VPN Bridge Setup Examples

The following examples show how to set up several types of Message VPN bridges.

By default, clients can't use the Message VPN bridge feature. Permission to use bridge connections must be enabled for their assigned client profile. For more details, refer to Allowing Bridge Connections.

Uni-Directional Bridge Example

This example shows a sample command sequence to bridge a Message VPN on the local event broker to another Message VPN with the same name on a remote event broker.

First, create the bridge (bridge-490) on the local event broker.

solace(configure)# create bridge bridge-490 message-vpn vpn-490

Next, configure the settings for the remote event broker. In the example below, the remote message VPN is also called vpn-490, and the IP address the bridge will use to connect to the remote event broker is 192.168.164.50.

solace(configure/bridge)# remote
solace(configure/bridge/remote)# create message-vpn vpn-490 connect-via 192.168.164.50

Enable the remote message VPN.

solace(configure/bridge/remote/message-vpn)# no shutdown
solace(configure/bridge/remote/message-vpn)# exit

Configure the connection to use basic authentication.

solace(configure/bridge/remote)# authentication basic client-username default

Configure a subscription to identify messages to be propagated over the bridge, where <topic> is the subscription topic, then exit the configuration for the remote event broker.

solace(configure/bridge/remote)# subscription-topic <topic>
solace(configure/bridge/remote)# exit

Enable the new bridge, and then exit the configuration for it.

solace(configure/bridge)# no shutdown
solace(configure/bridge)# exit

Bi-Directional Bridge Example

This example shows a sample command sequence for bridging a Message VPN on the local event broker (solace1) to another Message VPN with the same name on a remote event broker (solace2). Messages can be forwarded in either direction.

In this example, the two event brokers are called solace1 and solace2. A message VPN bridge called bridge-490is created on both event brokers. Each bridge is created on the local message VPN vpn-490 and connects to the remote message VPN of the same name on the other event broker. The solace1 event broker uses the connect-via address for the remote event broker on its side of the bridge, and solace2 uses the virtual router name for the remote event broker on the other side of the bridge. The bridge using the connect-via method establishes the connection first, and then the other bridge reuses that connection. You can also use the connect-via address on both ends; in this case, both bridges attempt to create the connection, with the slower bridge reusing the bridge connection that was established first. The virtual router name can only be used with a bi-directional bridge and only at one end of the bridge. Both bridges are configured with the <topic> subscription topic.

First, configure the bridge on solace1 using the connect-via address for solace2:

solace1(configure)# create bridge bridge-490 message-vpn vpn-490
solace1(configure/bridge)# remote
solace1(configure/bridge/remote)# create message-vpn vpn-490 connect-via <solace2-ip-address>
solace1(configure/bridge/remote/message-vpn)# no shutdown
solace1(configure/bridge/remote/message-vpn)# exit
solace1(configure/bridge/remote)# authentication basic client-username default
solace1(configure/bridge/remote)# subscription-topic <topic>
solace1(configure/bridge/remote)# exit
solace1(configure/bridge)# no shutdown
solace1(configure/bridge)# exit

Then, configure the bridge on solace2 using the virtual router name for solace1:

solace2(configure)# create bridge bridge-490 message-vpn vpn-490
solace2(configure/bridge)# remote
solace2(configure/bridge/remote)# create message-vpn vpn-490 router v:solace1
solace2(configure/bridge/remote/message-vpn)# no shutdown
solace2(configure/bridge/remote/message-vpn)# exit
solace2(configure/bridge/remote)# authentication basic client-username default
solace2(configure/bridge/remote)# subscription-topic <topic>
solace2(configure/bridge/remote)# exit
solace2(configure/bridge)# no shutdown
solace2(configure/bridge)# exit

Uni-Directional Loopback Bridge Example

A loopback bridge is a Message VPN bridge that links two different Message VPNs on the same event broker.

Solace recommends that you use an IP address of 127.0.0.1 for the remote Message VPN of a loopback bridge, rather than the primary IP address of the event broker.

