Hi mailinglist,
I'm trying to set up a broker federation topology with a server and (for
prototyping) two clients and I need to send messages from one client to the
other, routed via the server broker since the clients will be
firewalled/NATed and can not communicate directly. My understanding is that
the way to do this is with dynamic routing and I've followed the discussion
on the following thread with some success:
http://qpid.2158936.n2.nabble.com/Dynamic-routing-between-disconnected-exchanges-td7598100.html.
That article describes three nodes A, B and C, and relaying from node A to
C via B.
So far so good - I can use "drain" on node C's test-topic/C
exchange/routing key and "spout" to write to node A's test-topic/C
exchange/routing key and the message is transferred via the "server" (node
B).
The problem I have is that this setup relies on TCP links being established
in both directions between each node. In my client-server scenario this is
clearly not possible and with the network restriction in place the dynamic
routing fails. As the documentation states, "A dynamic exchange route is
always a pull route. It can never be a push route.". Does this mean that
the underlying broker link must be established in the same direction as the
route, or is there some way to override this or get the route from the
server to utilize the existing link from the client? Solutions involving
VPNs and tunnels are "not allowed".
Just for info, I've included some more info from my prototype showing
information firstly from the working setup:
Client A - 192.168.0.12
Server - 192.168.0.13
Client B - 192.168.0.14
*Server:*
*~$ qpid-route link list*
Host Port Transport Durable State Last Error
=============================================================================
192.168.0.12 5672 tcp N Operational
192.168.0.14 5672 tcp N Operational
*~$ sudo netstat -np | grep 5672*
tcp 0 0 192.168.0.13:43022 192.168.0.12:5672
ESTABLISHED 1477/qpidd
tcp 0 0 192.168.0.13:5672 192.168.0.12:38576
ESTABLISHED 1477/qpidd
tcp 0 0 192.168.0.13:5672 192.168.0.14:46242
ESTABLISHED 1477/qpidd
tcp 0 0 192.168.0.13:34905 192.168.0.14:5672
ESTABLISHED 1477/qpidd
*Client A:*
*~$ qpid-route link list*
Host Port Transport Durable State Last Error
=============================================================================
192.168.0.13 5672 tcp N Operational
*~$ sudo netstat -np | grep 5672*
tcp 0 0 192.168.0.12:5672 192.168.0.13:43022
ESTABLISHED 1467/qpidd
tcp 0 0 192.168.0.12:38576 192.168.0.13:5672
ESTABLISHED 1467/qpidd
*Client B:*
Equivalent to Client A.
Then, with some (not so) cunning use of iptables, I blocked incoming
connections from the server to the clients:
*~$ sudo iptables -vnL*
Chain INPUT (policy ACCEPT 2157 packets, 424K bytes)
pkts bytes target prot opt in out source
destination
4 240 REJECT tcp -- * * 192.168.0.13
0.0.0.0/0 tcp dpt:5672 reject-with icmp-port-unreachable
and the server-side links show failure, as one would expect:
*~$ qpid-route link list*
Host Port Transport Durable State Last Error
=============================================================================
192.168.0.12 5672 tcp N Waiting Connection
refused
192.168.0.14 5672 tcp N Waiting Connection
refused
Any suggestions on how to solve this problem would be greatly appreciated!
Thanks in advance
Chris
