| Author |
Message
|
| RogerLacroix |
 Posted: Wed Jun 06, 2018 7:29 am Post subject: Citrix NetScaler - load balancer |
 |
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
All,
I'm trying to help out a customer who's network team just implemented a load balancer called: Citrix NetScaler.
The problem they are having is that when the queue manager's MCA receives an incoming connection, the IP address is that of the load balancer and not the client. They were told to use the "X-Forwarded-For" header but MQ does not use http/https communication but rather TCP/IP.
Is anyone using a load balancer called Citrix NetScaler? How did you configure the load balancer to send the client IP address rather than the load balancer's IP address?
Any help would be greatly appreciated.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
 |
| ubearcat |
| Posted: Mon Aug 19, 2019 12:07 pm Post subject: |
|
|
Newbie
Joined: 03 Oct 2018
Posts: 6
|
| was this ever solved? Having issues and am using a netscaler... |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Mon Aug 19, 2019 12:30 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Aug 20, 2019 5:27 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| RogerLacroix wrote: |
The only question is 'does MQ support 3-way TCP handshake'?
Regards,
Roger Lacroix
Capitalware Inc. |
MQIPT would have us believe the answer is Yes 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| tczielke |
| Posted: Tue Aug 20, 2019 10:00 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
The 3-way handshake they are talking about in those articles is the way the TCP protocol establishes a connection.
1) Client sends a SYN packet to server
2) Server sends a SYN/ACK packet to client
3) Client sends an ACK packet to server
The 3-way handshake is specific to the TCP protocol and MQ would use it implicitly as a by product of making a TCP connection.
What that article is describing of sending an extra record after the handshake probably wouldn't work for IBM MQ, but that is just an assumption on my part. I would like to hear is someone disagrees or has it working.
One workaround is to have the MQ client application pass the client ip address as part of the APPLNAME.
_________________
Working with MQ since 2010. |
|
| Back to top |
|
|
| markt |
| Posted: Tue Aug 20, 2019 11:28 am Post subject: |
|
|
Knight
Joined: 14 May 2002
Posts: 508
|
That article is not very precise. For example
| Quote: |
| For HTTP and SSL services this is done by inserting ClientIP address as HTTP Header on the request to the server. |
Do they really mean HTTPS instead of SSL there?
But it is clear that it expects changes to the server application (which would be the qmgr in this case) to see an additional data flow. Which MQ has not been coded to process - I'd expect to get the "unexpected/bad data" FDC appearing instead.
And since this extra data appears right at the start of the session establishment, I also think it's too early for even a channel receive exit to try to do something about interception. |
|
| Back to top |
|
|
|
|