In this example, a bridge called bridge-490 is created between two message VPNs on the same event broker. The two message VPNs are named vpn-490 and vpn00491. The bridge is configured with the <topic> subscription topic.

solace(configure)# create bridge bridge-490 message-vpn vpn-490
solace(configure/bridge)# remote
solace(configure/bridge/remote)# create message-vpn vpn00491 connect-via 127.0.0.1
solace(configure/bridge/remote/message-vpn)# no shutdown
solace(configure/bridge/remote/message-vpn)# exit
solace(configure/bridge/remote)# authentication basic client-username default
solace(configure/bridge/remote)# subscription-topic <topic>
solace(configure/bridge/remote)# exit
solace(configure/bridge)# no shutdown
solace(configure/bridge)# exit

Bridging Guaranteed Messages Between VPNs Example

Guaranteed messages may traverse a Message VPN bridge from a remote Message VPN to a local Message VPN to fulfill matching topic subscriptions. However, if you want to ensure that the delivery mode of the messages delivered to the local Message VPN is not changed to Direct to fulfill matching client topic subscriptions on the local Message VPN, queues must be used at both ends of the Message VPN bridge. That is, the Guaranteed messages must be delivered from one queue assigned an appropriate topic subscription on the remote Message VPN to another queue assigned a matching topic subscription on the local Message VPN.

If the bridge doesn't start or end with a queue, Guaranteed messages with a non-persistent delivery mode can be changed to Direct to fulfill matching client topic subscriptions on the local Message VPN. No warnings or errors are provided when changes to messages’ delivery modes occur. For more information, see Message Demotion.

The following example shows how to configure a uni-directional bridge so that Guaranteed messages with matching topics can be delivered from a remote Message VPN to a local Message VPN. In this example:

• the message VPNs on both event brokers are called my_vpn
• the queues on both event brokers are called my_queue
• local_user, remote_user, and bridge_user are all placeholders for the appropriate user names
• the bridge is configured with the <topic> subscription topic

1. Create queues on both the local and remote event brokers. Note that although the default access type for both queues is exclusive, only the remote one must be exclusive. (Refer to step 4 in Configuring VPN Bridges Using the Solace CLI for more information on required queue access types).

   local(configure)# message-spool message-vpn my_vpn
   local(configure/message-spool)# create queue my_queue
   local(configure/message-spool/queue)# permission all modify-topic
   local(configure/message-spool/queue)# owner local_user
   local(configure/message-spool/queue)# subscription topic <topic>
   local(configure/message-spool/queue)# no shutdown

   remote(configure)# message-spool message-vpn my_vpn
   remote(configure/message-spool)# create queue my_queue
   remote(configure/message-spool/queue)# permission all modify-topic
   remote(configure/message-spool/queue)# owner remote_user
   remote(configure/message-spool/queue)# subscription topic <topic>
   remote(configure/message-spool/queue)# no shutdown

   For information on how to create and configure a queue in a Message VPN, refer to Message VPN-Level Guaranteed Messaging Configuration.

2. Create the uni-directional bridge:

   local(configure)# create bridge guaranteed_bridge message-vpn my_vpn
   local(configure/bridge)# remote
   local(configure/bridge/remote)# create message-vpn my_vpn connect-via <remote-broker-ip-address>
   local(configure/bridge/remote/message-vpn)# message-spool queue my_queue
   local(configure/bridge/remote/message-vpn)# no shutdown
   local(configure/bridge/remote/message-vpn)# exit
   local(configure/bridge/remote)# authentication basic client-username bridge_user
   local(configure/bridge/remote)# exit
   local(configure/bridge)# no shutdown

   For information on how to create a bridge and configure the remote Message VPN, refer to Configuring VPN Bridges.

   For more information on how to properly configure a Message VPN bridge for Guaranteed messages, refer to Guaranteed Messaging Over Message VPN Bridges and Avoiding Loss of Guaranteed Messages with VPN Bridges.