Configure Network Resources

 

+

Search Tips   |   Advanced Search

 

1. Overview of Network Configuration
2. Configuring a Channel
3. Assigning a Custom Channel to an EJB

 

---

Overview of Network Configuration

A network channel can...

• Designate the Network Interface Cards (NICs) and ports used by Managed Servers for different types of network traffic.
• Support multiple protocols and security requirements.
• Specify connection and message time-out periods.
• Impose message size limits.
• Set the protocol the connection supports.
• Set the listen address.
• Set listen ports for secure and non-secure communication.
• Set connection properties such as the login time-out value and maximum message sizes.
• Set whether or not the connection supports tunneling.
• Set whether the connection can be used to communicate with other WebLogic Server instances in the domain, or used only for communication with clients.

To configure a network channel using the console...

Servers | Protocols | Channels

...or configure by using the NetworkAccessPointMBean.

In WebLogic Server 10.3, network channels are deprecated. The use of NetworkChannelMBean is deprecated in favor of NetworkAccessPointMBean.

 

Rules for Configuring Channels

• You can assign a particular channel to only one server instance.
• You can assign multiple channels to a server instance.
• Each channel assigned to a particular server instance must have a unique combination of listen address, listen port, and protocol.
• If you assign non-SSL and SSL channels to the same server instance, make sure that they do not use the same port number.

 

Custom Channels Can Inherit Default Channel Attributes

If you do not assign a channel to a server instance, it uses WebLogic Server's default channel, which is automatically configured by WebLogic Server, based on the attributes in ServerMBean or SSLMBean.

ServerMBean and SSLMBean represent a server instance and its SSL configuration. When you configure a server instance's Listen Address, Listen Port, and SSL Listen port, using...

Server | Configuration | General

...those values are stored in the ServerMBean and SSLMBean for the server instance.

If you do not specify a particular connection attribute in a custom channel definition, the channel inherits the value specified for the attribute in ServerMBean. For example, if you create a channel, and do not define its Listen Address, the channel uses the Listen Address defined in ServerMBean. Similarly, if a Managed Server cannot bind to the Listen Address or Listen Port configured in a channel, the Managed Server uses the defaults from ServerMBean or SSLMBean.

 

Why Use Network Channels?

You can use network channels to manage quality of service, meet varying connection requirements, and improve utilization of your systems and network resources. For example, network channels allow you to:

• Segregate different types of network traffic—You can configure whether or not a channel supports outgoing connections. By assigning two channels to a server instance—one that supports outgoing connections and one that does not—you can independently configure network traffic for client connections and server connections, and physically separate client and server network traffic onto different listen addresses or listen ports.

  You can also segregate instance administration and application traffic by configuring a domain-wide administration port or administration channel.

• Support varied application or user requirements on the same Managed Server—You can configure multiple channels on a Managed Server to support different protocols, or to tailor properties for secure vs. non-secure traffic.

• Segregate internal application network traffic—You can assign a specific channel to a an EJB.

If you use a network channel with a server instance on a multi-homed machine, enter a valid Listen Address either in ServerMBean or in the channel. If the channel and ServerMBean Listen Address are blank or specify the localhost address (IP address 0.0.0.0 or 127.*.*.*), the server binds the network channel listen port and SSL listen ports to all available IP addresses on the multi-homed machine. See The Default Network Channel for information on setting the listen address in ServerMBean.

 

Handling Channel Failures

When initiating a connection to a remote server, and multiple channels with the same required destination, protocol and quality of service exist, WebLogic Server will try each in turn until it successfully establishes a connection or runs out of channels to try.

 

Upgrading Quality of Service Levels for RMI

For RMI lookups only, WebLogic Server may upgrade the service level of an outgoing connection. For example, if a T3 connection is required to perform an RMI lookup, but an existing channel supports only T3S, the lookup is performed using the T3S channel.

This upgrade behavior does not apply to server requests that use URLs, since URLs embed the protocol itself. For example, the server cannot send a URL request beginning with http:// over a channel that supports only https://.

 

Standard WebLogic Server Channels

WebLogic Server provides pre-configured channels that you do not have to explicitly define.

• Default channel—Every Managed Server has a default channel.

• Administrative channel—If you configure a domain-wide Administration Port, WebLogic Server configures an Administrative Channel for each Managed Server in the domain.

 

The Default Network Channel

Every WebLogic Server domain has a default channel that is generated automatically by WebLogic Server. The default channel is based on the Listen Address and Listen Port defined in the ServerMBean and SSLMBean. It provides a single Listen Address, one port for HTTP communication (7001 by default), and one port for HTTPS communication (7002 by default). You can configure the Listen Address and Listen Port using the Configuration > General page in the Administration Console; the values you assign are stored in attributes of the ServerMBean and SSLMBean.

The default configuration may meet your needs if:

• You are installing in a test environment that has simple network requirements.
• Your server uses a single NIC, and the default port numbers provide enough flexibility for segmenting network traffic in your domain.

