I know Redis Cluster is still unstable, but it's been passing all the unit tests since quite a long time so I started using it.
I would like to know if a Redis Cluster would work well if the nodes required authentication. I'm incline to think yes, because they connect through a different port and use a different protocol, but I'm not sure and couldn't find any documentation or anything on the spec to confirm this.
Also, if the redis cluster protocol flies over the authentication barrier, isn't it a hole in security ? Could my database be accessed by the outside world ? (the port at least must be accessible so it can talk to the other nodes)
If any protocol flies over the internet you would need encryption ("ssl") e.g across data- centers . This in general will effect performance. In the current security spec of Redis -
http://redis.io/topics/security
it is advised that ssl is not supported and you would require a SSL proxy. This should in general cause a system performance hit e.g. latency that you would have to take into account.
So ideally cluster nodes should be co-located. If they cannot be then the cluster should be designed so that it limits cross site data transport or does it off line without any real time constraints.
I have also chosen to disable/enable commands on a need only basis for each node (see details in the security spec above). I am not sure it this is supported in cluster mode or not.