This discussion is archived
3 Replies Latest reply: Feb 1, 2012 10:18 AM by user157995 RSS

Multiple SGD Gateways to one SGD server - cannot connect

user157995 Explorer
Currently Being Moderated
I am having an issue bringing up a new SGDG.. We have all the certificates and gateways configured, but I seem to be running into the --security-gateway setting issue.

Does anyone see an issue with this?

Both SGD servers sit in a DMZ, which are NATTed 172.16.254.41 and 172.16.160.10, i have my SGD server NATTed to 172.16.(254/160).35 and I've tested both port 443 and 5307 from sgdusa2 and they can communicate fine.

./tarantella config edit --security-gateway "172.16.254.41:sgdg:sgdusa.XXXXXXXX.com:443;172.16.160.10:sgdg:sgdusa2.XXXXXXXXX.com:443;*:direct:amralbvdi01"

My sgdusa (172.16.254.41) gateway works fine, but when I try to use my sgdusa2 gateway the client never connects and errors out with "Cannot connect to server amralbvdi01.XXXXXXX.com:5307"

Thanks
Dave
  • 1. Re: Multiple SGD Gateways to one SGD server - cannot connect
    user12629685 Explorer
    Currently Being Moderated
    There is nothing obviously wrong with the setting, so these suggestions are just to help identify the problem:

    1) Simplify: lose sgdusa
    "172.16.160.10:sgdg:sgdusa2.XXXXXXXXX.com:443;*:direct:amralbvdi01"

    2) Reverse the order:
    "172.16.160.10:sgdg:sgdusa2.XXXXXXXXX.com:443;172.16.254.41:sgdg:sgdusa.XXXXXXXX.com:443;*:direct:amralbvdi01"

    Do either of these change affect what happens?
  • 2. Re: Multiple SGD Gateways to one SGD server - cannot connect
    806512 Newbie
    Currently Being Moderated
    Dave wrote:

    ./tarantella config edit --security-gateway "172.16.254.41:sgdg:sgdusa.XXXXXXXX.com:443;172.16.160.10:sgdg:sgdusa2.XXXXXXXXX.com:443;*:direct:amralbvdi01"

    The delimiter in your command is invalid, separate each filter-spec entry with "comma's"

    Anyway, you do realize that the "IP addresses" you've specified in your filter-spec apply to "client" connections, not "gateway" connections, right?

    That is, a client with the ip address .41 will route through gateway sgdusa, a client connecting with ip address .10 will route through sgdusa2, and everyone else will connect directly to amralbvdi01 - not sure that's what you want.

    And why two gateways for one server? For a load-balanced deployment, you'll want a load-balancer, like:

    http://docs.oracle.com/cd/E19351-01/821-1924/bbjbbijh.html#bbjdeeeh
  • 3. Re: Multiple SGD Gateways to one SGD server - cannot connect
    user157995 Explorer
    Currently Being Moderated
    According to http://docs.oracle.com/cd/E19351-01/821-1924/cgfjighe.html the filter-spec delimter is a ";", and not a comma.

    And yes, .42 is a DMZ IP for SGDUSA, and .10 is SGDUSA2's DMZ IP, so those are correct.

    We have two gateways because the gateways are in two different geographic locations, on different connections to the internet, so they are for geographic-connectivity reasons and not load balance.

    Given my delimiter is correct, am I missing something else?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points