Expand and consolidate networking docs (#68051)

Today's network config docs are split into "Network", "HTTP" and
"Transport" pages, with unclear relationships between them. We often
encounter users with weird configs that indicate they don't really
understand how these settings all relate. In fact these pages are all
very interrelated, and the HTTP and Transport pages are almost all only
for advanced users. This commit brings these docs into a single page and
rewords some things to try and guide users away from the advanced
settings unless their configuration needs all the extra complexity.

It also adds a section entitled "Binding and publishing" which clarifies
the meanings of the `bind_host` and `publish_host` parameters. This is
also a common source of confusion amongst users.

It also clarifies that many of these settings accept a list of
addresses, and warns that this may not be what you want. Closes #67956.

Co-authored-by: Adam Locke <adam.locke@elastic.co>

distribution/src/config/elasticsearch.yml

@@ -50,11 +50,13 @@ ${path.logs}
 #
 # ---------------------------------- Network -----------------------------------
 #
-# Set the bind address to a specific IP (IPv4 or IPv6):
+# By default Elasticsearch is only accessible on localhost. Set a different
+# address here to expose this node on the network:
 #
 #network.host: 192.168.0.1
 #
-# Set a custom port for HTTP:
+# By default Elasticsearch listens for HTTP traffic on the first free port it
+# finds starting at 9200. Set a specific HTTP port here:
 #
 #http.port: 9200
 #

docs/reference/api-conventions.asciidoc

@@ -1,7 +1,7 @@
 [[api-conventions]]
 == API conventions
 
-The *Elasticsearch* REST APIs are exposed using <<modules-http,JSON over HTTP>>.
+The *Elasticsearch* REST APIs are exposed using JSON over HTTP.
 
 The conventions listed in this chapter can be applied throughout the REST
 API, unless otherwise specified.

docs/reference/cluster/nodes-stats.asciidoc

@@ -195,7 +195,7 @@ Human-readable identifier for the node. Based on the <<node-name>> setting.
 
 `transport_address`::
 (string)
-Host and port for the <<modules-transport,transport layer>>, used for internal
+Host and port for the <<transport-settings,transport layer>>, used for internal
 communication between nodes in a cluster.
 
 `host`::

docs/reference/how-to/general.asciidoc

@@ -15,7 +15,7 @@ use the <<scroll-search-results,Scroll>> API.
 [[maximum-document-size]]
 === Avoid large documents
 
-Given that the default <<modules-http,`http.max_content_length`>> is set to
+Given that the default <<http-settings,`http.max_content_length`>> is set to
 100MB, Elasticsearch will refuse to index any document that is larger than
 that. You might decide to increase that particular setting, but Lucene still
 has a limit of about 2GB.

docs/reference/modules/discovery.asciidoc

@@ -3,8 +3,7 @@
 
 The discovery and cluster formation processes are responsible for discovering
 nodes, electing a master, forming a cluster, and publishing the cluster state
-each time it changes. All communication between nodes is done using the
-<<modules-transport,transport>> layer.
+each time it changes.
 
 The following processes and settings are part of discovery and cluster
 formation:

docs/reference/modules/discovery/bootstrapping.asciidoc

@@ -20,9 +20,10 @@ node:
   to the node's hostname. You must use either the fully-qualified hostname or
   the bare hostname <<modules-discovery-bootstrap-cluster-fqdns,depending on
   your system configuration>>.
-- The IP address of the node's <<modules-transport,publish address>>, if it is
-  not possible to use the `node.name` of the node. This is normally the IP
-  address to which <<common-network-settings,`network.host`>> resolves but
+- The IP address of the node's <<modules-network-binding-publishing,transport
+  publish address>>, if it is not possible to use the `node.name` of the node.
+  This is normally the IP address to which
+  <<common-network-settings,`network.host`>> resolves but
   <<advanced-network-settings,this can be overridden>>.
 - The IP address and port of the node's publish address, in the form `IP:PORT`,
   if it is not possible to use the `node.name` of the node and there are

docs/reference/modules/http.asciidoc

@@ -1,44 +1,53 @@
-[[modules-http]]
-=== HTTP
-[[modules-http-description]]
-// tag::modules-http-description-tag[]
-The HTTP layer exposes {es}'s REST APIs over HTTP. Clients send HTTP requests
-to a node in the cluster which either handles it locally or else passes it on
-to other nodes for further processing using the <<modules-transport,Transport
-layer>>.
-
-When possible, consider using {wikipedia}/Keepalive#HTTP_Keepalive[HTTP keep
-alive] when connecting for better performance and try to get your favorite
-client not to do {wikipedia}/Chunked_transfer_encoding[HTTP chunking].
-// end::modules-http-description-tag[]
-
-[http-settings]
+[[http-settings]]
 ==== HTTP settings
 
-The following settings can be configured for HTTP. These settings also use the common <<modules-network,network settings>>.
+The following settings allow you to configure the HTTP interface independently
+of the <<transport-settings,transport interface>>. You can also configure both
+interfaces together using the <<common-network-settings,network settings>>.
 
