locked
Send Port In BizTalk Cluster RRS feed

  • Question

  • Hello Guys,

    I have a Cluster BizTalk environment with clustered send ports. Firewall is configured to allow connections from/to cluster IP. But when send ports are calling an external service, requests are getting blocked as it's not coming from Cluster IP, it's coming from the BizTalk server IP.

    Did I miss something  in the configuration?

    I am hoping all the off-ramps from clustered send ports will coming from Cluster IP.

    Please advise.

    Wednesday, December 24, 2014 11:16 AM

Answers

  • No when using clustered IP while transmissions it is always the LOCAL IP that is sent. This is because by default in the binding the local/physical IP will ALWAYS be at a higher priority than any other assigned IP's. If you use ipconfig /all you will find the host IP listed as "preferred". This is the IP that will be populated in the IP Headers as SOURCE. Secondly, when using send ports unless the receiver has issues (flooding) in handling multiple clients, it is NOT REQUIRED TO Cluster.

    Cluster (remember) is for high-availability and more in line with services implemented - receive ports and such.

    Since you're calling an external service, ask the firewall team to NAT the IP's associated with the physical hosts under ONE external IP. So to the called service, irrespective of the host sending the request the external system will see it as coming from ONE HOST.

    Regards.


    Wednesday, December 24, 2014 12:59 PM
  • #1 - No, that is the expected behavior.  Outbound connections are always made from the host address.*

    #2 - So....Send Ports should not be clustered.  You only Cluster certain Receive Adapters.  This assumes you are referring to Windows Clustering.

    The solution is to use the host address for any firewall configuration.

    *I believe there is a way to change this but I can think of one/two very narrow cases where I would even consider it.

    Wednesday, December 24, 2014 1:29 PM
    Moderator
  • Yes ,its by design If you have clustered resource such (MSBIZP01/MSBIZP02) you will always get IP of higher priority in  the clustered environment and not the actual clustered IP .

    So for your issue you can use un clustered send port and have a firewall exception for the send host IP on the web server .

    Thanks

    Abhishek

    Wednesday, December 24, 2014 2:58 PM

All replies

  • Hi,

    What do you mean by clustered send port.

    While creating cluster for your BizTalk server, you would have given IP (along with cluster name). This IP will be used "if" your firewall passes the IP of the BizTalk server by any chance. Check you cluster configuration.

    Just a note: when you send request to external network through firewall, generally your company's external facing IP will be exposed to the external parties/web services. You should not allow your cluster IP or BizTalk IP details to the external web service/world. So external web service need to allow access only to your (or your company's) external IP.


    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

    Wednesday, December 24, 2014 12:40 PM
  • No when using clustered IP while transmissions it is always the LOCAL IP that is sent. This is because by default in the binding the local/physical IP will ALWAYS be at a higher priority than any other assigned IP's. If you use ipconfig /all you will find the host IP listed as "preferred". This is the IP that will be populated in the IP Headers as SOURCE. Secondly, when using send ports unless the receiver has issues (flooding) in handling multiple clients, it is NOT REQUIRED TO Cluster.

    Cluster (remember) is for high-availability and more in line with services implemented - receive ports and such.

    Since you're calling an external service, ask the firewall team to NAT the IP's associated with the physical hosts under ONE external IP. So to the called service, irrespective of the host sending the request the external system will see it as coming from ONE HOST.

    Regards.


    Wednesday, December 24, 2014 12:59 PM
  • #1 - No, that is the expected behavior.  Outbound connections are always made from the host address.*

    #2 - So....Send Ports should not be clustered.  You only Cluster certain Receive Adapters.  This assumes you are referring to Windows Clustering.

    The solution is to use the host address for any firewall configuration.

    *I believe there is a way to change this but I can think of one/two very narrow cases where I would even consider it.

    Wednesday, December 24, 2014 1:29 PM
    Moderator
  • Yes ,its by design If you have clustered resource such (MSBIZP01/MSBIZP02) you will always get IP of higher priority in  the clustered environment and not the actual clustered IP .

    So for your issue you can use un clustered send port and have a firewall exception for the send host IP on the web server .

    Thanks

    Abhishek

    Wednesday, December 24, 2014 2:58 PM
  • Thanks Guys,

    Is there any way to change this IP priority behaviour?

    regards,

    Thursday, December 25, 2014 12:25 PM