| Author |
Message
|
| skrv |
 Posted: Sat Feb 09, 2013 7:36 am Post subject: MQ Port conflict Issue with other Application |
 |
|
Centurion
Joined: 26 Oct 2012
Posts: 118
|
Hello,
Good morning MQ gurus.
We have MQ qmgr at 7.0.1.6 and listener port assigned is 1420.
yesterday one of the Enterprise application which also runs on the same server but doesn't use MQ reported to us that - their application is down because their default port 46464 is been used by MQ.
When we checked MQ, we see that MQ for it's outbound communications (CLUSSDR channels) uses random available ports on the system and one of the port happened to be 46464. when MQ picked 46464 port, the other application was down for maintanence.
We opened PMR with IBM and they are saying that we can let MQ use only ports in a range by mentioning that range in LOCLADDR(IP addr (port.low-port.high)) in Cluster SDR and RCVR channels and making sure selecting a range which is not used by others. But we are not totally happy in doing this because we are limiting MQ to a certain range and also tomoorow some other application may have a default port which is currently assigned to MQ.
We want to find out is there any other way for us to resolve this issue permanently, can we tell MQ not to use just that one port 46464, instead asking it only use certain range. Is there any MQ setting that we can use to tell MQ not to use 46464(some Port Exclude list....).
We checked with other application and they don't have the facility of using dynamic ports instead of default port 46464.
Any help in this regard is highly appreciated.
thanks
skrv |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Sat Feb 09, 2013 7:50 am Post subject: Re: MQ Port conflict Issue with other Application |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| skrv wrote: |
We have MQ qmgr at 7.0.1.6 and listener port assigned is 1420.
...
When we checked MQ, we see that MQ for it's outbound communications (CLUSSDR channels) uses random available ports on the system and one of the port happened to be 46464. |
Exactly what type of CLUSSDR? Use runmqsc DIS CHS(*) command. CLUSSDR? CLUSSDRA? CLUSSDRB?
How did you assign port 1420 to this qmgr, to this CLUSSDR channel?
Post your CLUSSDR channel definition here.
Post your CLUSRCVR channel definition here.
Post your listener definition here.
What kind of virtual ip addressing (VIPA) solution do you have in place?
WMQ does not select ports whimsically.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| skrv |
| Posted: Sat Feb 09, 2013 8:08 am Post subject: |
|
|
Centurion
Joined: 26 Oct 2012
Posts: 118
|
dis chl(TO.PL1CN3005)
1 : dis chl(TO.PL1CN3005)
AMQ8414: Display Channel details.
CHANNEL(TO.PL1CN3005) CHLTYPE(CLUSRCVR)
ALTDATE(2012-12-24) ALTTIME(13.27.57)
BATCHHB(0) BATCHINT(0)
BATCHSZ(50) CLUSNL(PROD_CHL)
CLUSTER( ) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME(e48l005p.cmssvc.local(1420)) CONVERT(NO)
DESCR( ) DISCINT(60)
HBINT(30) KAINT(AUTO)
LOCLADDR( ) LONGRTY(0)
LONGTMR(0) MAXMSGL(5242880)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NETPRTY(0)
NPMSPEED(FAST) PROPCTL(COMPAT)
PUTAUT(DEF) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SHORTRTY(5) SHORTTMR(10)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
========================================================================
dis chl(TO.PL1CN4002)
2 : dis chl(TO.PL1CN4002)
AMQ8414: Display Channel details.
CHANNEL(TO.PL1CN4002) CHLTYPE(CLUSSDR)
ALTDATE(2012-12-24) ALTTIME(13.28.55)
BATCHHB(0) BATCHINT(0)
BATCHSZ(50) CLUSNL(PROD_CHL)
CLUSTER( ) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME(e49l002p.cmssvc.local(1420)) CONVERT(NO)
DESCR( ) DISCINT(60)
HBINT(30) KAINT(AUTO)
LOCLADDR( ) LONGRTY(0)
LONGTMR(0) MAXMSGL(5242880)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MSGDATA( )
MSGEXIT( ) NPMSPEED(FAST)
PASSWORD( ) PROPCTL(COMPAT)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(5)
SHORTTMR(10) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USERID( )
===========================================================================
dis listener(LSTNR)
4 : dis listener(LSTNR)
AMQ8630: Display listener information details.
LISTENER(LSTNR) CONTROL(QMGR)
TRPTYPE(TCP) PORT(1420)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(2012-05-30)
ALTTIME(10.50.33)
===========================================================================
Port Conflict: I have masked the IPs
local IP is : 111.11.111.111
Remote IPs: rest of them
[mqm@e48l005p ~]# lsof -i -nP | grep 1420
runmqlsr 2913 mqm 3u IPv6 9143 0t0 TCP *:1420 (LISTEN)
amqrmppa 2954 mqm 5u IPv4 5512673 0t0 TCP 111.11.111.111:45691->777.77.777.777:1420 (ESTABLISHED)
amqrmppa 2954 mqm 7u IPv4 5543594 0t0 TCP 111.11.111.111:33557->22.2.22.222:1420 (ESTABLISHED)
amqrmppa 2954 mqm 8u IPv4 5598495 0t0 TCP 111.11.111.111:46464->33.3.33.333:1420 (ESTABLISHED)
amqrmppa 2954 mqm 12u IPv6 5543583 0t0 TCP 111.11.111.111:1420->22.2.22.222:42961 (ESTABLISHED)
amqrmppa 2954 mqm 14u IPv4 5513214 0t0 TCP 111.11.111.111:43518->444.44.444.444:1420 (ESTABLISHED)
amqrmppa 2954 mqm 15u IPv6 5598138 0t0 TCP 111.11.111.111:1420->33.3.33.333:59274 (ESTABLISHED)
amqrmppa 2954 mqm 16u IPv6 5513217 0t0 TCP 111.11.111.111:1420->555.55.555.5:42030 (ESTABLISHED)
amqrmppa 2954 mqm 17u IPv6 6602524 0t0 TCP 111.11.111.111:1420->666.66.666.6:49400 (ESTABLISHED)
amqrmppa 2954 mqm 18u IPv6 5625847 0t0 TCP 111.11.111.111:1420->444.44.444.444:37037 (ESTABLISHED)
amqrmppa 2954 mqm 19u IPv6 5620317 0t0 TCP 111.11.111.111:1420->777.77.777.777:40882 (ESTABLISHED)
==============================================================================
IBM says: MQ will use random dynamic ports for outbound communications (CLUSSDR channels), If you see above output it says same thing. all CLUSSDRs are using different ports than 1420 and CLUSRCVRs are using 1420. I verified several QMGRS and the behaviour is same.
