Hi all,
according to this document (http://communities.progress.com/pcom/docs/DOC-25888) DRA connections can be configured to be initiated from a specific broker:
Interior Firewall
...
The DRA approach allows the brokers to be configured so that the connections will only be initiated from one of the brokers (interior or DMZ, whichever is preferable).
...
I've tried to use the "Static routings" checkbox on the DRA connections. However, I'm unable to 'choose' which broker that initiates the connection.
It is a simple setup with two brokers using DRA. Say I want to have broker A to always initiate the connection, and B to accept it. Communication will of course go both ways later, but I want to force broker A to initiate the connection. Are there any other settings that I've missed? I've looked through the broker configuration documents, but haven't found it.
Also, am I supposed to see in the log that the connection is initiated the 'right' way? Like this:
[10/01/04 10:45:10] ID=PRODBroker (info) Broker "B:B" accepted connection from remote broker "A:A".
Kind regards,
Lars
Message was edited by: dehlar
See /docs7.6/books/mq_config_manage.pdf -- Progress SonicMQ Configuration and Management Guide
Search for “Name of outbound broker” or go to:
Chapter 9 – Configuring Routings
- Routing Defintions
o Configuring DRA Rotuing Definitions
- P.317 -- Outbound Broker
.
Hi William,
thank you for answering!
However, I think I've might have misunderstood the document I
referenced. I do not have a cluster setup, I only have two brokers in
a DRA setup. And I'm therefore unable to choose which broker that
initiates the DRA connection (I do not think it's possible in such a
setup).
Kind regards,
Lars.
Yes. The docuement you saw was about how to have one cluster use only a single 'gateway' broker to get to a remote node.
I think what you want is to have DRA connections from A-to-B only go one way (so users on B can't initiate a send. I think you can do that with ACL's. That is, simply DENY PUBLISH and SEND permissions to A::# (I think that is the syntax).
DRA connections are mutually authenticated, so both Noe\des need to have connection parameters to each other. There is no concept of a 'one-way' connection. Broker B needs to be able to get to broker A even if no messages are sent in order to send Acknowledgements and Indoubt resolution (internal) messages. If the connection fails, both sides need to know how to get it back because both sides might feel they are missing some information they need to keep the guaranteed delivery working.
Hi William,
I do want a 'normal' DRA connection (connection goes both ways). I
want both brokers to be able to initialize a send, but only one broker
to open the connection. Therefore, I got confused by these lines from
the document:
"There are also a few variants to the implementation, depending upon
requirements:
1. Instead of creating a cluster between the two brokers, one
could create two distinct routing nodes and use a DRA link. This would
be valuable in the case where administrators have strict rules on how
connections can be initiated through the interior firewall. While the
clustering approach is easy to configure, there are no controls on
which broker can initiate the connection. The DRA approach allows the
brokers to be configured so that the connections will only be
initiated from one of the brokers (interior or DMZ, whichever is
preferable)."
To me, this means that you can configure the DRA connection to only be
initiated from one broker. But, that seems hard to do in real life,
so I think that article is wrong? Or at least I understood it wrong.
Anyway, thank you for helping William.
Kind regards,
Lars.