Regarding initiating of DRA connections. - Forum - Community Groups - Progress Community

Regarding initiating of DRA connections.

 Forum

Regarding initiating of DRA connections.

  • Hi all,

    according to this document (http://communities.progress.com/pcom/docs/DOC-25888) DRA connections can be configured to be initiated from a specific broker:

    Interior Firewall

    ...
    The DRA approach allows the brokers to be configured so that the connections will only be initiated from one of the brokers (interior or DMZ, whichever is preferable).

    ...

    I've tried to use the "Static routings" checkbox on the DRA connections. However, I'm unable to 'choose' which broker that initiates the connection.

    It is a simple setup with two brokers using DRA. Say I want to have broker A to always initiate the connection, and B to accept it. Communication will of course go both ways later, but I want to force broker A to initiate the connection. Are there any other settings that I've missed? I've looked through the broker configuration documents, but haven't found it.

    Also, am I supposed to see in the log that the connection is initiated the 'right' way? Like this:

    [10/01/04 10:45:10] ID=PRODBroker (info) Broker "B:B" accepted connection from remote broker "A:A".

    Kind regards,

    Lars

    Message was edited by: dehlar

  • See /docs7.6/books/mq_config_manage.pdf  --   Progress SonicMQ Configuration and Management Guide

    Search for “Name of outbound broker” or go to:

    Chapter 9 – Configuring Routings

    - Routing Defintions

    o   Configuring DRA Rotuing Definitions

    -  P.317  -- Outbound Broker

    4. Select the Connection tab:
    5. Specify the following under Parameters:
    ...

    Outbound Broker
    Name of outbound broker. This can only be set for a cluster; this setting forces all outbound
    connections anywhere in the cluster to be made from this broker. If blank, routing is made from the existing connection or any broker. If set, a hop is made to this broker

    .

  • Hi William,

    thank you for answering!

    However, I think I've might have misunderstood the document I

    referenced. I do not have a cluster setup, I only have two brokers in

    a DRA setup. And I'm therefore unable to choose which broker that

    initiates the DRA connection (I do not think it's possible in such a

    setup).

    Kind regards,

    Lars.

  • Yes.   The docuement you saw was about how to have one cluster use only a single 'gateway' broker to get to a remote node.

    I think what you want is to have DRA connections from A-to-B only go one way (so users on B can't initiate a send.    I think you can do that with ACL's.  That is, simply DENY PUBLISH and SEND permissions to A::#  (I think that is the syntax).

    DRA connections are mutually authenticated, so both Noe\des need to have connection parameters to each other.  There is no concept of a 'one-way' connection.    Broker B needs to be able to get to broker A even if no messages are sent in order to send Acknowledgements and Indoubt resolution (internal) messages.   If the connection fails, both sides need to know how to get it back because both sides might feel they are missing some information they need to keep the guaranteed delivery working.

  • Hi William,

    I do want a 'normal' DRA connection (connection goes both ways). I

    want both brokers to be able to initialize a send, but only one broker

    to open the connection. Therefore, I got confused by these lines from

    the document:

    "There are also a few variants to the implementation, depending upon

    requirements:

    1. Instead of creating a cluster between the two brokers, one

    could create two distinct routing nodes and use a DRA link. This would

    be valuable in the case where administrators have strict rules on how

    connections can be initiated through the interior firewall. While the

    clustering approach is easy to configure, there are no controls on

    which broker can initiate the connection. The DRA approach allows the

    brokers to be configured so that the connections will only be

    initiated from one of the brokers (interior or DMZ, whichever is

    preferable)."

    To me, this means that you can configure the DRA connection to only be

    initiated from one broker. But, that seems hard to do in real life,

    so I think that article is wrong? Or at least I understood it wrong.

    Anyway, thank you for helping William.

    Kind regards,

    Lars.