此内容没有您所选择的语言版本。
Chapter 3. Creating a router network topology
You can deploy AMQ Interconnect as a single standalone router, or as multiple routers connected together in a router network. Router networks may represent any arbitrary topology, enabling you to design the network to best fit your requirements.
With AMQ Interconnect, the router network topology is independent from the message routing. This means that messaging clients always experience the same message routing behavior regardless of the underlying network topology. Even in a multi-site or hybrid cloud router network, the connected endpoints behave as if they were connected to a single, logical router.
To create the router network topology, complete the following:
You should understand the different router operating modes you can deploy in your topology, and be aware of security requirements for the interior portion of the router network.
Build the router network by adding routers one at a time.
For each router, you must configure the following:
- Router properties
- Network connections (incoming and outgoing)
- Security (authentication and authorization)
3.1. Planning a router network
To plan your router network and design the network topology, you must first understand the different router modes and how you can use them to create different types of networks.
3.1.1. Router operating modes
In AMQ Interconnect, each router can operate in standalone, interior, or edge mode. In a router network, you deploy multiple interior routers or a combination of interior and edge routers to create the desired network topology.
- Standalone
- The router operates as a single, standalone network node. A standalone router cannot be used in a router network - it does not establish connections with other routers, and only routes messages between directly-connected endpoints.
- Interior
- The router is part of the interior of the router network. Interior routers establish connections with each other and automatically compute the lowest cost paths across the network. You can have up to 128 interior routers in the router network.
- Edge
- The router maintains a single uplink connection to one or more interior routers. Edge routers do not participate in the routing protocol or route computation, but they enable you to efficiently scale the routing network. There are no limits to the number of edge routers you can deploy in a router network.
3.1.2. Router network security considerations
In the router network, the interior routers should be secured with a strong authentication mechanism in which they identify themselves to each other. You should choose and plan this authentication mechanism before creating the router network.
If the interior routers are not properly secured, unauthorized routers (or endpoints pretending to be routers) could join the router network, compromising its integrity and availability.
You can choose a security mechanism that best fits your requirements. However, you should consider the following recommendations:
- Create an X.509 Certificate Authority (CA) to oversee the interior portion of the router network.
Generate an individual certificate for each interior router.
Each interior router can be configured to use the CA to authenticate connections from any other interior routers.
NoteConnections from edge routers and clients can use different levels of security, depending on your requirements.
By using these recommendations, a new interior router cannot join the network until the owner of the CA issues a new certificate for the new router. In addition, an intruder wishing to spoof an interior router cannot do so because it would not have a valid X.509 certificate issued by the network’s CA.
3.2. Adding routers to the router network
After planning the router network topology, you implement it by adding each router to the router network. You add routers one at a time.
This procedure describes the workflow required to add a router to the router network.
Prerequisites
- AMQ Interconnect is installed on the host.
Procedure
Configure essential router properties.
To participate in a router network, a router must be configured with a unique ID and an operating mode.
Configure network connections.
Connect the router to any other routers in the router network.
Repeat this step for each additional router to which you want to connect this router.
- If the router should connect with an AMQP client, configure a client connection.
- If the router should connect to an external AMQP container (such as a message broker), configure the connection.
- Secure each of the connections that you configured in the previous step.
(Optional) Configure any additional properties.
These properties should be configured the same way on each router. Therefore, you should only configure each one once, and then copy the configuration to each additional router in the router network.
If necessary, configure policies to control which messaging resources clients are able to access on the router network.
AMQ Interconnect automatically routes messages without any configuration: clients can send messages to the router network, and the router automatically routes them to their destinations. However, you can configure the routing to meet your exact requirements. You can configure the routing patterns to be used for certain addresses, create waypoints and autolinks to route messages through broker queues, and create link routes to connect clients to brokers.
You can set the default logging configuration to ensure that events are logged at the correct level for your environment.
- Start the router.
