We are investigating if Layer 7 can be utilized as a proxy for AMQP instead of acting as an actual client reading from queues. Is AMQP protocol proxy supported and if so how does one go about setting this up? Raw TCP needed?
Sorry for the delay...
1. Regardless of whether you're a forward or reverse proxy, you break the transactionality of AMQP once there are three distinct endpoints involved. To maintain transactionality, you need to interact with a single AMQP server.
2. Yes, raw TCP is supported. Check out these links...
Manage Listen Ports - CA API Gateway - 8.3 - CA Wiki
I'm not sure how you mean? In order to maintain transactionality as an AMQP node, you either need to act exclusively as a client, or as a server. There is no way to be a pure proxy without making at least one client connection. Otherwise, it would be the equivalent of a MITM attack on the transactional integrity.
Am I misunderstanding the question? Do you have a diagram to of what you're asking for?
We had a requirement from an internal client that wanted the gateway to act only as a proxy in between client and server enforcing SSL. As I shared with them the assertions and settings in the policy manager it was clear that the gateway had to act as either client or server, and that makes sense for a queuing protocol. They wanted me to further investigate proxy capabilities like we can do synchronously over HTTPS. I will let them know what is supported and the need to preserve transactions.
Ok, sounds good. Transactionality is the key here.
Here are 2 questions from our internal client which they would like CA to answer. Thanks for your help.
1. Are we sure that the CA representative you were in contact with understood that we did not need the gateway to act as a forward proxy, but rather a reverse proxy (similar to how it handles https and http traffic) ?
2. Does the gateway support a raw TCP reverse proxy (similar to how the Big-IP is in front of our RabbitMQ servers) ?
Sent with Good (www.good.com)
Hi Matt, I reviewed the links, and I did not see how the gateway would support a raw TCP reverse proxy in front of AMQP. Am I missing something?
Raw TCP is supported as a transport protocol. I would not recommend doing this for an AMQP connection, as per the thread above.
What is the business goal you're trying to solve? What type of policies are you looking to enforce on AMQP?
Hi Matt, thanks for your response. We just wanted to confirm that the gateway cannot proxy AMQP like Big-IP does today for our RabbitMQ. You can consider this question answered and closed.
Retrieving data ...