Using the default configuration ensures that third-party administration tools remain compatible with the new installation, because network configuration attributes remain stored in ServerMBean and SSLMBean.

Even if you define and use custom network channels for your domain, the default channel settings remain stored in ServerMBean and SSLMBean, and are used if necessary to provide connections to a server instance.

 

Administration Port and Administrative Channel

You can define an optional administration port for your domain. When configured, the administration port is used by each Managed Server in the domain exclusively for communication with the domain's Administration Server.

 

Administration Port Capabilities

An administration port enables you to:

• Start a server in standby state

  This allows you to administer a Managed Server, while its other network connections are unavailable to accept client connections.

• Separate administration traffic from application traffic in your domain.

  In production environments, separating the two forms of traffic ensures that critical administration operations (starting and stopping servers, changing a server's configuration, and deploying applications) do not compete with high-volume application traffic on the same network connection.

• Administer a deadlocked server instance using the weblogic.Admin command-line utility. If you do not configure an administration port, administrative commands such as THREAD_DUMP and SHUTDOWN will not work on deadlocked server instances.

If a administration port is enabled, WebLogic Server automatically generates an administration channel based on the port settings upon server instance startup.

 

Administration Port Restrictions

The administration port accepts only secure, SSL traffic, and all connections via the port require authentication. Enabling the administration port imposes the following restrictions on your domain:

• The Administration Server and all Managed Servers in your domain must be configured with support for the SSL protocol. Managed Servers that do not support SSL cannot connect with the Administration Server during startup—you will have to disable the administration port in order to configure them.

• Because all server instances in the domain must enable or disable the administration port at the same time, you configure the administration port at the domain level. You can change an individual Managed Server's administration port number, but you cannot enable or disable the administration port for an individual Managed Server. The ability to change the port number is useful if you have multiple server instances with the same Listen Address.

• After you enable the administration port, establish an SSL connection to the Administration Server in order to start any Managed Server in the domain. This applies whether you start Managed Servers manually, at the command line, or using Node Manager. For instructions to establish the SSL connection,

• After enabling the administration port, all Administration Console traffic must connect via the administration port.

• If multiple server instances run on the same computer in a domain that uses a domain-wide administration port, either:

  • Host the server instances on a multi-homed machine and assign each server instance a unique listen address, or

  • Override the domain-wide port on all but one of one of the servers instances on the machine. Override the port using the Local Administration Port Override option on the Advanced Attributes portion of the Server > Connections > SSL Ports page in the Administration Console.

 

Administration Port Requires SSL

The administration port requires SSL, which is enabled by default when you install WebLogic Server. If SSL has been disabled for any server instance in your domain, including the Administration Server and all Managed Servers, re-enable it using the Server > Configuration > General page in the Administration Console.

Ensure that each server instance in the domain has a configured default listen port or default SSL listen port. The default ports are those you assign on the Server > Configuration > General page in the Administration Console. A default port is required in the event that the server cannot bind to its configured administration port. If an additional default port is available, the server will continue to boot and you can change the administration port to an acceptable value.

By default WebLogic Server is configured to use demonstration certificate files. To configure production security components, follow the steps in Configuring SSL in Managing WebLogic Security.

 

Configure Administration Port

Enable the administration port

After configuring the administration port, restart the Administration Server and all Managed Servers to use the new administration port.

 

Booting Managed Servers to Use Administration Port

If you reboot Managed Servers at the command line or using a start script, specify the Administration Port in the port portion of the URL. The URL must specify the https:// prefix, rather than http://, as shown below.

-Dweblogic.management.server=https://host:admin_port

If you use Node Manager for restarting the Managed Servers, it is not necessary to modify startup settings or arguments for the Managed Servers. Node Manager automatically obtains and uses the correct URL to start a Managed Server.

If the hostname in the URL is not identical to the hostname in the Administration Server's certificate, disable hostname verification in the command line or start script, as shown below:

-Dweblogic.security.SSL.ignoreHostnameVerification=true

 

Booting Managed Servers to Use Administrative Channels

To allow a managed server to bind to an administrative channel during reboot, use the following command line option:

-Dweblogic.admin.ListenAddress=<addr>

This allows the Managed Server to startup using an administrative channel. After the initial bootstrap connection, a standard administrative channel is used.

This option is useful to ensure that the appropriate NIC semantics are used before config.xml is downloaded.

 

Custom Administrative Channels

If the standard WebLogic Server administrative channel does not satisfy your requirements, you can configure a custom channel for administrative traffic. For example, a custom administrative channel allows you to segregate administrative traffic on a separate NIC.

To configure a custom channel for administrative traffic, configure the channel and select “admin” as the channel protocol.

See:

• Administration Port Requires SSL
• Booting Managed Servers to Use Administration Port

 

Using Internal Channels

WebLogic Server allows you to create network channels to handle administration traffic or communications between clusters. This can be useful in the following situations:

• Internal administration traffic needs to occur over a secure connection, separate from other network traffic.
• Other types of network traffic, for example replication data, need to occur over a separate network connection.
• Certain types of network traffic need to be monitored.