 `http.port`::
 (<<static-cluster-setting,Static>>)
-A bind port range. Defaults to `9200-9300`.
+The port to bind for HTTP client communication. Accepts a single value or a
+range. If a range is specified, the node will bind to the first available port
+in the range.
++
+Defaults to `9200-9300`.
 
-`http.publish_port`::
+`http.host`::
 (<<static-cluster-setting,Static>>)
-The port that HTTP clients should use when
-communicating with this node. Useful when a cluster node is behind a
-proxy or firewall and the `http.port` is not directly addressable
-from the outside. Defaults to the actual port assigned via `http.port`.
+Sets the address of this node for HTTP traffic. The node will bind to this
+address and will also use it as its HTTP publish address. Accepts an IP
+address, a hostname, or a <<network-interface-values,special value>>.
+Use this setting only if you require different configurations for the
+transport and HTTP interfaces.
++
+Defaults to the address given by `network.host`.
 
 `http.bind_host`::
 (<<static-cluster-setting,Static>>)
-The host address to bind the HTTP service to. Defaults to `http.host` (if set) or `network.bind_host`.
+The network address(es) to which the node should bind in order to listen for
+incoming HTTP connections. Accepts a list of IP addresses, hostnames, and
+<<network-interface-values,special values>>. Defaults to the address given by
+`http.host` or `network.bind_host`. Use this setting only if you require to
+bind to multiple addresses or to use different addresses for publishing and
+binding, and you also require different binding configurations for the
+transport and HTTP interfaces.
 
 `http.publish_host`::
 (<<static-cluster-setting,Static>>)
-The host address to publish for HTTP clients to connect to. Defaults to `http.host` (if set) or `network.publish_host`.
+The network address for HTTP clients to contact the node using sniffing.
+Accepts an IP address, a hostname, or a <<network-interface-values,special
+value>>. Defaults to the address given by `http.host` or
+`network.publish_host`. Use this setting only if you require to bind to
+multiple addresses or to use different addresses for publishing and binding,
+and you also require different binding configurations for the transport and
+HTTP interfaces.
 
-`http.host`::
+`http.publish_port`::
 (<<static-cluster-setting,Static>>)
-Used to set the `http.bind_host` and the `http.publish_host`.
+The port of the <<modules-network-binding-publishing,HTTP publish address>>.
+Configure this setting only if you need the publish port to be different from
+`http.port`. Defaults to the port assigned via `http.port`.
 
 `http.max_content_length`::
 (<<static-cluster-setting,Static>>)
@@ -185,33 +194,3 @@ Defaults to `network.tcp.send_buffer_size`.
 (<<static-cluster-setting,Static>>)
 The size of the TCP receive buffer (specified with <<size-units,size units>>).
 Defaults to `network.tcp.receive_buffer_size`.
-
-[http-rest-request-tracer]
-==== REST request tracer
-
-The HTTP layer has a dedicated tracer logger which, when activated, logs incoming requests. The log can be dynamically activated
-by setting the level of the `org.elasticsearch.http.HttpTracer` logger to `TRACE`:
-
-[source,console]
---------------------------------------------------
-PUT _cluster/settings
-{
-   "transient" : {
-      "logger.org.elasticsearch.http.HttpTracer" : "TRACE"
-   }
-}
---------------------------------------------------
-
-You can also control which uris will be traced, using a set of include and exclude wildcard patterns. By default every request will be
-traced.
-
-[source,console]
---------------------------------------------------
-PUT _cluster/settings
-{
-   "transient" : {
-      "http.tracer.include" : "*",
-      "http.tracer.exclude" : ""
-   }
-}
---------------------------------------------------

