| Author |
Message
|
| sebastia |
 Posted: Sat Jun 16, 2007 11:28 am Post subject: when does TCP/IP socket start and end ? |
 |
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
We have a MQ Client than connects to a MQ Server
thru a (Debian) firewall.
It is important that the TCP/IP Socket to be maintained
from the MQ_CONNX(), then MQ_OPEN(), later MQ_PUT(),
until MQ_CLOSE() and MQ_DISC().
Where can I find any info about what time the socket is created,
and when / where it is destroyed, in MQ API calls ?
Thanks. S. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sun Jun 17, 2007 6:50 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I believe this is all internal and proprietary. If you have a specific problem with a channel that has you believing you need to know this open a PMR... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| sebastia |
| Posted: Sun Jun 17, 2007 9:25 am Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
No, mr Saper - we do not have any problem with any channel.
But we are doing a design that relies on a Firewall Router that maps
a socket to a internal IP.
If the socket changes between mq_open() and mq_close(),
crazy results may come out, don't you think ?
Thanks foy your support. S. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Jun 17, 2007 12:53 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| sebastia wrote: |
No, mr Saper - we do not have any problem with any channel.
But we are doing a design that relies on a Firewall Router that maps
a socket to a internal IP.
If the socket changes between mq_open() and mq_close(),
crazy results may come out, don't you think ?
Thanks foy your support. S. |
I believe what you are looking for is described in a red book / red paper.
Can't remember exactly it's been quite a while since I read it last.
It has the required channel definitions and the corresponding firewall definitions. Especially if you have a box with multiple IP's and you want to restrict MQ traffic to a specific IP / range of ports.
You might as well want to look into the MQIPT support pack
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| sebastia |
| Posted: Mon Jun 18, 2007 3:16 am Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Redbook : if you remember any part of the title, drop me aline, please.
sebastiasebas@gmail.com
MQIPT : i shall have a look at the Pass-Thru, but our design still needs that certification .... socket has to be maintained !
Thanks. |
|
| Back to top |
|
|
| jsware |
| Posted: Wed Jun 20, 2007 12:12 am Post subject: |
|
|
Chevalier
Joined: 17 May 2001
Posts: 455
|
| sebastia wrote: |
Redbook : if you remember any part of the title, drop me aline, please.
sebastiasebas@gmail.com
MQIPT : i shall have a look at the Pass-Thru, but our design still needs that certification .... socket has to be maintained !
Thanks. |
Capitalware have the presentation that I think used to be a supportpac but has been removed from IBM's site. See it at http://www.capitalware.biz/dl/docs/MQFirewalls.pdf
_________________
Regards
John
The pain of low quaility far outlasts the joy of low price. |
|
| Back to top |
|
|
| sebastia |
| Posted: Wed Jun 20, 2007 1:29 am Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Thanks a lot, Scott - a very interesting document !
I have heard the "firewall" involved in my customer's project
uses "IPTABLES" and is implemented on "Debian" Linux ...
Does this provide any information to someone ?
Any "product" name ?
Cheers. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Jun 20, 2007 1:43 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
"iptables" is the name for the generic, opensource firewall implementation that comes with almost all Linux distributions these days.
It's like the Windows firewall - except, being Linux it's a) open source, b) useful.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| sebastia |
| Posted: Wed Jun 20, 2007 1:48 am Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Thanks, Jeff - I always use Wikipedia as an "intro" ..
>>> http://en.wikipedia.org/wiki/Iptables
Let me try to explain a bit more :
the product we try to use, maps a range of external IP's to an internal IP.
This way, 10.000 MQ Clients will split they load onto 4 or 8 servers.
But the trick is that the structure is not static.
The Debian "product" (?) polls the internal MQ servers
(using exclusively TCP/IP)
and if any of them dies, his portion of incomming IP's
is distributed among the rest of servers.
That does not look to me as "just iptables" ...
It looks to me as a complete and configurable "product" (?)
Am I wrong ?
S. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Jun 20, 2007 1:59 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I don't know. I haven't done a lot with IPTables. The last time I had to mess with it, I punted and used a tool to handle it instead.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jun 20, 2007 3:00 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| sebastia wrote: |
But the trick is that the structure is not static.
The Debian "product" (?) polls the internal MQ servers
(using exclusively TCP/IP)
and if any of them dies, his portion of incomming IP's
is distributed among the rest of servers. |
IIRC MQ does not take kindly to polling it's ports and will most likely create an FDC for each poll. You might be better off having the clients use a channel table...
Enjoy
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
