You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by jr...@apache.org on 2018/06/26 21:40:59 UTC
[05/11] qpid-dispatch git commit: DISPATCH-851: Move the new book
into primary position and reorg the docs
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/console_overview.png
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/console_overview.png b/docs/books/old-user-guide/console_overview.png
new file mode 100644
index 0000000..af25f36
Binary files /dev/null and b/docs/books/old-user-guide/console_overview.png differ
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/console_schema.png
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/console_schema.png b/docs/books/old-user-guide/console_schema.png
new file mode 100644
index 0000000..ba56c7b
Binary files /dev/null and b/docs/books/old-user-guide/console_schema.png differ
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/console_topology.png
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/console_topology.png b/docs/books/old-user-guide/console_topology.png
new file mode 100644
index 0000000..ae4b22a
Binary files /dev/null and b/docs/books/old-user-guide/console_topology.png differ
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/default_config.adoc
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/default_config.adoc b/docs/books/old-user-guide/default_config.adoc
new file mode 100644
index 0000000..b0122be
--- /dev/null
+++ b/docs/books/old-user-guide/default_config.adoc
@@ -0,0 +1,35 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+[[configuration]]
+Configuration
+-------------
+
+The default configuration file is installed in
+'{CMAKE_INSTALL_PREFIX}/etc/qpid-dispatch/qdrouterd.conf'. This configuration file will
+cause the router to run in standalone mode, listening on the standard
+AMQP port (5672). Dispatch Router looks for the configuration file in
+the installed location by default. If you wish to use a different path,
+the "-c" command line option will instruct Dispatch Router as to which
+configuration to load.
+
+To run the router, invoke the executable: `qdrouterd [-c my-config-file]`
+
+For more details of the configuration file see the 'qdrouterd.conf(5)' man
+page.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/introduction.adoc
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/introduction.adoc b/docs/books/old-user-guide/introduction.adoc
new file mode 100644
index 0000000..8a67bc9
--- /dev/null
+++ b/docs/books/old-user-guide/introduction.adoc
@@ -0,0 +1,128 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+[[introduction]]
+Introduction
+------------
+
+[[overview]]
+Overview
+~~~~~~~~
+
+The Dispatch router is an AMQP message router that provides
+advanced interconnect capabilities. It allows flexible routing of
+messages between any AMQP-enabled endpoints, whether they be clients,
+servers, brokers or any other entity that can send or receive standard
+AMQP messages.
+
+A messaging client can make a single AMQP connection into a messaging
+bus built of Dispatch routers and, over that connection, exchange
+messages with one or more message brokers, and at the same time exchange
+messages directly with other endpoints without involving a broker at
+all.
+
+The router is an intermediary for messages but it is _not_ a broker. It
+does not _take responsibility for_ messages. It will, however, propagate
+settlement and disposition across a network such that delivery
+guarantees are met. In other words: the router network will deliver the
+message, possibly via several intermediate routers, _and_ it will route
+the acknowledgement of that message by the ultimate receiver back across
+the same path. This means that _responsibility_ for the message is
+transfered from the original sender to the ultimate receiver __as if
+they were directly connected__. However this is done via a flexible
+network that allows highly configurable routing of the message
+transparent to both sender and receiver.
+
+There are some patterns where this enables "brokerless messaging"
+approaches that are preferable to brokered approaches. In other cases a
+broker is essential (in particular where you need the separation of
+responsibility and/or the buffering provided by store-and-forward) but a
+dispatch network can still be useful to tie brokers and clients together
+into patterns that are difficult with a single broker.
+
+For a "brokerless" example, consider the common brokered implementation
+of the request-response pattern, a client puts a request on a queue and
+then waits for a reply on another queue. In this case the broker can be
+a hindrance - the client may want to know immediatly if there is nobody
+to serve the request, but typically it can only wait for a timeout to
+discover this. With a dispatch network, the client can be informed
+immediately if its message cannot be delivered because nobody is
+listening. When the client receives acknowledgement of the request it
+knows not just that it is sitting on a queue, but that it has actually
+been received by the server.
