| Author |
Message
|
| smdavies99 |
 Posted: Tue Oct 02, 2012 11:44 pm Post subject: MQClient Connection Problems |
 |
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
I'm trying to setup a config for an external Client App to connect to our Queue Manager through a 'firewall'. The firewall admins will only open up a few ports for the client to connect. Ok I thought, I can use the following config to restrict the client to these ports.
| Code: |
DEFINE CHANNEL ('XXX.SVRCONN') CHLTYPE(SVRCONN) +
TRPTYPE(TCP) +
MAXMSGL(104857600) +
REPLACE
DEFINE CHANNEL ('XXX.SVRCONN') CHLTYPE(CLNTCONN) +
TRPTYPE(TCP) +
CONNAME('10.10.124.150(1414)') +
LOCLADDR('(10000,10100)') +
DESCR('Client connection Channel for XXXXXXX Application ') +
MAXMSGL(104857600) +
QMNAME('MYMYQM') +
REPLACE
|
so far everything is hunky dory.
After copying the channel table file to a separate PC where I have MQClient 7.0.1.8 (the server is also 7.0.1.8 ) installed and setting up the environment variables I try to put/get messages from the system
Here are my results
| Code: |
C:\Users\client>amqsputc APPL001.OUT MYMYQM
Sample AMQSPUT0 start
target queue is APPL001.OUT
hello world
Sample AMQSPUT0 end
C:\Users\client>amqsgetc APPL001.OUT MYMYQM
Sample AMQSGET0 start
MQCONN ended with reason code 2538
C:\Users\client>amqsgetc BILLING.OUT MYMYQM
Sample AMQSGET0 start
MQCONN ended with reason code 2538
C:\Users\client>amqsgetc APPL001.OUT MYMYQM
Sample AMQSGET0 start
MQCONN ended with reason code 2538
C:\Users\client>amqsgetc APPL001.OUT MYMYQM
Sample AMQSGET0 start
message <hello world>
no more messages
Sample AMQSGET0 end
C:\Users\client>
|
to summarise,
1) I can 'put' to the Queue
2) I can 'get' from the queue only after a period of time.
Is there anyway I can reduce or eminiate this period of time. The Client is a very finniky person and having to wait even a second for his data won't be acceptable (the data is not time critical but...)
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Wed Oct 03, 2012 12:32 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
some further investigation (using netstat) reveals that the Client always tries to use the first port in the port range (10000->10100) rather than a 'random' port in the range.
After the port has been freed (timed out) the connection works again.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 03, 2012 12:58 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Have you considered using MQIPT?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| vmcgloin |
| Posted: Wed Oct 03, 2012 1:18 am Post subject: |
|
|
Knight
Joined: 04 Apr 2002
Posts: 560
Location: Scotland
|
| Does the client connection behave differently if you specify multiple localAddr each starting with a different low port? |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Oct 03, 2012 1:28 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Oct 03, 2012 1:37 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
MQIPT? Ha-ha. That made me smile.
1) the client does not have an MQ Server and AFAIK, you need a QMGR at both ends but it has been about 6yrs since I last looked at MQIPT. Plus, I have to doubt the ability of the client sys admins to configure MQIPT even with detailed instructions.
2) We are on the same site but one part insists in using a Cisco Switch as a firewall thus the proplems with the port.
I've already reduced the keep alive to 30 seconds. I'll try it with 10.
As for the suggestion about the multiple local addr and a different port range. I'll give that a go.
update:
I have set LOCALADDR('192.168.160.245(10000,10100)') but no real difference. I've also set both channel keepalives to 5 seconds.
(the .245) is my the test PC IP addr)
After a period of inactivity I can do TWO consecutive amqsgetc on the queue. Each Time I see (using netstat) the status go to ESTABLISHED.
On the third attempt, the status remains at 'SYN_SENT' and I get the 2538 error again.
Everytime the port used is 10000. It seems that specifing a port range is a waste of time.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Last edited by smdavies99 on Wed Oct 03, 2012 2:04 am; edited 1 time in total |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Oct 03, 2012 2:01 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| You have keepalive set to yes in the mqclient.ini ? |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Oct 03, 2012 2:06 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| zpat wrote: |
| You have keepalive set to yes in the mqclient.ini ? |
Yes. That has been done.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Oct 03, 2012 2:38 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Also increase the socket timeout in mqclient.ini - like this
TCP:
KeepAlive=Yes ; TCP Keepalive on
Connect_Timeout=15 ; Number of seconds before socket timeout |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Oct 03, 2012 3:22 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Adding the connect_timeout param made no difference.
At the monent if you do an amqsgetc and then wait 45 seconds before doing another one it seems to work all the time.
I'm waiting for the Client App developer to let me know how often they try to read data from the queue.
This is far from ideal but given the limitations of the firewall then it may have to do.
It is sad that MQ does not randomly choose the port from the available list but that might be a feature of the TCP/IP Stack that Microsoft has implemented.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 03, 2012 3:35 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Have those ports definitely been reserved for use by you only, or are they from a pool of ports your firewall people will allow generic use of?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Oct 03, 2012 3:55 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| exerk wrote: |
| Have those ports definitely been reserved for use by you only, or are they from a pool of ports your firewall people will allow generic use of? |
Yes they have. However at the moment I'm testing from a PC inside the firewall. All the results so far are from that setup. Only port 10000 seems to be used.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 03, 2012 4:31 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
I'm a little confused here, and concerned that you are not testing what you think you're testing.
If the firewall admins say that you can only use certain ports, I'd think you would have to configure the *listener* on those ports. LocalAddr configures the port on the client machine, not what port it will attempt to connect to on the server.
I'm also a little confused about your tests. Is your app really going to be opening and closing connections in this kind of a pattern? Or is it going to do the sensible thing and open one connection and keep it open?
Otherwise, I'd thought vmcgloin's suggestion was to set localaddr to something like "(10000,10100),(10001,10100),(10002,10100)"... |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Oct 03, 2012 4:58 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Here is the situation.
The firewall is open for port 1414 and a range of other ports (10000->10100) ONLY.
So I have to configure hot MQ uses TCP/IP ports for the request which are normally a random port number. For this I am using the LOCALADDR param of an CLNTCONN Channel.
The Listener is all configured and workd for a number of other connections.
The firewall is controlled by another entity than the one whoom I'm delivering this system to.
Yes, the application (written by yet another company) does periodic MQCONN/MQOPEN/MQGET/MQCLOSE/MQDISC operations. Quite how frequent those are I have yet to find out and if they can be slowed down. At the moment I'm seeing them (the firewall is temporarily wide open) every 30 seconds or so. And yes I know this is really awful programming especially as the data they are getting is non time critical.
So I have to try to make the connection work as best I can within those constraints.
Using multiple port ranges didn't seem to make any difference.
with netstat -a I see this
| Code: |
TCP 192.168.160.254:10000 XXX-WMB:1414 ESTABLISHED
|
When I repeat the amqsgetc right after the first one completes the above changes to
| Code: |
TCP 192.168.160.254:10000 XXX-WMB:1414 SYN-SENT
|
and stays there until the 2538 error is reported.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
|
|
