ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » IIB processes trying to connect to public IPs

Post new topic  Reply to topic
 IIB processes trying to connect to public IPs « View previous topic :: View next topic » 
Author Message
chaitanyauk
PostPosted: Tue Aug 14, 2018 11:40 pm    Post subject: IIB processes trying to connect to public IPs Reply with quote

Apprentice

Joined: 16 Apr 2017
Posts: 30

Hi Experts,

Facing below weird issue in one of our server.
Bipbroker and DataFlowE services is trying to hitting traffic on firewall for SMTP connection to public ip address continuously.

Following are the process details.

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bipbroker 6881630 iibuser 8r VREG 39,2 2048733 35950 /IBM/iib (/dev/iib_lv)
bipbroker 6881630 iibuser 164r VREG 39,2 366467 35931 /IBM/iib (/dev/iib_lv)
bipbroker 6881630 iibuser 166r VREG 39,2 94344 35932 /IBM/iib (/dev/iib_lv)
bipbroker 6881630 iibuser 169r VREG 39,2 116639 35933 /IBM/iib (/dev/iib_lv)
bipbroker 6881630 iibuser 171r VREG 39,2 468019 35934 /IBM/iib (/dev/iib_lv)

Any help in this regard would be great.
Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Aug 15, 2018 4:55 am    Post subject: Re: IIB processes trying to connect to public IPs Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

chaitanyauk wrote:
Bipbroker and DataFlowE services is trying to hitting traffic on firewall for SMTP connection to public ip address continuously.


That's not the greatest problem description I've ever heard.

Are you indicating that your network people are complaining about traffic on the firewall? A large number of messages in the broker logs? What?


chaitanyauk wrote:
Any help in this regard would be great.


Ask whoever writes the flows hosted in that Broker/EG combination why they've got an EMailOutput node pointing to a public IP address, and (if they have some sensible reason for doing that rather than an internal SMTP server) why they didn't ask for the firewall to be opened.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
chaitanyauk
PostPosted: Wed Aug 15, 2018 9:05 am    Post subject: Reply with quote

Apprentice

Joined: 16 Apr 2017
Posts: 30

Quote:
Ask whoever writes the flows hosted in that Broker/EG combination why they've got an EMailOutput node pointing to a public IP address, and (if they have some sensible reason for doing that rather than an internal SMTP server) why they didn't ask for the firewall to be opened.


The flow does have an Email Output node but no IP has been configured to send any messages.
The bipbroker process is trying to send messages via ports 359xx to random IPs on to the port 25.

Quote:
Are you indicating that your network people are complaining about traffic on the firewall? A large number of messages in the broker logs? What?

Not IIB logs, but OS level logs.


Does IIB send some usage statistics, resource statistics to their servers? I am just suspecting this, not sure.



Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Aug 15, 2018 9:42 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

chaitanyauk wrote:
The flow does have an Email Output node but no IP has been configured to send any messages.


So the flow is running, has a connected Email Output node and there's no configuration for the SMTP server it should use? Explain to me how this makes sense.

chaitanyauk wrote:
The bipbroker process is trying to send messages via ports 359xx to random IPs on to the port 25.


So you've a flow sending a message tree to an Email Output node that's not be told what IP address to use for the SMTP server, and you're surprised that it's using random IP addresses? Why is this surprising? Or perhaps a better question is what exactly did you expect the Email Output node to do in this circumstance???

chaitanyauk wrote:
Quote:
Are you indicating that your network people are complaining about traffic on the firewall? A large number of messages in the broker logs? What?

Not IIB logs, but OS level logs.


Which you expect as this poor node thrashes round randomly trying to send emails.

chaitanyauk wrote:
Does IIB send some usage statistics, resource statistics to their servers? I am just suspecting this, not sure.


Yes it does. If you'd looked up "resource statistics" in the product documentation, you'd have found a wealth of information and you'd have been sure.

But you clearly didn't look up the Email Output node either, because you "suspect" it should be doing something other than what it's doing.


_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
chaitanyauk
PostPosted: Wed Aug 15, 2018 10:42 pm    Post subject: Reply with quote

Apprentice

Joined: 16 Apr 2017
Posts: 30

Quote:
So the flow is running, has a connected Email Output node and there's no configuration for the SMTP server it should use? Explain to me how this makes sense.


The Email Output node is now configured with internal SMTP server and not public IPs and problem still exist.
Since the messages are hitting firewall continously to send messages to random IPs, this is surprising.