+
+For an exampe of using dispatch to enhance the use of brokers, consider
+using an array of brokers to implement a scalable distributed work
+queue. A dispatch network can make this appear as a single queue, with
+senders publishing to a single address and receivers subscribing to a
+single address. The dispatch network can distribute work to any broker
+in the array and collect work from any broker for any receiver. Brokers
+can be shut down or added without affecting clients. This elegantly
+solves the common difficulty of "stuck messages" when implementing this
+pattern with brokers alone. If a receiver is connected to a broker that
+has no messages, but there are messages on another broker, you have to
+somehow transfer them or leave them "stuck". With a dispatch network,
+_all_ the receivers are connected to _all_ the brokers. If there is a
+message anywhere it can be delivered to any receiver.
+
+The router is meant to be deployed in topologies of multiple routers,
+preferably with redundant paths. It uses link-state routing protocols
+and algorithms (similar to OSPF or IS-IS from the networking world) to
+calculate the best path from every point to every other point and to
+recover quickly from failures. It does not need to use clustering for
+high availability; rather, it relies on redundant paths to provide
+continued connectivity in the face of system or network failure. Because
+it never takes responsibility for messages it is effectively stateless.
+Messages not delivered to their final destination will not be
+acknowledged to the sender and therefore the sender can re-send such
+messages if it is disconnected from the network.
+
+[[benefits]]
+Benefits
+~~~~~~~~
+
+Simplifies connectivity
+
+* An endpoint can do all of its messaging through a single transport
+connection
+* Avoid opening holes in firewalls for incoming connections
+
+Provides messaging connectivity where there is no TCP/IP connectivity
+
+* A server or broker can be in a private IP network (behind a NAT
+firewall) and be accessible by messaging endpoints in other networks
+(learn more).
+
+Simplifies reliability
+
+* Reliability and availability are provided using redundant topology,
+not server clustering
+* Reliable end-to-end messaging without persistent stores
+* Use a message broker only when you need store-and-forward semantics
+
+[[features]]
+Features
+~~~~~~~~
+
+* Can be deployed stand-alone or in a network of routers
+** Supports arbitrary network topology - no restrictions on redundancy
++
+- Automatic route computation - adjusts quickly to changes in topology
+* Provides remote access to brokers or other AMQP servers
+* Security
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/link_routing.adoc
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/link_routing.adoc b/docs/books/old-user-guide/link_routing.adoc
new file mode 100644
index 0000000..bc52230
--- /dev/null
+++ b/docs/books/old-user-guide/link_routing.adoc
@@ -0,0 +1,166 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+[[link-routing]]
+Link Routing
+------------
+
+This feature was introduced in Qpid Dispatch 0.4. This feature was
+significantly updated in Qpid Dispatch 0.6.
+
+Link-routing is an alternative strategy for routing messages across a
+network of routers. With the existing message-routing strategy, each
+router makes a routing decision on a per-message basis when the message
+is delivered. Link-routing is different because it makes routing
+decisions when link-attach frames arrive. A link is effectively chained
+across the network of routers from the establishing node to the
+destination node. Once the link is established, the transfer of message
+deliveries, flow frames, and dispositions is performed across the routed
+link.
+
+The main benefit to link-routing is that endpoints can use the full link
+protocol to interact with other endpoints in far-flung parts of the
+network. For example, a client can establish a receiver across the
+network to a queue on a remote broker and use link credit to control
+the flow of messages from the broker. Similarly, a receiver can
+establish a link to a topic on a remote broker using a server-side
+filter.