docs/reference/modules/network.asciidoc

@@ -1,69 +1,74 @@
 [[modules-network]]
-=== Network settings
-
-Elasticsearch binds to localhost only by default.  This is sufficient for you
-to run a local development server (or even a development cluster, if you start
-multiple nodes on the same machine), but you will need to configure some
-<<common-network-settings,basic network settings>> in order to run a real
-production cluster across multiple servers.
+=== Networking
+
+Each {es} node has two different network interfaces. Clients send requests to
+{es}'s REST APIs using its <<http-settings,HTTP interface>>, but nodes
+communicate with other nodes using the <<transport-settings,transport
+interface>>. The transport interface is also used for communication with
+<<modules-remote-clusters,remote clusters>>.
+
+You can configure both of these interfaces at the same time using the
+`network.*` settings. If you have a more complicated network, you might need to
+configure the interfaces independently using the `http.*` and `transport.*`
+settings. Where possible, use the `network.*` settings that apply to both
+interfaces to simplify your configuration and reduce duplication.
+
+By default {es} binds only to `localhost` which means it cannot be accessed
+remotely. This configuration is sufficient for a local development cluster made
+of one or more nodes all running on the same host. To form a cluster across
+multiple hosts, or which is accessible to remote clients, you must adjust some
+<<common-network-settings,network settings>> such as `network.host`.
 
 [WARNING]
 .Be careful with the network configuration!
 =============================
-Never expose an unprotected node to the public internet.
+Never expose an unprotected node to the public internet. If you do, you are
+permitting anyone in the world to download, modify, or delete any of the data
+in your cluster.
 =============================
 
+Configuring {es} to bind to a non-local address will <<dev-vs-prod,convert some
+warnings into fatal exceptions>>. If a node refuses to start after configuring
+its network settings then you must address the logged exceptions before
+proceeding.
+
 [[common-network-settings]]
 ==== Commonly used network settings
 
+Most users will need to configure only the following network settings.
+
 `network.host`::
 (<<static-cluster-setting,Static>>)
-The node will bind to this hostname or IP address and _publish_ (advertise)
-this host to other nodes in the cluster. Accepts an IP address, hostname, a
-<<network-interface-values,special value>>, or an array of any combination of
-these. Note that any values containing a `:` (e.g., an IPv6 address or
-containing one of the <<network-interface-values,special values>>) must be
-quoted because `:` is a special character in YAML. `0.0.0.0` is an acceptable
-IP address and will bind to all network interfaces. The value `0` has the
-same effect as the value `0.0.0.0`.
+Sets the address of this node for both HTTP and transport traffic. The node
+will bind to this address and will also use it as its publish address. Accepts
+an IP address, a hostname, or a <<network-interface-values,special value>>.
 +
 Defaults to `_local_`.
 
-`discovery.seed_hosts`::
-(<<static-cluster-setting,Static>>)
-In order to join a cluster, a node needs to know the hostname or IP address of
-at least some of the other nodes in the cluster.  This setting provides the
-initial list of addresses this node will try to contact. Accepts IP addresses
-or hostnames. If a hostname lookup resolves to multiple IP addresses then each
-IP address will be used for discovery.
-{wikipedia}/Round-robin_DNS[Round robin DNS] -- returning a
-different IP from a list on each lookup -- can be used for discovery; non-
-existent IP addresses will throw exceptions and cause another DNS lookup on the
-next round of pinging (subject to <<networkaddress-cache-ttl,JVM DNS
-caching>>).
-+
-Defaults to `["127.0.0.1", "[::1]"]`.
-
 `http.port`::
 (<<static-cluster-setting,Static>>)
-Port to bind to for incoming HTTP requests. Accepts a single value or a range.
-If a range is specified, the node will bind to the first available port in the
-range.
+The port to bind for HTTP client communication. Accepts a single value or a
+range. If a range is specified, the node will bind to the first available port
+in the range.
 +
 Defaults to `9200-9300`.
 
 `transport.port`::
 (<<static-cluster-setting,Static>>)
-Port to bind for communication between nodes. Accepts a single value or a
+The port to bind for communication between nodes. Accepts a single value or a
 range. If a range is specified, the node will bind to the first available port
-in the range.
+in the range. Set this setting to a single port, not a range, on every
+master-eligible node.
 +
 Defaults to `9300-9400`.
 
 [[network-interface-values]]
-==== Special values for `network.host`
+==== Special values for network addresses
 
-The following special values may be passed to `network.host`:
+You can configure {es} to automatically determine its addresses by using the
+following special values. Use these values when configuring
+`network.host`, `network.bind_host`, `network.publish_host`, and the
+corresponding settings for the HTTP and transport interfaces.
 
 `_local_`::
   Any loopback addresses on the system, for example `127.0.0.1`.
@@ -79,12 +84,20 @@ The following special values may be passed to `network.host`:
   example if you wish to use the addresses of an interface called `en0` then
   set `network.host: _en0_`.
 
