Re: How to prevent RVD from sending messages outside of the machine


We are using rvd 7.1.

I asked the same question in 2004 on the group Tibco-L on before but did not phrase it very well. Then I asked the question "Re: How to make rvd to check only local machine for messages". What I actually wanted was this: "If all the publishers and the subcribers are on the same machine, then how to prevent the messages from going outside this machine and eliminate the unnecessary network traffic"? There was some audit of the network traffic and the network guys saw a large amount of message flows from machine to another which were the rvd communications between the machines (for example, between the dev machine and the production machine). We need to eliminate this traffic as quickly as we can. In our case, there is no need for this communication. This is basically what I am looking for. The assupmtions behind this question is that creating a unique subnet mask for the machine is not a very attractive option. Therefore, we are having to look at the other options that can do the same thing at the application level.

When I asked the previous question, I got several answers from a lot of helpful members of this list. I am summarizing them below (in order of what I think are the easy options).

1) rvd -permanent -network -> start the rvd using this -network option. -permanent option is depracated in 7.

2) Use subjects with the suffix LOCAL. That is publisher will publish on a subject like so: tstLOCAL.

Messages with subject names that have this prefix are only visible and distributed to transports connected to the same Rendezvous daemon as the sender.

For example, a program listening to the subject _LOCAL.A.B.C receives all messages sent on subject _LOCAL.A.B.C from any transport connected to the same daemon. A Rendezvous daemon does not transmit messages with _LOCAL subjects beyond that daemon.

Someone suggested that the _LOCAL suffixing is reserved by TIBCO and not recommended.

3) rvd -no-multicast

4) rvd -network ";<multicast ip address of the machine>" -> I would not know how to do this though.

Someone said that the following about the -listen option.

"If you use -listen on the command line for RVD, this would eliminate the ability of any remote CLIENT to connect to that daemon, only client adapaters that run on the same machine would be able to connect to it (via TCP port 7500 in this case).

This could be used as a security measure in production, for instance. As someone pointed out correctly, this will not prevent the local adapaters to communicate with adapters connected to a daemon on a different host.".

It seems to me that if I do not want any communication with another machine from an rvd point of view, then this may also be an option.

Are the options suggested above still valid for the rephrased question? Please give your suggestions to my rephrased question. Thanks again.


(1) Answer