What is it?Today I was asked to provide a resilient solution for a Point-to-Point system using the FasterPayments Service. I have to admit that my knowledge of FasterPayments was limited to begin with but a quick Google search revealed that it is none other that ISO8583 -
http://en.wikipedia.org/wiki/ISO_8583 - and, the more I read, the more I realised this is BIG!
From the WikiPedia article referenced above, "
The vast majority of transactions made at Automated Teller Machines use ISO 8583 at some point in the communication chain, as do transactions made when a customer uses a card to make a payment in a store. In particular, both the MasterCard and Visa networks base their authorization communications on the ISO 8583 standard, as do many other institutions and networks".Two quick thoughts: 1) this is obviously quite important, 2) there must be a lot of organisations wanting to ensure the maximum uptime of services utilising ISO8583.
What do we knowISO8583 messages:
1) Run over TCP/IP.
2) Work on a Request/Response message acknowledgment system
3) Have very short payloads: 1 packet = 1 message.
4) Use a bit value to identify what message type!!
The fourth point is what we can use to implement some service resilience.
Delivering a resilient solution requires knowledge of the application/service being delivered. ASCII-based protocols like HTTP and SMTP are simple for different reasons: a) most Application Delivery solutions have interpreters for HTTP, b) if you don't have an SMTP Interpreter, its text-based messaging.... a packet trace will reveal all.
In the case of ISO8583, its much more efficient and uses a numeric value to identify the message type instead of the Human readable format used by HTTP. Some examples:
Example 1: ASCII-based message: Try the following commands (NOTE: Press return twice after the 'GET' command):
telnet www.google.com 80
GET / HTTP/1.0
As you will see from this example, you can communicate with the Web Server in the same way that your web browser does. Telnet creates a TCP/IP Socket to the Web Server on TCP Port 80 and then the String "GET / HTTP/1.0" returns a valid HTTP Response.
The customer that raised the query has a number of F5 LTM's (Local Traffic Manager) installed. Adding resilience to their Credit Card transaction service is a matter of making the LTM aware of the service. This calls for a ISO8583 Service Monitor. This monitor will send a properly formatted ISO8583 'Echo Test' message and verify that it receives a properly formatted Echo Response.:
1) How to talk ISO8583:Unfortunately, you can't just open up a TCP socket and enter a String like a HTTP monitor does. ISO8583 has its own set of special requirements. Fortunately, there is a python library for generating ISO8583 formatted messages which can be found here: http://code.google.com/p/iso8583py/
many thanks "
igorvc"
uncomress files to /var/tmp
cd /var/tmp/ISO8583 Module-1.1/
python setup.py build
mount -o rw,remount /usr
python setup.py install
mount -o ro,remount /usr
2) Provide your Big-IP the tools to construct an ISO8583 'echo' message:a) install a python script onto your Big-IP in the /config/monitors/ directory named mon_ISO8583.py and with the contents (Thanks again "
igorvc"):
"""
(C) Copyright 2009 Igor V. Custodio
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
"""
from ISO8583.ISO8583 import ISO8583
from ISO8583.ISOErrors import *
import socket
import sys
import time
# Configure the client
serverIP6 = sys.argv[1]
serverIP4 = serverIP6.lstrip("::ffff:")
serverPort = sys.argv[2]
numberEcho = 1
timeBetweenEcho = 0 # in seconds
bigEndian = True
#bigEndian = False
s = None
for res in socket.getaddrinfo(serverIP, serverPort, socket.AF_UNSPEC, socket.SOCK_STREAM):
af, socktype, proto, canonname, sa = res
try:
s = socket.socket(af, socktype, proto)
except socket.error, msg:
s = None
continue
try:
s.connect(sa)
except socket.error, msg:
s.close()
s = None
continue
break
if s is None:
print 'Could not connect :('
sys.exit(1)
for req in range(0,numberEcho):
iso = ISO8583()
iso.setMTI('0800')
iso.setBit(3,'300000')
iso.setBit(24,'045')
iso.setBit(41,'11111111')
iso.setBit(42,'222222222222222')
iso.setBit(63,'This is a Test Message')
if bigEndian:
try:
message = iso.getNetworkISO()
s.send(message)
print 'Sending ... %s' % message
ans = s.recv(2048)
print "\nInput ASCII |%s|" % ans
isoAns = ISO8583()
isoAns.setNetworkISO(ans)
v1 = isoAns.getBitsAndValues()
for v in v1:
print 'Bit %s of type %s with value = %s' % (v['bit'],v['type'],v['value'])
if isoAns.getMTI() == '0810':
print "OK"
else:
print "ERR"
except InvalidIso8583, ii:
print ii
break
time.sleep(timeBetweenEcho)
else:
try:
message = iso.getNetworkISO(False)
s.send(message)
print 'Sending ... %s' % message
ans = s.recv(2048)
print "\nInput ASCII |%s|" % ans
isoAns = ISO8583()
isoAns.setNetworkISO(ans,False)
v1 = isoAns.getBitsAndValues()
for v in v1:
print 'Bit %s of type %s with value = %s' % (v['bit'],v['type'],v['value'])
if isoAns.getMTI() == '0810':
print "\tThat's great !!! The server understand my message !!!"
else:
print "The server dosen't understand my message!"
except InvalidIso8583, ii:
print ii
break
time.sleep(timeBetweenEcho)
print 'Closing...'
s.close()
b) Now, create a wrapper (LTM can't call python directly) called mon_ISO8583.sh with the contents:
#!/bin/sh
/usr/bin/python /config/monitors/mon_ISO8583.py ${1} ${2} | grep -i "OK" > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo "UP"
fi
c) Setup permissions
Now we setup the permissions by executing:
chmod 700 /config/monitors/mon_ISO8583.py
chmod 700 /config/monitors/mon_ISO8583.sh
3) Testing CommsExecute: /config/monitors/mon_ISO8583.sh
ipAddress tcpPort <-- sub IP and Port with real values
You should receive "UP".
If you didn't receive "UP", you can get a lot more detail which might help in debugging by executing the pything script itself:
/usr/bin/python /config/monitors/mon_ISO8583.py
ipAddress tcpPort <-- sub with real Addr/Port
One you have got this up and working you are ready to add the monitor to a Pool!!
4) Adding the monitor to a pool:In your v10 Big-IP GUI, create a monitor of type 'external' and call it mon_ISO8583.
In the field 'External Program' enter:
mon_ISO8583.sh
Apply the monitor to your pool. Your pool should now turn Green.
You now have a solution that validates the ISO8583 service is operating and responding to messages ensuring that the customer transaction can be fulfilled. This solution goes above and beyond TCP Port checking systems which can reveal false positives.