+`0.0.0.0`::
+  The addresses of all available network interfaces.
+
+NOTE: Any values containing a `:` (e.g. an IPv6 address or some of the
+<<network-interface-values,special values>>) must be quoted because `:` is a
+special character in YAML.
+
 [[network-interface-values-ipv4-vs-ipv6]]
 ===== IPv4 vs IPv6
 
-These special values will work over both IPv4 and IPv6 by default, but you can
-also limit this with the use of `:ipv4` of `:ipv6` specifiers. For example,
-`_en0:ipv4_` would only bind to the IPv4 addresses of interface `en0`.
+These special values yield both IPv4 and IPv6 addresses by default, but you can
+also add an `:ipv4` or `:ipv6` suffix to limit them to just IPv4 or IPv6
+addresses respectively. For example, `network.host: _en0:ipv4_` would set this
+node's addresses to the IPv4 addresses of interface `en0`.
 
 [TIP]
 .Discovery in the Cloud
@@ -97,39 +110,88 @@ installed.
 
 ================================
 
+[[modules-network-binding-publishing]]
+==== Binding and publishing
+
+{es} uses network addresses for two distinct purposes known as binding and
+publishing. Most nodes will use the same address for everything, but more
+complicated setups may need to configure different addresses for different
+purposes.
+
+When an application such as {es} wishes to receive network communications, it
+must indicate to the operating system the address or addresses whose traffic it
+should receive. This is known as _binding_ to those addresses. {es} can bind to
+more than one address if needed, but most nodes only bind to a single address.
+{es} can only bind to an address if it is running on a host that has a network
+interface with that address. If necessary, you can configure the transport and
+HTTP interfaces to bind to different addresses.
+
+Each {es} node has an address at which clients and other nodes can contact it,
+known as its _publish address_. Each node has one publish address for its HTTP
+interface and one for its transport interface. These two addresses can be
+anything, and don't need to be addresses of the network interfaces on the host.
+The only requirements are that each node must be:
+
+* Accessible at its transport publish address by all other
+  nodes in its cluster, and by any remote clusters that will discover it using
+  <<sniff-mode>>.
+
+* Accessible at its HTTP publish address by all clients
+  that will discover it using sniffing.
+
+===== Using a single address
+
+The most common configuration is for {es} to bind to a single address at which
+it is accessible to clients and other nodes. In this configuration you should
+just set `network.host` to that address. You should not separately set any bind
+or publish addresses, nor should you separately configure the addresses for the
+HTTP or transport interfaces.
+
+===== Using multiple addresses
+
+Use the <<advanced-network-settings, advanced network settings>> if you wish to
+bind {es} to multiple addresses, or to publish a different address from the
+addresses to which you are binding. Set `network.bind_host` to the bind
+addresses, and `network.publish_host` to the address at which this node is
+exposed. In complex configurations, you can configure these addresses
+differently for the HTTP and transport interfaces.
+
 [[advanced-network-settings]]
 ==== Advanced network settings
 
-The `network.host` setting explained in <<common-network-settings,Commonly used network settings>>
-is a shortcut which sets the _bind host_ and the _publish host_ at the same
-time. In advanced used cases, such as when running behind a proxy server, you
-may need to set these settings to different values:
+These advanced settings let you bind to multiple addresses, or to use different
+addresses for binding and publishing. They are not required in most cases and
+you should not use them if you can use the <<common-network-settings,commonly
+used settings>> instead.
 
 `network.bind_host`::
-This specifies which network interface(s) a node should bind to in order to
-listen for incoming requests.  A node can bind to multiple interfaces, e.g.
-two network cards, or a site-local address and a local address. Defaults to
-`network.host`.
+(<<static-cluster-setting,Static>>)
+The network address(es) to which the node should bind in order to listen for
+incoming connections. Accepts a list of IP addresses, hostnames, and
+<<network-interface-values,special values>>. Defaults to the address given by
+`network.host`. Use this setting only if binding to multiple addresses or using
+different addresses for publishing and binding.
 
 `network.publish_host`::
-The publish host is the single interface that the node advertises to other nodes
-in the cluster, so that those nodes can connect to it. Currently an
-Elasticsearch node may be bound to multiple addresses, but only publishes one.
-If not specified, this defaults to the ``best'' address from `network.host`,
-sorted by IPv4/IPv6 stack preference, then by reachability. If you set a
-`network.host` that results in multiple bind addresses yet rely on a specific
-address for node-to-node communication, you should explicitly set
-`network.publish_host`.
-
-Both of the above settings can be configured just like `network.host` -- they
-accept IP addresses, host names, and
-<<network-interface-values,special values>>.
+(<<static-cluster-setting,Static>>)
+The network address that clients and other nodes can use to contact this node.
+Accepts an IP address, a hostname, or a <<network-interface-values,special
+value>>. Defaults to the address given by `network.host`. Use this setting only
+if bindiing to multiple addresses or using different addresses for publishing
+and binding.
+
+NOTE: You can specify a list of addresses for `network.host` and
+`network.publish_host`. You can also specify a single hostname which resolves
+to multiple addresses. If you do this then {es} chooses one of the addresses
+for its publish address. This choice uses heuristics based on IPv4/IPv6 stack
+preference and reachability and may change when the node restarts. You must
+make sure that each node is accessible at all possible publish addresses.
 
