ADC

MQTT support for responder

September 14, 2021

Contributed by:

The Responder feature supports the MQTT protocol. You can configure responder policies to take an action based on the parameters in the incoming MQTT message.

The action responds with any of the following to a new connection:

DROP
RESET
NOOP
A responder action to initiate a new MQTT CONNACK response.

Configuring responder policies for MQTT

After enabling the responder feature, you must configure one or more actions for handling MQTT requests. Then, configure a responder policy. You can bind the responder policies globally, or to a specific load balancing virtual server or content switching virtual server.

The following bind points are available to bind the responder policies globally:

MQTT_REQ_DEFAULT
MQTT_REQ_OVERRIDE
MQTT_JUMBO_REQ_DEFAULT
MQTT_JUMBO_REQ_OVERRIDE

The following bind points are available to bind the responder policies to a content switching or load balancing virtual server:

REQUEST
MQTT_JUMBO_REQ (this bind point is used only for Jumbo packets)

To configure the responder to respond to an MQTT request by using CLI

At the command prompt, type the following commands:

Configure a responder action.

add responder action <actName> <actType>
<!--NeedCopy-->

For actname, substitute a name for your new action. The name can be 1–127 characters in length, and can contain letters, numbers, hyphen (-), and underscore (_) symbols.
For actType, substitute a responder action type, respondwith.

Example:

add responder action mqtt_connack_unsup_ver respondwith MQTT.NEW_CONNACK(132)
<!--NeedCopy-->

Configure a responder policy. The Citrix ADC appliance responds to the MQTT requests that are selected by this responder policy.

add responder policy <polName> <rule> <actname>
<!--NeedCopy-->

For polname, substitute a name for your new policy.
For actname, substitute the name of the action that you created.

Example:

add responder policy reject_lower_version "MQTT.HEADER.COMMAND.EQ(CONNECT) && MQTT.VERSION.LT(3)" mqtt_connack_unsup_ver
<!--NeedCopy-->

Bind the responder policy to a specific load balancing virtual server or content switching virtual server. The policy applies only to the MQTT requests whose destination IP address is the VIP of that virtual server.

bind lb vserver <name> -policyName <policy_name> -priority <priority>

bind cs vserver <name> -policyName <policy_name> -priority <priority>
<!--NeedCopy-->

For policy_name, substitute the name of the policy that you have created.
For priority, specify the priority of the policy.

Example:

bind lb vserver lb1 -policyName reject_lower_version -priority 50

bind cs vserver mqtt_frontend_cs -policyName reject_lower_version -priority 5
<!--NeedCopy-->

Use case1: Filter clients based on the user name or client ID

The administrator can configure an MQTT responder policy to reject the connection based on the user name or client ID in the MQTT CONNECT message.

Sample configuration for filtering clients based on the client ID

add policy patset filter_clients
bind policy patset filter_clients client1

add responder action mqtt_connack_invalid_client respondwith MQTT.NEW_CONNACK(2)

add responder policy reject_clients "MQTT.HEADER.COMMAND.EQ(CONNECT) && mqtt.connect.clientid.equals_any(\"filter_clients\")" mqtt_connack_invalid_client

bind cs vserver mqtt_frontend_cs -policyName reject_clients -priority 5
<!--NeedCopy-->

Use case2: Limit the maximum message length of MQTT messages to handle jumbo packets

The administrator can configure an MQTT responder policy to drop the client connection if the length of the message exceeds a certain threshold, or take necessary action based on the requirement.

To handle jumbo packets, the responder policies with any of the following rule patterns are bound to the jumbo bind point:

MQTT.MESSAGE_LENGTH
MQTT.COMMAND
MQTT.FROM_CLIENT
MQTT.FROM_SERVER

Policies bound to jumbo bind points are evaluated only for jumbo packets.

Sample configuration for limiting the maximum message length of MQTT messages

set lb parameter -dropmqttjumbomessage no

add responder policy drop_large_message MQTT.MESSAGE_LENGTH.GT(100000) reset

bind cs vserver mqtt_frontend_cs -policyName drop_large_message -priority 10
<!--NeedCopy-->

In this example, the dropmqttjumbomessage parameter is set to NO. Therefore, the ADC appliance processes the messages with length greater than 64,000 bytes and less than 1,00,000 bytes. The messages with length greater than 1,00,000 bytes are reset.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

MQTT support for responder

September 14, 2021

Contributed by:

September 14, 2021

Contributed by:

MQTT support for responder

Configuring responder policies for MQTT

To configure the responder to respond to an MQTT request by using CLI

Use case1: Filter clients based on the user name or client ID

Sample configuration for filtering clients based on the client ID

Use case2: Limit the maximum message length of MQTT messages to handle jumbo packets

Sample configuration for limiting the maximum message length of MQTT messages

In this article