Answered Webspeed server to IIS (or other) server - outbound UDP ports

Chris Hughes

ProgressTalk.com Sponsor
Hi

Referencing this knowledge base article
KB

States a huge range of UDP ports are required outbound from Webspeed (Nameserver) to say an IIS server.

Thing is I've never enabled these through a firewall (on multiple products 10.x to 11.x) and it works fine.

Anybody know what they are (were?) meant to do.

Thanks

Chris.
 

Rob Fitzpatrick

ProgressTalk.com Sponsor
The messenger and agents use TCP for messaging. I believe you only need UDP if you are using the Name Server. When we use WebSpeed, we don't do that as our installations are not load-balanced; there is only a single broker. A Name Server serves no purpose in that scenario and adds overhead to every request.

For firewall configuration we just allow inbound (DMZ to WS box) rules for the WebSpeed broker port and for the port range specified for the WebSpeed agents (all TCP).
 

RealHeavyDude

Well-Known Member
The only product that talks UDP is the NameServer. If you don't need the NameServer ( for load balancing or discovering the AppServers and WebSpeed brokers ) then you don't need UDP. Even with the classic AppServer, the only thing that needs the NameServer is load balancing. You can directly connect to the AppServer broker without the need of a NameServer.
 

Chris Hughes

ProgressTalk.com Sponsor
Off I go to dump the nameserver then (after some testing to figure out how) - like the idea of being faster :)

I'll mark as answered, but if anyone ever picks this question up and understands the UDP part please share.

Thank you both - an education as always!
 

Rob Fitzpatrick

ProgressTalk.com Sponsor
Off I go to dump the nameserver then (after some testing to figure out how)
This should be covered in the Application Server Administration manual. Look for Configuring a CGI Messenger.

Right now your messenger script is probably configured to use a service name that is defined in ubroker.properties. You can configure it instead to specify a hostname and port number. This is how it will bypass the NameServer and connect directly to the WebSpeed broker.

There are some KB articles of various vintages that talk about this. E.g.:
How to configure CGIIP messenger to talk directly to the WebSpeed Broker?

Closing thoughts:
  • Make sure you configure WebSpeed for Production Mode!
    Running WebSpeed in Production Mode
  • WebSpeed support is ending; maybe as soon as OE 12.0. You should be planning your migration strategy from WebSpeed and/or "classic" App Server to PASOE now.
 

Casper

ProgressTalk.com Moderator
Staff member
1545392918009.png
Maybe this picture sheds some light on where UDP communication is used.
It is quite easy to configure the inbound and outbound UDP ports to minimize the range of ports being used.
 

Chris Hughes

ProgressTalk.com Sponsor
For anyone thats interested here is a ubroker file which in the above diagram (thanks Casper), would talk direct to the broker only using TCP.
This file may be able to be trimmed more, but works for me :)

Code:
##########################################################################
##                                                                      ##
##          Copyright (c) 1998-2010 by Progress Software Corporation    ##
##                                                                      ##
## All rights reserved.  No part of this program or document may be     ##
## reproduced in any form or by any means without permission in writing ##
## from Progress Software Corporation.                                  ##
##                                                                      ##
##########################################################################
#
# WebSpeed Properties
#
[WebSpeed]
    infoVersion=9010
    RootPath=@{DocRootPath}
    ScriptPath=@{CGIScriptPath}
    Components=0011111

#
# WebSpeed Messenger Properties
#
[WebSpeed.Messengers]
    controllingNameServer=NS1
    AllowMsngrCmds=0
    workDir=@{WorkPath}
    useConnID=0
    minNSClientPort = 0
    maxNSClientPort = 0
    registerNameServer=0
    Host=inet_app
    Port=7800
    logAppend=1
    logEntryTypes=
    logFile=@{WorkPath}\msgr.log
    loggingLevel=1
    logThreshold=0
    numLogFiles=3
    certStorePath=@{Startup\DLC}\certs\
    noHostVerify=0
    noSessionReuse=0
    sslEnable=0
    ipver=IPv4

#
# WebSpeed CGIIP Messenger Properties
#
[WebSpeed.Messengers.CGIIP]
     msngrExecFile=@{Startup\DLC}\bin\cgiip.exe
     msngrScriptFile=
 

Rob Fitzpatrick

ProgressTalk.com Sponsor
WebSpeed support is ending; maybe as soon as OE 12.0. You should be planning your migration strategy from WebSpeed and/or "classic" App Server to PASOE now.
Just to close the loop on my earlier speculation, Classic App Server and WebSpeed are indeed retired in 12.0+. More details:
OE 12 is available
 
Top