ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » Citrix NetScaler - load balancer

Post new topic  Reply to topic
 Citrix NetScaler - load balancer « View previous topic :: View next topic » 
Author Message
RogerLacroix
PostPosted: Wed Jun 06, 2018 7:29 am    Post subject: Citrix NetScaler - load balancer Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

All,

I'm trying to help out a customer who's network team just implemented a load balancer called: Citrix NetScaler.

The problem they are having is that when the queue manager's MCA receives an incoming connection, the IP address is that of the load balancer and not the client. They were told to use the "X-Forwarded-For" header but MQ does not use http/https communication but rather TCP/IP.

Is anyone using a load balancer called Citrix NetScaler? How did you configure the load balancer to send the client IP address rather than the load balancer's IP address?

Any help would be greatly appreciated.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
ubearcat
PostPosted: Mon Aug 19, 2019 12:07 pm    Post subject: Reply with quote

Newbie

Joined: 03 Oct 2018
Posts: 6

was this ever solved? Having issues and am using a netscaler...
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Mon Aug 19, 2019 12:30 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

Here's what I found and gave to the customer:

(1) New NetScaler Feature! Client IP Header Insertion for TCP/IP
https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/

(2) Here are the instructions (referenced at the very bottom of blog posting):
https://support.citrix.com/article/CTX205670

The only question is 'does MQ support 3-way TCP handshake'?

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
fjb_saper
PostPosted: Tue Aug 20, 2019 5:27 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

RogerLacroix wrote:
The only question is 'does MQ support 3-way TCP handshake'?

Regards,
Roger Lacroix
Capitalware Inc.

MQIPT would have us believe the answer is Yes
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
tczielke
PostPosted: Tue Aug 20, 2019 10:00 am    Post subject: Reply with quote

Guardian

Joined: 08 Jul 2010
Posts: 939
Location: Illinois, USA

The 3-way handshake they are talking about in those articles is the way the TCP protocol establishes a connection.

1) Client sends a SYN packet to server
2) Server sends a SYN/ACK packet to client
3) Client sends an ACK packet to server

The 3-way handshake is specific to the TCP protocol and MQ would use it implicitly as a by product of making a TCP connection.

What that article is describing of sending an extra record after the handshake probably wouldn't work for IBM MQ, but that is just an assumption on my part. I would like to hear is someone disagrees or has it working.

One workaround is to have the MQ client application pass the client ip address as part of the APPLNAME.
_________________
Working with MQ since 2010.
Back to top
View user's profile Send private message
markt
PostPosted: Tue Aug 20, 2019 11:28 am    Post subject: Reply with quote

Knight

Joined: 14 May 2002
Posts: 502

That article is not very precise. For example
Quote:
For HTTP and SSL services this is done by inserting ClientIP address as HTTP Header on the request to the server.

Do they really mean HTTPS instead of SSL there?

But it is clear that it expects changes to the server application (which would be the qmgr in this case) to see an additional data flow. Which MQ has not been coded to process - I'd expect to get the "unexpected/bad data" FDC appearing instead.

And since this extra data appears right at the start of the session establishment, I also think it's too early for even a channel receive exit to try to do something about interception.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » Citrix NetScaler - load balancer
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.