in the configuration)


Fully qualified name of a class implementing SiteMasterPicker


If true, logs a warning if the FORWARD_TO_COORD protocol is not found. This property might get deprecated soon

6.16.6. STOMP

STOMP is discussed in STOMP support. The properties for it are shown below:

Table 52. STOMP
Name Description


The bind address which should be used by the server socket. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK


If set, then endpoint will be set to this address


If set to false, then a destination of /a/b match /a/b/c, a/b/d, a/b/c/d etc


Forward received messages which don’t have a StompHeader to clients


Port on which the STOMP protocol listens for requests


If true, information such as a list of endpoints, or views, will be sent to all clients (via the INFO command). This allows for example intelligent clients to connect to a different server should a connection be closed.


The DAISYCHAIN protocol is discussed in Daisychaining.

Name Description


Loop back multicast messages


RATE_LIMITER can be used to set a limit on the data sent per time unit. When sending data, only max_bytes can be sent per time_period milliseconds. E.g. if max_bytes="50M" and time_period="1000", then a sender can only send 50MBytes / sec max.

Name Description


Max number of bytes to be sent in time_period ms. Blocks the sender if exceeded until a new time period has started


Number of milliseconds during which max_bytes bytes can be sent

6.16.9. Locking protocols

The locking protocol is org.jgroups.protocols.CENTRAL_LOCK:

Table 55. Locking
Name Description


bypasses message bundling if set


Number of locks to be used for lock striping (for synchronized access to the server_lock entries)


CENTRAL_LOCK has the current coordinator of a cluster grants locks, so every node has to communicate with the coordinator to acquire or release a lock. Lock requests by different nodes for the same lock are processed in the order in which they are received.

A coordinator maintains a lock table. To prevent losing the knowledge of who holds which locks, the coordinator can push lock information to a number of backups defined by num_backups. If num_backups is 0, no replication of lock information happens. If num_backups is greater than 0, then the coordinator pushes information about acquired and released locks to all backup nodes. Topology changes might create new backup nodes, and lock information is pushed to those on becoming a new backup node.

The advantage of CENTRAL_LOCK is that all lock requests are granted in the same order across the cluster.

Name Description


Number of backups to the coordinator. Server locks get replicated to these nodes as well


By default, a lock owner is address:thread-id. If false, we only use the node’s address. See for details


CENTRAL_EXECUTOR is an implementation of Executing which is needed by the ExecutionService.

Table 57. Executing
Name Description


bypasses message bundling if set

Name Description


Number of backups to the coordinator. Queue State gets replicated to these nodes as well

6.16.11. COUNTER

COUNTER is the implementation of cluster wide counters, used by the CounterService.

Table 59. COUNTER
Name Description


Bypasses message bundling if true


Number of backup coordinators. Modifications are asynchronously sent to all backup coordinators


Number of milliseconds to wait for reconciliation responses from all current members


Request timeouts (in ms). If the timeout elapses, a Timeout (runtime) exception will be thrown


SUPERVISOR is a protocol which runs rules which periodically (or event triggered) check conditions and take corrective action if a condition is not met. Example: org.jgroups.protocols.rules.CheckFDMonitor is a rule which periodically checks if FD’s monitor task is running when the cluster size is > 1. If not, the monitor task is started.

The SUPERVISOR is explained in more detail in Supervising a running stack

Name Description


Location of an XML file listing the rules to be installed

6.16.13. FORK

FORK allows ForkChannels to piggy-back messages on a regular channel. Needs to be placed towards the top of the stack. See ForkChannels: light-weight channels to piggy-back messages over an existing channel for details.

Table 61. FORK
Name Description


Points to an XML file defining the fork-stacks, which will be created at initialization. Ignored if null


If enabled, state transfer events will be processed, else they will be passed up

1. It could be that the member is suspected falsely, in which case the next view would still contain the suspected member (there is no unsuspect() method
2. Note that block() will be called in a Receiver when the flush is about to start and unblock() will be called when it ends