 [[tcp-settings]]
 ===== Advanced TCP settings
 
-Any component that uses TCP (like the <<modules-http,HTTP>> and
-<<modules-transport,transport>> layers) share the following settings:
+Use the following settings to control the low-level parameters of the TCP
+connections used by the HTTP and transport interfaces.
 
 `network.tcp.no_delay`::
 (<<static-cluster-setting,Static>>)
@@ -179,18 +241,8 @@ By default not explicitly set.
 The size of the TCP receive buffer (specified with <<size-units,size units>>).
 By default not explicitly set.
 
-[discrete]
-=== HTTP and transport network communication
-
-Each {es} node uses the network for two different methods of communication:
-
-* it exposes an <<modules-http,HTTP interface>> for use by clients.
+include::http.asciidoc[]
 
-* it exposes a <<modules-transport,transport interface>> for communication
-between nodes within a cluster and for communication with a
-<<modules-remote-clusters,remote cluster>>.
+include::transport.asciidoc[]
 
-The network settings described above apply to both methods of communication,
-and you can also configure each interface separately if needed. See the
-<<modules-http,HTTP>> and <<modules-transport,transport>> pages for more
-details on their respective configurations.
+include::network/tracers.asciidoc[]

docs/reference/modules/network/tracers.asciidoc

@@ -0,0 +1,69 @@
+==== Request tracing
+
+You can trace individual requests made on the HTTP and transport layers.
+
+WARNING: Tracing can generate extremely high log volumes that can destabilize
+your cluster. Do not enable request tracing on busy or important clusters.
+
+[[http-rest-request-tracer]]
+===== REST request tracer
+
+The HTTP layer has a dedicated tracer that logs incoming requests and the
+corresponding outgoing responses. Activate the tracer by setting the level of
+the `org.elasticsearch.http.HttpTracer` logger to `TRACE`:
+
+[source,console]
+--------------------------------------------------
+PUT _cluster/settings
+{
+   "transient" : {
+      "logger.org.elasticsearch.http.HttpTracer" : "TRACE"
+   }
+}
+--------------------------------------------------
+
+You can also control which URIs will be traced, using a set of include and
+exclude wildcard patterns. By default every request will be traced.
+
+[source,console]
+--------------------------------------------------
+PUT _cluster/settings
+{
+   "transient" : {
+      "http.tracer.include" : "*",
+      "http.tracer.exclude" : ""
+   }
+}
+--------------------------------------------------
+
+[[transport-tracer]]
+===== Transport tracer
+
+The transport layer has a dedicated tracer that logs incoming and outgoing
+requests and responses. Activate the tracer by setting the level of the
+`org.elasticsearch.transport.TransportService.tracer` logger to `TRACE`:
+
+[source,console]
+--------------------------------------------------
+PUT _cluster/settings
+{
+   "transient" : {
+      "logger.org.elasticsearch.transport.TransportService.tracer" : "TRACE"
+   }
+}
+--------------------------------------------------
+
+You can also control which actions will be traced, using a set of include and
+exclude wildcard patterns. By default every request will be traced except for
+fault detection pings:
+
+[source,console]
+--------------------------------------------------
+PUT _cluster/settings
+{
+   "transient" : {
+      "transport.tracer.include" : "*",
+      "transport.tracer.exclude" : "internal:coordination/fault_detection/*"
+   }
+}
+--------------------------------------------------

docs/reference/modules/node.asciidoc

@@ -5,10 +5,9 @@ Any time that you start an instance of {es}, you are starting a _node_. A
 collection of connected nodes is called a <<modules-cluster,cluster>>. If you
 are running a single node of {es}, then you have a cluster of one node.
 
