vLLM Inter-Node Communication Security Risks: Unencrypted Default Config

Key Vulnerability Information Inter-Node Communication Insecure by Default: All inter-node communications in multi-node vLLM deployments are insecure by default. Protection must be achieved by placing nodes in an isolated network. Communication Types: - PyTorch distributed communication - KV cache transfer communication - Tensor, pipeline, and data parallel communication Configuration Options for Inter-Node Communications Environment Variables: - : IP address for vLLM process communication KV Cache Transfer Configuration: - : IP address for KV cache transfer communication (default: 127.0.0.1) - : Port for KV cache transfer communication (default: 14579) Data Parallel Configuration: - : IP address of the data parallel master node (default: 127.0.0.1) - : Port of the data parallel master node (default: 29500) Notes on PyTorch Distributed Key Points: - PyTorch distributed functionality is used only for internal communication - Not suitable for untrusted environments or networks - No authentication protocol is included to maintain performance - Messages are sent unencrypted - Connections can originate from anywhere without verification Security Recommendations 1. Network Isolation: - Deploy vLLM nodes on a dedicated, isolated network - Use network segmentation to prevent unauthorized access - Implement appropriate firewall rules 2. Configuration Best Practices: - Always set to a specific IP address instead of relying on the default - Configure firewalls to allow only necessary ports between nodes 3. Access Control: - Restrict physical and network access to the deployment environment - Implement proper authentication and authorization for management interfaces - Follow the principle of least privilege for all system components Security and Firewalls: Protecting Exposed vLLM Systems Primary Concern: When using , vLLM leverages distributed communication, including when running vLLM on a single host. When vLLM initializes via TCP, PyTorch creates a that listens on all network interfaces by default. This means that unless additional protective measures are in place, these services may be accessible from any host that can reach the machine through any network interface. Firewall Configuration Guidance Best Practices: - Block all incoming connections except for the TCP port the API server is listening on - Ensure internal communication ports (such as and KV cache transfer) are accessible only from trusted hosts or networks - Never expose these internal ports to the public internet or untrusted networks Reporting Security Vulnerabilities Reporting Process: If you discover a security vulnerability in vLLM, please report it according to the project’s security policy. For more information on how to report security issues and the project’s security policy, see vLLM Security Policy.

Goal Reached Thanks to every supporter — we hit 100%!

vLLM Inter-Node Communication Security Risks: Unencrypted Default Config