🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Working Principle For Solace Loopback Bridge
Hi,
I have question around Solace loopback Message VPN Bridge which is used for link two Message VPNs on same event broker.
Let's say we have Appliance Name “Router_DC_1” and there are 2 VPN i.e. VPN_A & VPN_C, Now both VPN is linked together via bridge (VPN_A_to_VPN_C) on same appliance.
There is DR for this setup on “Router_DR_1” and we have capabilities to Flip single VPN from DC to DR without flipping all VPN’s, Now let’s say we flip VPN_A from “Router_DC_1” to “Router_DR_1” and VPN is now active on Router_DR_1
Will my bridge still work in this case ? Because this was loopback bridge which was connected via 127.0.0.1 on same appliance and now VPN “VPN_A” flipped to other appliance!
Comments
-
Nope! You should always use the appliances' (both of them) message bus VIPs, with two remote VPNs in your VPN bridge configuration. Using the loopback on appliances is a pretty old-school way of doing things, and DR is a great reason why. DR was introduced in SolOS 6.x. If only ever one HA-pair, then I guess loopback is fine.
(That's off the top of my head... I hope @TomF 's research turns up the same answer!)
0 -
Huh, so the docs don't specify, eh? I mean, yes it's definitely possible to create a loopback, and if/when you do a DR failover, BOTH VPNs move over, then I think it should also still be ok. But if you can split them, then you'll need the other IP address.
Well, maybe that's it? Maybe you still need 2 IP addresses / 2 remote VPNs in your bridge config... one loopback, and one for the DR machine?
I'll inquire.
0 -
loopback bridge with 127.0.0.1 will not work if anyone msgVPN failover to DR. This setup is suitable only if both msgVPNs
failovers together.As Aron suggested you can use two remote msgVPN connect-via. Please note when connect-order is configured as 1 and 2 respectively then the bridge always try to connect using 127.0.0.1 as first and then it try 2nd remote msgVPN which is configured with IP or DNS alias.
I would suggest as a best practice, to create two remote msgVPNs with respective appliance msg-IP without compression enabled.
0 -
Apologies, this has been sitting in my Drafts since last week!!
@Abhikesh yeah I checked with one of our product architects, just for confirmation: you'll need two Remote VPNs configured inside your bridge... one for the loopback (when both VPNs are live on the same set of appliances), and one with the primary VIP of the other HA pair in the DR setup.
Hope that helps!
0