-Every node in the cluster can handle <<modules-http,HTTP>> and
-<<modules-transport,Transport>> traffic by default. The transport layer is used
-exclusively for communication between nodes; the HTTP layer is used by REST
-clients.
+Every node in the cluster can handle <<modules-network,HTTP and transport>>
+traffic by default. The transport layer is used exclusively for communication
+between nodes; the HTTP layer is used by REST clients.
 [[modules-node-description]]
 // tag::modules-node-description-tag[]
 All nodes know about all the other nodes in the cluster and can forward client

docs/reference/modules/remote-clusters.asciidoc

@@ -12,7 +12,7 @@ remote cluster using one of two connection modes:
 * <<sniff-mode,Sniff mode>>
 * <<proxy-mode,Proxy mode>>
 
-Your local cluster uses the <<modules-transport,transport layer>> to establish
+Your local cluster uses the <<modules-network,transport layer>> to establish
 communication with remote clusters. The coordinating nodes in the local cluster
 establish <<long-lived-connections,long-lived>> TCP connections with specific
 nodes in the remote cluster. {es} requires these connections to remain open,
@@ -229,7 +229,7 @@ cluster:
 <1> `cluster_one`, `cluster_two`, and `cluster_three` are arbitrary _cluster aliases_
 representing the connection to each cluster. These names are subsequently used to
 distinguish between local and remote indices.
-<2> The hostname and <<modules-transport,transport>> port (default: 9300) of a
+<2> The hostname and <<transport-settings,transport port>> (default: 9300) of a
 seed node in the remote cluster.
 <3> A keep-alive ping is configured for `cluster_one`.
 <4> The configured connection mode. By default, this is <<sniff-mode,`sniff`>>, so

docs/reference/modules/transport.asciidoc

@@ -1,45 +1,55 @@
-[[modules-transport]]
-=== Transport
-
-Clients send requests to your {es} cluster over <<modules-http,HTTP>>, but the
-node that receives a client request cannot always handle it alone and must
-normally pass it on to other nodes for further processing. It does this using
-the transport networking layer. The transport layer is used for all internal
-communication between nodes within a cluster, and also for all communication
-with the nodes of a <<modules-remote-clusters,remote cluster>>.
-
 [[transport-settings]]
 ==== Transport settings
 
-The following settings can be configured for the internal transport that
-communicates over TCP. These settings also use the common
-<<modules-network,network settings>>.
+Use the following settings to configure the transport interface
+independently of the <<http-settings,HTTP interface>>. Use the
+<<common-network-settings,network
+settings>> to configure both interfaces together.
 
 `transport.port`::
 (<<static-cluster-setting,Static>>)
-A bind port range. Defaults to `9300-9400`.
+The port to bind for communication between nodes. Accepts a single value or a
+range. If a range is specified, the node will bind to the first available port
+in the range. Set this setting to a single port, not a range, on every
+master-eligible node.
++
+Defaults to `9300-9400`.
 
-`transport.publish_port`::
+`transport.host`::
 (<<static-cluster-setting,Static>>)
-The port that other nodes in the cluster
-should use when communicating with this node. Useful when a cluster node
-is behind a proxy or firewall and the `transport.port` is not directly
-addressable from the outside. Defaults to the actual port assigned via
-`transport.port`.
+Sets the address of this node for transport traffic. The node will bind to this
+address and will also use it as its transport publish address. Accepts an IP
+address, a hostname, or a <<network-interface-values,special value>>.
+Use this setting only if you require different configurations for the
+transport and HTTP interfaces.
++
+Defaults to the address given by `network.host`.
 
 `transport.bind_host`::
 (<<static-cluster-setting,Static>>)
-The host address to bind the transport service to. Defaults to
-`transport.host` (if set) or `network.bind_host`.
+The network address(es) to which the node should bind in order to listen for
+incoming transport connections. Accepts a list of IP addresses, hostnames, and
+<<network-interface-values,special values>>. Defaults to the address given by
+`transport.host` or `network.bind_host`. Use this setting only if you require
+to bind to multiple addresses or to use different addresses for publishing and
+binding, and you also require different binding configurations for the
+transport and HTTP interfaces.
 
 `transport.publish_host`::
 (<<static-cluster-setting,Static>>)
-The host address to publish for nodes in the cluster to connect to.
-Defaults to `transport.host` (if set) or `network.publish_host`.
+The network address at which the node can be contacted by other nodes. Accepts
+an IP address, a hostname, or a <<network-interface-values,special value>>.
+Defaults to the address given by `transport.host` or `network.publish_host`.
+Use this setting only if you require to bind to multiple addresses or to use
+different addresses for publishing and binding, and you also require different
+binding configurations for the transport and HTTP interfaces.
 
