Static and dynamic workload balancing for FIN messages
The use of one or more SAG clusters results in dynamic workload
balancing. For FIN messages, this means that each session uses:
- For ISN messages (that is, outbound FIN messages), all the SAGs in a cluster
- For ISN acknowledgments (that is, acknowledgments of outbound FIN ISN messages sent earlier), only the SAG that received the open-confirmation message for the session
For example, if an SAG is active but one of its components (such as its SNL, a firewall, or Network Connectivity) makes the SAG unable to deliver messages to the SIPN, first the SFD then the SIPN aborts the corresponding session. When dynamic workload balancing is used, all sessions are likely to be affected by such a problem, because at some point a FIN session request of each session is likely to be processed by the SAG that is experiencing the problem.
To prevent such error situations from affecting your entire system,
you can:
- Implement static workload balancing. This entails setting up a static (unchanging) connection between each LT and one SAG, so that the traffic to and from that LT is always routed via the same SAG. This way, if the SAG fails, the traffic of other LTs that do not use this SAG remains unaffected.
- Implement dynamic workload balancing for initial sessions, but
arrange for static workload balancing to be used when recovering interrupted
sessions. This entails configuring the initial session to use a cluster
queue, and each subsequent session, used for recovery, to use the
specific client request queue of one of the SAGs in the cluster. When
doing this, it is necessary to follow the rules defined by SWIFT for
a public key infrastructure (PKI) setup:
- Create, in relaxed mode, the certificates that are to be used.
- Establish all message partners and certificates on all SAGs that are members of the cluster.
- On each SAG in the cluster, define the PKI profiles for signing and authorization according to the DN naming scheme defined by SWIFT.