You may receive one of the following errors while connecting your Application to Aura DB through a driver:
-
Could not connect to any routing servers
- If you do not tell the driver that encryption is on, you may see the "ServiceUnavailable" error, along with an error telling you "No routing servers available" in your browser's console log, similar to:
Neo4jError: Could not perform discovery. No routing servers available. Known routing table: RoutingTable[database=default database, expirationTime=0, currentTime=1576853357420, routers=[], readers=[], writers=[]]
Causes
- Neo4j 4.0.x and later drivers have replaced the 'bolt+routing://' protocol with 'neo4j://' protocol.
- Additionally, Neo4j Aura has stricter encryption requirements.
- On rare occasions, the ServiceUnavailable error could be transient
Solution
- Since
v4.0.1
of the Java and .NET drivers, andv4.0.2
of the JavaScript driver, you can configure the encryption and trust settings of the driver directly through the connection URI. - The
neo4j+s
andbolt+s
schemes enable encryption and full certificate checks against the system's local CA store. Theneo4j+ssc
andbolt+ssc
schemes also enable encryption with no certificate checks, typically for use with self-signed certificates.
URI | Routing | Description |
---|---|---|
|
Yes |
Secured with full certificate |
|
Yes |
Secured with a self-signed certificate |
|
No |
Secured with full certificate |
|
No |
Secured with a self-signed certificate |
Any of these schemes would work with Aura. However, we generally recommend using neo4j+s as it is more secure and less prone to potential man-in-the-middle attacks.
Note:
You cannot use one of the Secured URI schemes and have encryption enabled in the driver configuration at the same time. Attempting to do so will result in the below error:
The config settings 'encrypted' and 'trust' can only be used with the URI schemes ['bolt', 'neo4j'].
Using the unencrypted connection schemes (bolt:// or neo4j://):
If you have to use the unencrypted connection schemes for some reason, you must explicitly tell the driver that encryption is on.
For example, using the Javascript driver, your neo4j.driver() call should look something like this:
const driver = neo4j.driver(DBID, neo4j.auth.basic(username, password), {
encrypted: 'ENCRYPTION_ON', trust:'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES'
})
Python Example:
x = neo4j.GraphDatabase.driver("neo4j://<DBID>.databases.neo4j.io:7687",
auth=(<username>, <password>),encrypted=True, trust='TRUST_SYSTEM_CA_SIGNED_CERTIFICATES')
Transient errors:
It is advisable to setup a retry mechanism in your client application to handle transient errors.
For ServiceUnavailable exceptions, this retry attempt should include reinitializing the driver object.
Comments
0 comments
Please sign in to leave a comment.