-`transport.host`::
+`transport.publish_port`::
 (<<static-cluster-setting,Static>>)
-Used to set the `transport.bind_host` and the `transport.publish_host`.
+The port of the <<modules-network-binding-publishing,transport publish
+address>>. Set this parameter only if you need the publish port to be
+different from `transport.port`. Defaults to the port assigned via
+`transport.port`.
 
 `transport.connect_timeout`::
 (<<static-cluster-setting,Static>>)
@@ -153,7 +163,7 @@ Nonetheless, Elasticsearch requires these connections to remain open, and it
 can disrupt the operation of your cluster if any inter-node connections are
 closed by an external influence such as a firewall. It is important to
 configure your network to preserve long-lived idle connections between
-Elasticsearch nodes, for instance by leaving `tcp.keep_alive` enabled and
+Elasticsearch nodes, for instance by leaving `*.tcp.keep_alive` enabled and
 ensuring that the keepalive interval is shorter than any timeout that might
 cause idle connections to be closed, or by setting `transport.ping_schedule` if
 keepalives cannot be configured. Devices which drop connections when they reach
@@ -183,34 +193,3 @@ The compression settings do not configure compression for responses. {es} will
 compress a response if the inbound request was compressed--even when compression
 is not enabled. Similarly, {es} will not compress a response if the inbound
 request was uncompressed--even when compression is enabled.
-
-
-[[transport-tracer]]
-==== Transport tracer
-
-The transport layer has a dedicated tracer logger which, when activated, logs incoming and out going requests. The log can be dynamically activated
-by setting the level of the `org.elasticsearch.transport.TransportService.tracer` logger to `TRACE`:
-
-[source,console]
---------------------------------------------------
-PUT _cluster/settings
-{
-   "transient" : {
-      "logger.org.elasticsearch.transport.TransportService.tracer" : "TRACE"
-   }
-}
---------------------------------------------------
-
-You can also control which actions will be traced, using a set of include and exclude wildcard patterns. By default every request will be traced
-except for fault detection pings:
-
-[source,console]
---------------------------------------------------
-PUT _cluster/settings
-{
-   "transient" : {
-      "transport.tracer.include" : "*",
-      "transport.tracer.exclude" : "internal:coordination/fault_detection/*"
-   }
-}
---------------------------------------------------

docs/reference/redirects.asciidoc

@@ -933,7 +933,6 @@ See <<settings,Configuring Elasticsearch>> for settings information:
 * <<modules-cluster>>
 * <<modules-discovery-settings>>
 * <<modules-fielddata>>
-* <<modules-http>>
 * <<recovery>>
 * <<indexing-buffer>>
 * <<modules-gateway>>
@@ -944,12 +943,21 @@ See <<settings,Configuring Elasticsearch>> for settings information:
 
 For other information, see:
 
-* <<modules-transport>>
 * <<modules-threadpool>>
 * <<modules-node>>
 * <<modules-plugins>>
 * <<modules-remote-clusters>>
 
+[role="exclude",id="modules-http"]
+=== HTTP
+
+See <<modules-network,Networking>>.
+
+[role="exclude",id="modules-transport"]
+=== Transport
+
+See <<modules-network,Networking>>.
+
 [role="exclude",id="modules-discovery-adding-removing-nodes"]
 === Adding and removing nodes
 

docs/reference/setup.asciidoc

@@ -57,8 +57,6 @@ include::modules/discovery/discovery-settings.asciidoc[]
 
 include::modules/indices/fielddata.asciidoc[]
 
-include::modules/http.asciidoc[]
-
 include::settings/ilm-settings.asciidoc[]
 
 include::modules/indices/index_management.asciidoc[]
@@ -93,8 +91,6 @@ include::settings/slm-settings.asciidoc[]
 
 include::settings/transform-settings.asciidoc[]
 
-include::modules/transport.asciidoc[]
-
 include::modules/threadpool.asciidoc[]
 
 include::settings/notification-settings.asciidoc[]

docs/reference/setup/bootstrap-checks-xes.asciidoc

@@ -73,7 +73,7 @@ required in order to use the token service.
 In particular, if `xpack.security.authc.token.enabled` is
 set to `true` in the `elasticsearch.yml` file, you must also set
 `xpack.security.http.ssl.enabled` to `true`. For more information about these
-settings, see <<security-settings>> and <<modules-http>>.
+settings, see <<security-settings>> and <<http-settings>>.
 