Quote:

So you've a flow sending a message tree to an Email Output node that's not be told what IP address to use for the SMTP server, and you're surprised that it's using random IP addresses? Why is this surprising? Or perhaps a better question is what exactly did you expect the Email Output node to do in this circumstance???


So, if no IPs configured, why would broker pick some random IPs and try to send traffic via some random ports???

Quote:
Yes it does. If you'd looked up "resource statistics" in the product documentation, you'd have found a wealth of information and you'd have been sure.

I am not talking about the "flow Resource statistics" which I am well aware of. I am talking about usage statistics to "IBM Servers".
Back to top
View user's profile Send private message
abhi_thri
PostPosted: Wed Aug 15, 2018 10:43 pm    Post subject: Reply with quote

Knight

Joined: 17 Jul 2017
Posts: 516
Location: UK

chaitanyauk wrote:
The flow does have an Email Output node but no IP has been configured to send any messages.


hi...I suggest you take a closer look at how/where the email host/IPs are configured, I guess it could be via the Email config service if it is not explicitly set at the flow level, have a chat with the Dev team and see.
Back to top
View user's profile Send private message
chaitanyauk
PostPosted: Wed Aug 15, 2018 11:37 pm    Post subject: Reply with quote

Apprentice

Joined: 16 Apr 2017
Posts: 30

Quote:

hi...I suggest you take a closer look at how/where the email host/IPs are configured, I guess it could be via the Email config service if it is not explicitly set at the flow level, have a chat with the Dev team and see.


There is no such Email config service.
Back to top
View user's profile Send private message
abhi_thri
PostPosted: Thu Aug 16, 2018 12:20 am    Post subject: Reply with quote

Knight

Joined: 17 Jul 2017
Posts: 516
Location: UK

hi...the Email config service was just an example, your challenge is to figure out how the Smtp host/Ip is set for the flow. So have a look at your deployment framework to see how it is set...could be set directly at the flow, bar overrides, email config service etc.
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Aug 16, 2018 5:01 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

chaitanyauk wrote:
Quote:

hi...I suggest you take a closer look at how/where the email host/IPs are configured, I guess it could be via the Email config service if it is not explicitly set at the flow level, have a chat with the Dev team and see.


There is no such Email config service.


Then how have you configured it?
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Aug 16, 2018 5:02 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

chaitanyauk wrote:
I am talking about usage statistics to "IBM Servers".


What, in this context, do you mean by "IBM Servers"?

Doesn't ring a bell with me.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
PeterPotkay
PostPosted: Thu Aug 16, 2018 4:29 pm    Post subject: Reply with quote

Poobah

Joined: 15 May 2001
Posts: 7717

Vitor wrote:
chaitanyauk wrote:
I am talking about usage statistics to "IBM Servers".


What, in this context, do you mean by "IBM Servers"?

He is asking if IBM buried code in IIB that wakes up periodically on its own and outside of your control to call back to Armonk and Hursley to report on what your IIB installation is doing.

I think its safe to say the answer is "No". Having said that, I do know of some Oracle products that by design "phone home" to automatically open a case and get the ball rolling on replacing hardware components that failed. But that has to be specifically enabled and allowed.


chaitanyauk, how do you know its IIB doing this? The Firewall guys see connections from this server trying to hit an outside IP address. All they know its coming from your server. Why do you think its coming from IIB? Please don't say "Because IIB is the only thing running on this server." Why do you think a BIP process is doing it?

I doubt anything is randomly trying to SMTP to random IP addresses. Almost assuredly, something is very specifically configured to send to those particular IP addresses.
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
LJM
PostPosted: Fri Aug 17, 2018 12:43 am    Post subject: Reply with quote

Novice

Joined: 05 Jul 2018
Posts: 22

i wouls suspect an unconfigured postfix or sendmail is on the box

a ps listing would help,
Back to top
View user's profile Send private message
chaitanyauk
PostPosted: Thu Aug 23, 2018 3:44 am    Post subject: Reply with quote

Apprentice

Joined: 16 Apr 2017
Posts: 30

Hi Guys,

Thanks for your help and support.
Found the issue, one of the flows was deployed previously to Integration node with an email ID configured to xxx@test.com. This was keep looping since this IP is blocked at the firewall. This looping left some kind of email trace file which kept trying even after shutting the integration node down. So this stalled email file was cleared by Admin team.
Now we are not facing that issue anymore.

Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » IIB processes trying to connect to public IPs
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.