Layer7 API Management

  • Private Community

  • 1.  Does the CA API Gateway support AMQP as a proxy?

    Posted Mar 12, 2015 01:56 PM

    We are investigating if Layer 7 can be utilized as a proxy for AMQP instead of acting as an actual client reading from queues. Is AMQP protocol proxy supported and if so how does one go about setting this up? Raw TCP needed?



  • 2.  Re: Does the CA API Gateway support AMQP as a proxy?

    Posted Mar 12, 2015 03:44 PM

    Hi James,

     

    I'm not sure how you mean?  In order to maintain transactionality as an AMQP node, you either need to act exclusively as a client, or as a server.  There is no way to be a pure proxy without making at least one client connection.  Otherwise, it would be the equivalent of a MITM attack on the transactional integrity.

     

    Am I misunderstanding the question?  Do you have a diagram to of what you're asking for?

     

    Thanks, Matt



  • 3.  Re: Does the CA API Gateway support AMQP as a proxy?

    Posted Mar 12, 2015 05:10 PM

    Hi Matt,

     

    We had a requirement from an internal client that wanted the gateway to act only as a proxy in between client and server enforcing SSL. As I shared with them the assertions and settings in the policy manager it was clear that the gateway had to act as either client or server, and that makes sense for a queuing protocol. They wanted me to further investigate proxy capabilities like we can do synchronously over HTTPS. I will let them know what is supported and the need to preserve transactions.

     

    Thanks,

    James



  • 4.  Re: Does the CA API Gateway support AMQP as a proxy?

    Posted Mar 13, 2015 01:47 AM

    Ok, sounds good.  Transactionality is the key here.



  • 5.  Re: Does the CA API Gateway support AMQP as a proxy?

    Posted Mar 13, 2015 06:11 PM

    Hi Matt,

     

    Here are 2 questions from our internal client which they would like CA to answer. Thanks for your help.

     

     

    1. Are we sure that the CA representative you were in contact with understood that we did not need the gateway to act as a forward proxy, but rather a reverse proxy (similar to how it handles https and http traffic) ?

     

    2. Does the gateway support a raw TCP reverse proxy (similar to how the Big-IP is in front of our RabbitMQ servers) ?

     

     

     

    Sent with Good (www.good.com)



  • 6.  Re: Does the CA API Gateway support AMQP as a proxy?
    Best Answer

    Posted Mar 31, 2015 06:53 PM

    Hi James,

     

    Sorry for the delay...

     

    1. Regardless of whether you're a forward or reverse proxy, you break the transactionality of AMQP once there are three distinct endpoints involved.  To maintain transactionality, you need to interact with a single AMQP server.

    2. Yes, raw TCP is supported.  Check out these links...

    https://wiki.ca.com/display/GATEWAY83/Route+via+Raw+TCP+Assertion

    Manage Listen Ports - CA API Gateway - 8.3 - CA Wiki

     

    Thanks, Matt



  • 7.  Re: Does the CA API Gateway support AMQP as a proxy?

    Posted Mar 31, 2015 08:07 PM

    Hi Matt, I reviewed the links, and I did not see how the gateway would support a raw TCP reverse proxy in front of AMQP. Am I missing something?

     

     

     

    Sent with Good (www.good.com)



  • 8.  Re: Does the CA API Gateway support AMQP as a proxy?

    Posted Apr 01, 2015 12:26 AM

    Raw TCP is supported as a transport protocol.  I would not recommend doing this for an AMQP connection, as per the thread above.

     

    What is the business goal you're trying to solve?  What type of policies are you looking to enforce on AMQP?



  • 9.  Re: Does the CA API Gateway support AMQP as a proxy?

    Posted Apr 01, 2015 08:10 AM

    Hi Matt, thanks for your response. We just wanted to confirm that the gateway cannot proxy AMQP like Big-IP does today for our RabbitMQ. You can consider this question answered and closed.

     

     

     

    Sent with Good (www.good.com)