 To pass this bootstrap check, you must enable HTTPS or disable the built-in
 token service.

docs/reference/setup/bootstrap-checks.asciidoc

@@ -24,11 +24,11 @@ documented individually.
 [[dev-vs-prod-mode]]
 === Development vs. production mode
 
-By default, Elasticsearch binds to loopback addresses for <<modules-http,HTTP>>
-and <<modules-transport,transport (internal)>> communication. This is fine for
-downloading and playing with Elasticsearch as well as everyday development, but
-it's useless for production systems. To join a cluster, an Elasticsearch node
-must be reachable via transport communication. To join a cluster via a
+By default, {es} binds to loopback addresses for
+<<modules-network,HTTP and transport (internal) communication>>. This is fine
+for downloading and playing with {es} as well as everyday development,
+but it's useless for production systems. To join a cluster, an {es}
+node must be reachable via transport communication. To join a cluster via a
 non-loopback address, a node must bind transport to a non-loopback address and
 not be using <<single-node-discovery,single-node discovery>>. Thus, we consider
 an Elasticsearch node to be in development mode if it can not form a cluster
@@ -36,7 +36,7 @@ with another machine via a non-loopback address, and is otherwise in production
 mode if it can join a cluster via non-loopback addresses.
 
 Note that HTTP and transport can be configured independently via
-<<modules-http,`http.host`>> and <<modules-transport,`transport.host`>>; this
+<<http-settings,`http.host`>> and <<transport-settings,`transport.host`>>; this
 can be useful for configuring a single node to be reachable via HTTP for testing
 purposes without triggering production mode.
 

docs/reference/setup/important-settings/network-host.asciidoc

@@ -2,30 +2,19 @@
 [discrete]
 === Network host setting
 
-By default, {es} binds to loopback addresses only such as `127.0.0.1`
-and `[::1]`. This binding is sufficient to run a single development node on a
-server.
-
-TIP: more than one node can be started from the same `$ES_HOME`
-location on a single node. This setup can be useful for testing {es}'s
-ability to form clusters, but it is not a configuration recommended for
-production.
-
-To form a cluster with nodes on other servers, your
-node will need to bind to a non-loopback address. While there are many
-<<modules-network,network settings>>, usually all you need to configure is
-`network.host`:
+By default, {es} only binds to loopback addresses such as `127.0.0.1` and
+`[::1]`. This is sufficient to run a cluster of one or more nodes on a single
+server for development and testing, but a
+<<high-availability-cluster-design,resilient production cluster>> must involve
+nodes on other servers. There are many <<modules-network,network settings>> but
+usually all you need to configure is `network.host`:
 
 [source,yaml]
 --------------------------------------------------
 network.host: 192.168.1.10
 --------------------------------------------------
 
-The `network.host` setting also understands some special values such as
-`_local_`, `_site_`, `_global_` and modifiers like `:ip4` and `:ip6`. See
-<<network-interface-values>>.
-
-IMPORTANT: When you provide a custom setting for `network.host`,
-{es} assumes that you are moving from development mode to production
-mode, and upgrades a number of system startup checks from warnings to
-exceptions. See the differences between <<dev-vs-prod,development and production modes>>.
+IMPORTANT: When you provide a value for `network.host`, {es} assumes that you
+are moving from development mode to production mode, and upgrades a number of
+system startup checks from warnings to exceptions. See the differences between
+<<dev-vs-prod,development and production modes>>.

x-pack/docs/en/security/securing-communications/tutorial-tls-intro.asciidoc

@@ -9,8 +9,8 @@ used a cluster with a single {es} node to get up and running with the {stack}.
 
 You can add as many nodes as you want in a cluster but they must be able to
 communicate with each other. The communication between nodes in a cluster is
-handled by the <<modules-transport,transport module>>. To secure your
-cluster, you must ensure that the internode communications are encrypted.
+handled by the <<modules-network,transport module>>. To secure your cluster,
+you must ensure that the internode communications are encrypted.
 
 NOTE: In this tutorial, we add more nodes by installing more copies of {es} on
 the same machine. By default, {es} binds to loopback addresses for HTTP and
@@ -44,4 +44,4 @@ basic license. For more information, see {subscriptions} and
 
 include::tutorial-tls-certificates.asciidoc[]
 include::tutorial-tls-internode.asciidoc[]
-include::tutorial-tls-addnodes.asciidoc[]
+include::tutorial-tls-addnodes.asciidoc[]

x-pack/docs/en/security/using-ip-filtering.asciidoc

@@ -78,7 +78,7 @@ xpack.security.http.filter.enabled: true
 [discrete]
 === Specifying TCP transport profiles
 
-<<modules-transport,TCP transport profiles>>
+<<transport-profiles,TCP transport profiles>>
 enable Elasticsearch to bind on multiple hosts. The {es} {security-features} enable you to apply
 different IP filtering on different profiles.