Why is the Azure Service Bus not influenced by firewalls and proxies?

StackOverflow https://stackoverflow.com/questions/9483428

  •  13-11-2019
  •  | 
  •  

Question

I'm wondering why the Windows Azure Service Bus works through NATs, firewalls, proxies. Microsoft mentions this fact often but they do not mentioned why this works.

I think each participant initiates connections, ok, but this isn't enough. Do they "misuse" some open ports, 80?

Thanks

Was it helpful?

Solution

without running Wireshark to be able to tell for sure, my guess be because the client (behind a nat/firewall) initiates connection and keeps calling server (always open) for more information.

let's explain more: as tis works slightly differently in windows sockets (and other socket systems for that matter):

  1. client (C) initiates connection to the server (S) on port 80

  2. server then responds to client: too many calls on 80, let's move the connection to next free socket at port 90000 + rnd() = 90001

  3. Client socket manager counts unused sockets on client, and say finds C:90012 port

  4. client calls server at S:90001 and the proper connection is initiated between C:90012 and S:90001

  5. This is what's gonna be written into nat table on a nat/firewall box and gonna allow communication between C <-> S

OTHER TIPS

The Service Bus will try to use 9350 - 9353 port for TCP connection, if possible, for better performance. If failed it will try to use 80 and 443. Since in most cases firewall doesn't block 80 and 443, your local service can connect to the sb://xxxx/ over 80/443 without any changes on your firewall. Then if a client invoked your service it will firstly hit sb://xxxx/ , then the Service Bus will forward the request to your machine over 80/443, and then you send the reply back to Service Bus and it will forward the reply back to the client.

That's service remoting mode. Similar steps if you are using the eventing mode.

Simply because each connection is in outbound and the Service Bus act as a "forwarder".

Under many configurations, it does indeed just use 80 (http) and 443 (https), as shown here. However, it looks like it also sometimes uses 9350, 9351, 9352 and 9353 - so for some scenarios you might need to open those up.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top