+
+Why would one want to do this? One reason is to provide client
+isolation. A network like the following can be deployed:
+
+----
+
+ Public Network
+ +-----------------+
+ | +-----+ |
+ | B1 | Rp | |
+ | +/--\-+ |
+ | / \ |
+ | / \ |
+ +----/--------\---+
+ / \
+ / \
+ / \
+ Private Net A / \ Private Net B
+ +--------------/--+ +---\-------------+
+ | +---/-+ | | +--\--+ |
+ | B2 | Ra | | | | Rb | C1 |
+ | +-----+ | | +-----+ |
+ | | | |
+ | | | |
+ +-----------------+ +-----------------+
+----
+
+The clients in Private Net B can be constrained (by firewall policy)
+to only connect to the Router in their own network. Using
+link-routing, these clients can access queues, topics, and other AMQP
+services that are in the Public Network or even in Private Net A.
+
+For example, The router Ra can be configured to expose queues in
+broker B2 to the network. Client C1 can then establish a connection
+to Rb, the local router, open a subscribing link to "b2.event-queue",
+and receive messages stored on that queue in broker B2.
+
+C1 is unable to create a TCP/IP connection to B1 because of its
+isolation (and because B2 is itself in a private network). However, with
+link routing, C1 can interact with B2 using the AMQP link protocol.
+
+Note that in this case, neither C1 nor B2 have been modified in any way
+and neither need be aware of the fact that there is a message-router
+network between them.
+
+[[link-routing-configuration]]
+Configuration
+~~~~~~~~~~~~~
+
+Starting with the configured topology shown above, how is link-routing
+configured to support the example described above?
+
+First, router Ra needs to be told how to make a connection to the broker
+B2:
+
+------------------------------
+connector {
+ name: broker
+ role: route-container
+ host: <B2-url>
+ port: <B2-port>
+ saslMechanisms: ANONYMOUS
+}
+------------------------------
+
+This _route-container_ connector tells the router how to connect to an
+external AMQP container when it is needed. The name "broker" will be
+used later to refer to this connection.
+
+Now, the router must be configured to route certain addresses to B2:
+
+----------------------
+linkRoute {
+ prefix: b2
+ direction: in
+ connection: broker
+}
+
+linkRoute {
+ prefix: b2
+ direction: out
+ connection: broker
+}
+----------------------
+
+The linkRoute tells router Ra that any sender or receiver that is
+attached with a target or source (respectively) whos address begins with
+"b2", should be routed to the broker B2 (via the route-container
+connector).
+
+Note that receiving and sending links are configured and routed
+separately. This allows configuration of link routes for listeners only
+or senders only. A direction of "in" matches client senders (i.e. links
+that carry messages inbound to the router network). Direction "out"
+matches client receivers.
+
+Examples of addresses that "begin with 'b2'" include:
+
+ * b2
+ * b2.queues
+ * b2.queues.app1
+
+When the route-container connector is configured, router Ra establishes
+a connection to the broker. Once the connection is open, Ra tells the
+other routers (Rp and Rb) that it is a valid destination for link-routes
+to the "b2" prefix. This means that sender or receiver links attached to
+Rb or Rp will be routed via the shortest path to Ra where they are then
+routed outbound to the broker B2.
+
+On Rp and Rb, it is advisable to add the identical configuration. It is
+permissible for a linkRoute configuration to reference a connection that
+does not exist.
+
+This configuration tells the routers that link-routing is intended to be
+available for targets and sources starting with "b2". This is important
+because it is possible that B2 might be unavailable or shut off. If B2
+is unreachable, Ra will not advertize itself as a destination for "b2"
+and the other routers might never know that "b2" was intended for
+link-routing.
+
+The above configuration allows Rb and Rp to reject attaches that should
+be routed to B2 with an error message that indicates that there is no
+route available to the destination.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/policy.adoc
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/policy.adoc b/docs/books/old-user-guide/policy.adoc
new file mode 100644
index 0000000..a4eb99b
--- /dev/null
+++ b/docs/books/old-user-guide/policy.adoc
@@ -0,0 +1,456 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+[id='policy']
+= Policy
+
+The Policy module is an optional authorization mechanism enforcing
+user connection restrictions and AMQP resource access control.