Link: http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/topic/com.ibm.mq.csqzae.doc/ic11740_.htm
============================================================================== |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat Feb 09, 2013 9:01 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
I'm amazed your cluster channels work at all since no cluster is named in the cluster() attribute.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| skrv |
| Posted: Sat Feb 09, 2013 9:26 am Post subject: |
|
|
Centurion
Joined: 26 Oct 2012
Posts: 118
|
We use Cluster Namelist.
CLUSNL(PROD_CHL)
Namelist will have cluster names. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Feb 09, 2013 9:35 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
This is not the epic disaster you are expecting it to turn into.
The only time you really need to specify LOCLADDR is for very specialized network layouts, where all ports into and out of a given machine need to be assigned and audited and monitored and controlled.
It is astoundingly easy and relatively low impact to alter the ports that any given queue manager uses - particularly where clusters are in use.
It also represents a significant failure in change control processes if some new application gets installed and chooses a port that is already in use. This absolutely should not cause production impact, as it absolutely should have been identified and managed and modified before deployment in the preproduction setup. |
|
| Back to top |
|
|
| skrv |
| Posted: Sat Feb 09, 2013 9:51 am Post subject: |
|
|
Centurion
Joined: 26 Oct 2012
Posts: 118
|
ok.
do we need to change LOCLADDR on both CLUSSDR and CLUSRDVR channels?
because we see CLUSRCVRs are using 1420 all the time, which is good. But if we change LOCLADDR on CLUSRCVRs as well and mention a range of ports then we might have issue right? But for some reason IBM told us to change on both the channels.
thanks |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Feb 09, 2013 10:38 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| skrv wrote: |
ok.
do we need to change LOCLADDR on both CLUSSDR and CLUSRDVR channels? |
You need to understand what LOCLADDR does.
You need to understand how cluster channels work and are defined.
| skrv wrote: |
| because we see CLUSRCVRs are using 1420 all the time, which is good. But if we change LOCLADDR on CLUSRCVRs as well and mention a range of ports then we might have issue right? |
Again, this is not an issue, except where it is caused by extremely poor planning and execution on the part of your organization.
And IBM doesn't tell you to do something "for some reason". They tell you to do something because it is either the correct thing to do, or because you have specifically asked how to do it. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat Feb 09, 2013 12:33 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
You are looking for a technical solution to a management problem.
Ports cannot be shared. Ports need to be allocated to applications. Allocating/assigning ports is most often done by network management personnel. Port addressing conflicts are due to lack of management controls.
What if someone in your organization attempts to use port 80 or 443?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| skrv |
| Posted: Sat Feb 09, 2013 1:40 pm Post subject: |
|
|
Centurion
Joined: 26 Oct 2012
Posts: 118
|
I know it's a management issue at high level, but at my level am trying to address the issue in hand. I can't go and tell them it's your mistake right?
am only asking technical things to address the issue in hand.
thanks for your suggestions. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat Feb 09, 2013 2:13 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| skrv wrote: |
| I can't go and tell them it's your mistake right? |
First, you are not at fault for application failures (outages) caused by others who pick ports randomly. You are, however, ethically and morally obligated to bring this issue up to those who can resolve it organization-wide.
Again I ask, what if some developer decides to use port 80? Port 443? These, like your 1420, have other uses in your organization.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Feb 09, 2013 2:58 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
So if an application decides that it is going to attempt to open one of a range of ports, outgoing, from the same machine as one of the outgoing connections from a queue manager in your cluster...
the application will receive an error. What it does then is entirely determined by that specific application.
If the queue manager attempts to use a port that is already open by another application running on the same machine, it will receive an error.
And then it will try another port. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat Feb 09, 2013 4:40 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Most shops block unused ports at the firewall to prevent this.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Last edited by bruce2359 on Sat Feb 09, 2013 5:11 pm; edited 1 time in total |
|
| Back to top |
|
|
| Vitor |
| Posted: Sat Feb 09, 2013 4:55 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| skrv wrote: |
| I know it's a management issue at high level, but at my level am trying to address the issue in hand. I can't go and tell them it's your mistake right? |
Wrong. You can absolutely tell them it's their mistake.
Their application is trying to use a port which is assigned to WMQ (either deliberately or by allowing WMQ to default to it). As others have said, this is a management problem and as a minimum whoever "owns" port assignment in your network needs to arbitrate who is "right" to be using that port.
To echo the comments of my most worthy associate:
What are you going to do if an application turns up tomorrow which has been coded to use 1420 & can't change? Rework your WMQ topology because you can't tell them they've made a mistake using that port?
If you're nodding your head, you're on a road filled with pain, misery & suffering.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Feb 10, 2013 2:54 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Is the port assignement recorded in the /etc/services file ? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
