Show TOC

Network Configuration for RMI-P4Locate this document in the navigation structure

Use

The RMI-P4 provides reliable network connections between remote clients and servers if the following requirements are met:

  • Firewalls/proxies

    P4 must be able to establish direct TCP connections to the configured P4 ports of the cluster. P4 does not automatically reestablish broken connections, so if the firewall is configured to close established connections after a timeout, it breaks the communication.

    If the message server is used for load balancing, connections to its HTTP/HTTPS port must also be possible. Load balancing using the message server still requires a P4 port visible to the client.

    Only standalone RMI-P4 clients that use the HTTP(S) tunneling as connection type supports HTTP proxies. In case the client is configured to use tunneling over HTTPS, the proxy must be configured to allow SSL connections to the specified HTTPS host/port.

  • NAT (Network Address Translation)

    NAT is supported with the following limitations:

    • Load balancing with the message server cannot be used unless it is also accessible through NAT, the DNS on the local side is configured to resolve the ICM host names to the configured addresses for NAT access, and the port numbers have to be the same.

    • Connections to other instances from the same cluster that are also behind NAT cannot be opened automatically when stubs are created because the correct NAT IP address for them is not known. The limitations for private network addresses also apply when NAT is used.

  • Loopback addresses

    Loopback addresses such as 127.0.0.1, 127.0.0.2 and so on are not used with RMI-P4 as they are invalid on the remote side. The machine should have a valid IP address and the host name must not resolve locally to a loopback address.

  • Private network addresses (rfc1918)

    Private network addresses are generally supported by RMI-P4 but connections between machines from two different local networks that use the same private network address space are not supported.

    Two machines have real IP addresses that they can use to connect with each other over the Internet but are also part of two separate private networks with a conflicting address space.

  • Security limitations

    For security reasons, only a single connection between two participants is allowed. Subsequent connection attempts are rejected. If two machines can access each other via several IP addresses, you have to configure the applications to use the same address.

  • SAP router

    Only standalone P4 applications support SAP router connections. The user must pass a valid SAP router string, which is typically in the InitalContext properties as value of the java.naming.provider.url property.