 

Channel Selection

All internal traffic is handled via a network channel. If you have not created a custom network channel to handle administrative or clustered traffic, WebLogic Server automatically selects a default channel based on the protocol required for the connection.

 

Internal Channels Within a Cluster

Within a cluster, internal channels can be created to handle to the following types of server-to-server connections:

• Multicast traffic
• Replication traffic
• Administration traffic

 

---

Configuring a Channel

You can configure a network channel using...

Servers | Protocols | Channels

...in the Administration Console or using the NetworkAccessPointMBean.

See also: Configuring Network Channels For a Cluster. Guidelines for Configuring Channels.

 

Guidelines for Configuring Channels

Follow these guidelines when configuring a channel.

 

Channels and Server Instances

• Each channel you configure for a particular server instance must have a unique combination of listen address, listen port, and protocol.
• A channel can be assigned to a single server instance.
• You can assign multiple channels to a server instance.
• If you assign non-SSL and SSL channels to the same server instance, make sure that they do not use the same combination of address and port number.

 

Dynamic Channel Configuration

• In WebLogic Server, you can configure a network channel without restarting the server. Additionally, you can start and stop dynamically configured channels while the server is running. However, when you shutdown a channel while the server is running, the server does not attempt to gracefully terminate any work in progress.

 

Channels and Protocols

• Some protocols do not support particular features of channels. In particular the COM protocol does not support SSL or tunneling.

• You must define a separate channel for each protocol you wish the server instance to support, with the exception of HTTP.

  HTTP is enabled by default when you create a channel, because RMI protocols typically require HTTP support for downloading stubs and classes. You can disable HTTP support on the Advanced Options portion of Servers > Protocols > Channels page in the Administration Console.

 

Reserved Names

• WebLogic Server uses the internal channel names .WLDefaultChannel and .WLDefaultAdminChannel and reserves the .WL prefix for channel names. do not begin the name of a custom channel with the string .WL.

 

Channels, Proxy Servers, and Firewalls

If your configuration includes a firewall between a proxy Web server and a cluster, and the clustered servers are configured with two custom channels for segregating HTTPS and HTTP traffic, those channels must share the same listen address. Furthermore if both HTTP and HTTPS traffic needs to be supported there must be a custom channel for each—it is not possible to use the default configuration for one or the other.

If either of those channels has a PublicAddress defined, as is likely given existence of firewall both channels must define PublicAddress, and they both must define the same PublicAddress.

 

Configuring Network Channels For a Cluster

 

Create the Cluster

If you have not already configured a cluster you can:

• Use the Configuration Wizard to create a new, clustered domain
• Use the Administration Console to create a cluster in an existing domain

 

Create and Assign the Network Channel

Use the instructions in Configuring a Network Channel in Administration Console Online Help to create a new network channel for each Managed Server in the cluster. When creating the new channels:

• For each channel you want to use in the cluster, configure the channel identically, including its name, on each Managed Server in the cluster.

• Make sure that the listen port and SSL listen port you define for each Managed Server's channel are different than the Managed Server's default listen ports. If the custom channel specifies the same port as a Managed Server's default port, the custom channel and the Managed Server's default channel will each try to bind to the same port, and you will be unable to start the Managed Server.

• If a cluster address has been explicitly configured for the cluster, it will be appear in the Cluster Address field on...

  Server | Protocols | Channels | Configuration

  If you are using dynamic cluster addressing, the cluster address field will be empty, and you do not need to supply a cluster address.

  If you want to use dynamic cluster addressing, do not supply a cluster address on the Server > Protocols > Channels > Configuration page. If you supply a cluster address explicitly, that value will take precedence and WebLogic Server will not generate the cluster address dynamically.

 

Configuring a Replication Channel

A replication channel is a network channel that is designated to transfer replication information between clusters. If a replication channel is not explicitly defined, WebLogic Server uses a default network channel to communicate replication information.

When WebLogic Server uses a default network channel as the replication channel, it does not use SSL encryption by default. You must enable SSL encryption using the secureReplicationEnabled attribute of the ClusterMBean. You can also update this setting from the Administration Console.

Enabling SSL encryption can have a direct impact on clustered application throughput as session replication is blocking by design. in other words, no response is sent to the client until replication is completed. You should consider this when deciding to enable SSL on the replication channel.

If a replication channel is explicitly define, the channel's protocol is used to transmit replication traffic.

 

Increase Packet Size When Using Many Channels

Use of more than about twenty channels in a cluster can result in the formation of multicast header transmissions that exceed the default maximum packet size. The MTUSize attribute in the Server element of config.xml sets the maximum size for packets sent using the associated network card to 1500. Sending packets that exceed the value of MTUSize can result in a java.lang.NegativeArraySizeException. You can avoid exceptions that result from packet sizes in excess of MTUSize by increasing the value of MTUSize from its default value of 1500.

 

---

Assigning a Custom Channel to an EJB

You can assign a custom channel to an EJB. After you configure a custom channel, assign it to an EJB using the network-access-point element in weblogic-ejb-jar.xml.