DataPower

DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Service Chaining

    Posted Mon September 30, 2013 07:02 PM
    Hi

    We are developing services that falls under the category of Service Chaining.  We have scenario were one MPGW call another MPGW.  Now that the first MPGW authenticates the request.  We do not want the second MPGW accessed directly.

    I know we can use 127.0.0.1 ip address on the FSH of the second MPGW to have this resolved.  I would like to know if there are better techniques to solve this problem.

    We do not want to do 127.0.0.1 because of few reason such as performance and having to maintain multiple environments in the same box in the lower environments.

    Thanks


  • 2.  Service Chaining

    Posted Thu December 05, 2013 12:51 PM
    Hello,

    I know this is a few months old, but still wanted to reply. I have seen the pattern of having a Gateway front 'N' Abstract services quite regularly. There is a balance between performance/resources vs reusability here. On one hand, Chaining Services helps simplify service deployments and reuses previously configured functionality such as AAA. On the other hand, this does take a small toll on the box, as 'N' services in the chain maintain copies of the request in memory until the trasaction is completed.

    I understand the Issue you have in your lower environments and I believe you have a few options here.

    1. You can go away from the Chaining Design and have each service perform the AAA.
    2. You will have to use different Ports for your lower environments that share the same host.

    #2 is true whether or not you chain your services, but for the 'Abstract Services', you definatly want to restrict it to only be accessible from within the host ( 127.0.0.1 ), this is what is recommended since your Security will be handled by the Gateway Service.

    If there are plans to onboard a bunch more services that will sit behind that Gateway Service, Service Chaining ( 1 service deep ), may be okay, just look at the Service's Throughput, message sizes, timeouts, caching settings and try to optimize them as much as possible.

    If you don't plan to Onboard more services, I would not do the Service Chaining, and just have the MPGW do all of the above for you.

    hope this was helpful,

    Doyle
    TxMQ Inc.


  • 3.  Service Chaining

    Posted Thu December 05, 2013 01:19 PM
    Thanks Doyle.  This helps.

    We are planned to user 127.0.0.1 in prod.  However in lower environments, ports could have been an option to isolcate traffic.But to maintain multiple environments on same box, we have enabled one ethernet interface for each environment.   Downside is we can only 8 environments, but this takes away the maintainance night mare the different ports would create


    Appreciate your response.  Thanks again. 


Related Content