Managing AMQP Service on VPNs

You can perform the following AMQP configurations for each Message VPN that AMQP clients will connect to:

You can also configure an AMQP global listen port that is shared between many Message VPNs. When a global AMQP TLS/SSL port is configured, all AMQP TLS/SSL clients can connect to the global port. As a result, per-Message VPN ports are not required and the configuration is much simpler.

If authentication is turned off for the VPN, the event broker signals to connecting AMQP clients that it supports anonymous authentication. AMQP libraries like Apache Qpid respond to this by not sending credentials even if the application has specified them. As a result, clients authenticate using the VPN's default client username, and the VPN's default client username must be enabled to allow clients to connect.

Set Message VPN AMQP Listen Ports

For AMQP clients that connect through per-Message VPN ports, separate listen ports for each Message VPN must be configured

The AMQP service supports both plain-text and encrypted data transport. If you want to transport plain-text and TLS/SSL data, a separate port must be configured for each transport type (enter the command below for each transport type that you want to configure).

To set a listen port for AMQP connections for a Message VPN, enter the following commands:

solace(configure)# message-vpn <vpn-name>
solace(configure/message-vpn)# service amqp
solace(configure/message-vpn/service/amqp)# listen-port <port> [ssl]
solace(configure/message-vpn/service/amqp)# no shutdown

Where:

<vpn-name> is the name of an existing Message VPN.

<port> is the port number from 1 to 65535. This port must not be in use for any other service. Note that if the ssl parameter is not included with the command, the port will use a plain text transport.

[ssl] specifies that the given port will use TLS/SSL transport.

The no version of this command, no listen-port ssl, removes the currently configured port number.

To change a port number, the AMQP service must be shutdown (refer to Enable/Disable AMQP Service for VPNs).

Set Maximum Number of AMQP Connections

To set the maximum number of AMQP clients that can simultaneously connect to a given Message VPN, enter the following commands:

solace(configure)# message-vpn <vpn-name>
solace(configure/message-vpn)# service amqp
solace(configure/message-vpn/service/amqp)# max-connections <value>

Where:

<vpn-name> is the name of an existing Message VPN.

<value> is the maximum number of simultaneous connections permitted

The no version of this command, no max-connections, resets the value to the maximum limit supported by the event broker.

This parameter can be set to a value that is higher than the maximum number of simultaneous connections permitted by the event broker, but the connection limit for the event broker will still be enforced.

Enable/Disable AMQP Service for VPNs

For each Message VPN, you can enable/disable the AMQP service for the plain-text or TLS/SSL ports.

The ability to enable/disable the AMQP service for specific Message VPNs can be convenient if, for example, you do not want to disable AMQP service at the system level (Enabling System-Level AMQP Service), which would disconnect all the AMQP clients on all Message VPNs.

Enabling AMQP Service

To enable the AMQP plain-text transport service for a Message VPN, enter the following commands:

solace(configure)# message-vpn <vpn-name>
solace(configure/message-vpn)# service amqp
solace(configure/message-vpn/service/amqp)# no plain-text shutdown

To enable the AMQP TLS/SSL transport service for a Message VPN, enter the following commands:

solace(configure)# message-vpn <vpn-name>
solace(configure/message-vpn)# service amqp
solace(configure/message-vpn/service/amqp)# no ssl shutdown

Disabling AMQP Service

To disable the AMQP plain-text transport service for a Message VPN, enter the following commands:

solace(configure)# message-vpn <vpn-name>
solace(configure/message-vpn)# service amqp
solace(configure/message-vpn/service/amqp)# plain-text shutdown

To disable the AMQP TLS/SSL transport service for a Message VPN, enter the following commands:

solace(configure)# message-vpn <vpn-name>
solace(configure/message-vpn)# service amqp
solace(configure/message-vpn/service/amqp)# ssl shutdown

Disabling the AMQP service on a Message VPN for a particular transport type will disconnect any AMQP clients currently connected to the Message VPN using that transport type. This includes AMQP clients using the global AMQP port and AMQP clients using the per-Message VPN listen port.