Network configuration guidance
You can configure your own network connections on the IBM® MQ Appliance using this guidance to help.
One of the advantages of the appliance is that all the administration tasks can be carried out by a single appliance administrator. This guidance helps you to set up networking on the appliance even if you are not yourself a networking expert.
- What is the topology of the network that you are connecting to?
- Do you have a dedicated management subnet?
- Do your brokers need to connect to multiple subnets?
- What is the motivation for configuring multiple appliance connections? (performance, redundancy, or security are possible reasons)
TCP/IP network routing function
- Is there an existing interface on the same subnet as the target host?
- Are there static routes defined to that specific host?
- Are there static routes defined to that host's subnet?
- Is there a default gateway defined?
You can use the show route command to display the information currently available to the appliance in making these decisions. The show route command shows the appliance routing table. The table includes static and default routes from appliance interface configurations.
The aim in configuring your appliance is to avoid any ambiguity or uncertainty when routing to a host. Ambiguity can cause problems for some network operations, for example, when pinging an appliance, you might see no response if the return path is different to the request path. Such ambiguity can also interfere with the high availability and disaster recovery functionality of the appliance.
Best Practice guidelines
Although much of your configuration will be dictated by the structure of the network that you are connecting to, and your priorities in terms of performance, redundancy, and security, you can follow these guidelines to help avoid ambiguity and uncertainty.
- Avoid having multiple IP addresses on the same subnet allocated to appliance network interfaces
- If you are planning to do this to provide redundancy, consider using link aggregation. You can
aggregate several of the appliance interfaces together, using a single IP address to access them
(see Link aggregation interfaces).
- Configure HA and DR connections into separate, dedicated subnets, or define static routes
-
Put direct HA and DR connections into separate, dedicated subnets. Giving each direct connection its own subnet will completely remove any potential issues for clashes. Such connections do not need gateways or routers of any kind, since all traffic on these direct connections will be peer-to-peer within that subnet.
If you are not using direct cable connections for your HA or DR interfaces, you should still use discrete dedicated subnets for each connection (this is most likely to be true for your DR connection, which would usually be at a different site rather than physically nearby as for HA systems).
- If you cannot configure dedicated subnets, define static routes for your HA and DR
connections.
- Consider defining separate static routes to hosts or subnets for specific MQ and appliance management traffic
-
For example, if you know that all of your management traffic should be coming to and from 192.168 (private network) addresses, define static routes on mgt0 and/or mgt1 to ensure that traffic with these systems takes a known route and does not interfere with other (for example, application) traffic.
- Define only one default gateway and on one interface
-
Avoid unpredictable routing by defining only one default gateway, and define it on a single interface.
Define the default gateway on one of the interfaces you expect outgoing MQ connections to use, as this makes it easy for queue managers to route outwards to any IP that does not have a more specific route defined.
