This topic has been locked.
4 replies Latest Post - 2013-02-05T17:53:33Z by SystemAdmin
Pinned topic FSH listening to muliple IPs
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
So we have a MPG for each of our domains. It listens via a FSH of course to incoming connections. When choosing the "Local IP", you can put a few things. The IP address, or host alias, of your networking interface. 0.0.0.0 which will listen to any incoming IP connection. Or if it's only an internal connection 127.0.0.1. So my question is what if we have 2 Ethernet interfaces that accept incoming data. I am under the assumption the only way to listen to both connections is to create a FSH for each IP, or use 0.0.0.0. Creating 2 FSH for each connection can become quite large and a pain to manage. And 0.0.0.0 is a security risk since it listens to ANY IP. It would be nice if you could create a host alias that contained multiple IPs. Or if the "Load Balancer Group" could manage internal IPs and not just outgoing. Is there anything else I am missing? What if we had 3-4 interfaces that accepted traffic. For redundancy sake. We would need a FSH for every single interface?
Updated on 2013-02-05T17:53:33Z at 2013-02-05T17:53:33Z by SystemAdmin
HermannSW 2700006U544379 PostsACCEPTED ANSWER
Re: FSH listening to muliple IPs2013-01-31T09:01:59Z in response to SystemAdminA MPGW can have any number of front protocols:
<xsd:element name="FrontProtocol" type="tns:dmReference" minOccurs="0" maxOccurs="unbounded" />
A dmReference has an extension of xs:string, just providing an optional @class.
So the short answer is, there is no such feature you would like to have.
On the other hand, if you really want to handle this in an automated way, you can try this:
- define all your services with just one FSH (being representative for the group)
- then do a domain export containing all objects as "XML Config" (not ZIP bundle) and download.
Now you do have the complete (domain) config as XML file.
The frontside handlers are referenced in this form inside a <MultiProtocolGateway ...> element:
<FrontProtocol @class="...">some name</FrontProtocol>
The FrontProtocol itself is defined in this form:
<...SourceProtocolHandler name="some name" ...>...</...SourceProtocolHandler>
So if you have some logic in mind, on "how" you want to associated 2 or more different interfaces based on the "name" of the
representative FSH, then you could write a stylesheet doing (the many) additions automatically.
Finally you can import the modified "XML Config", all as part of an automated sequence of actions (scripted by XML Management calls).
- the manual (unmodified) export is your "real" config
- you have to decide whether you want to spend the effort to go this route
Re: FSH listening to muliple IPs2013-01-31T15:55:21Z in response to HermannSWSo in our XML we have an entry like this:
<HTTPSSourceProtocolHandler name="FSH NAME" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:dp="http://www.datapower.com/schemas/management">
Is this what you were referring to? Do I need to create a whole new entry from <HTTPSSourceProtocolHandler to /HTTPVersion> ? Or just another <LocalAddress> entry?
swlinn 100000E7QE1344 PostsACCEPTED ANSWER
Re: FSH listening to muliple IPs2013-02-02T23:47:05Z in response to SystemAdminYour front side handler can have one and only one local address. A 0.0.0.0 will listen to the specified port for ALL inbound IPs on the appliance. If you specify a specific IP for the local address (either the actual IP or a host alias that maps to an IP), the appliance will listen on the specified port for just that one IP. If you want to have more than one IP listened to for the specified port, but not ALL, then you will need multiple front side handlers, each listening to the specified port with a unique IP.