+
+Policy is assigned when a connection is created. The connection
+properties *AMQP virtual host*, *authenticated user name*, and *connection
+remote host* are passed to the policy engine for a connection
+allow/deny decision. If the connection is allowed then the user is
+assigned to a group that names a set of AMQP resource limits that are
+enforced for the lifetime of the connection.
+
+[NOTE]
+====
+Policy limits are applied only to incoming user network connections.
+Policy limits are not applied to interrouter connections nor are they
+applied to router connections outbound to waypoints.
+====
+
+== Definitions
+
+=== vhost
+
+A _vhost_ is typically the name of the host to which the client AMQP
+connection is directed. For example, suppose a client application opens
+connection URL:
+
+[options="nowrap"]
+----
+amqp://bigbroker.example.com:5672/favorite_subject
+----
+
+The client will signal virtual host name _bigbroker.example.com_ to
+the router during AMQP connection startup. Router Policy intercepts
+the virtual host _bigbroker.example.com_ and applies a vhost policy
+with that name to the connection.
+
+== Policy Features
+
+=== Total Connection Limit
+
+A router may be configured with a total connection limit. This limit
+controls the maximum number of simultaneous incoming user connections
+that are allowed at any time. It protects the router from file
+descriptor resource exhaustion in the face of many incoming client
+connections. This limit is specified and enforced independently of
+any other Policy settings.
+
+=== Vhost Policy
+
+Vhost policy defines users and assigns them to user groups. Each
+user group defines the remote hosts from which the members may connect
+to the router network, and what resources in the router network the
+group members are allowed to access.
+
+Vhost policy also defines connection count limits to control the
+number of users that may be simultaneously connected to the vhost.
+
+[NOTE]
+====
+A vhost user may be assigned to one user group only.
+====
+
+=== Default Vhost
+
+A default vhost may be defined. The default vhost policy is used for
+connections whose vhost is otherwise not defined in the policy database.
+
+xref:example2[Example 2] illustrates how the default vhost feature can
+be used to apply a single vhost policy set of restrictions to any
+number of vhost connections.
+
+=== Vhost Patterns
+
+Policy vhost names may be interpreted as literal host names or
+as host name patterns. Vhost name patterns are a convenience
+for letting a single policy rule cover a wide range of vhosts.
+
+Host name patterns consist of a series of host and domain name
+labels and one or more tokens all concatenated with periods or dots.
+A token can be one of the following:
+
+[options="header"]
+|====
+| Token character | Match rule
+| asterisk * | matches a single hostname label
+| hash # | matches zero or more hostname labels
+|====
+
+Some simple examples show how given policy name patterns match
+incoming connection vhost names.
+
+[options="header"]
+|====
+| Policy pattern | Connection vhost | Policy match
+| *.example.com | example.com | no
+| *.example.com | www.example.com | yes
+| *.example.com | srv2.www.example.com | no
+| #.example.com | example.com | yes
+| #.example.com | www.example.com | yes
+| #.example.com | a.b.c.d.example.com | yes
+| #.example.com | bighost.com | no
+| www.*.test.example.com | www.test.example.com | no
+| www.*.test.example.com | www.a.test.example.com | yes
+| www.*.test.example.com | www.a.b.c.test.example.com | no
+| www.#.test.example.com | www.test.example.com | yes
+| www.#.test.example.com | www.a.test.example.com | yes
+| www.#.test.example.com | www.a.b.c.test.example.com | yes
+|====
+
+Pattern matching applies the following precedence rules.
+
+[options="header"]
+|====
+| Policy pattern | Precedence
+| exact match | high
+| asterisk * | medium
+| hash # | low
+|====
+
+Policy vhost name patterns are optimised before they are used
+in connection vhost name matching. As a result of this
+optimisation the names stored for pattern match lookups are
+not necessarily the same as the patterns specified in the
+vhost policy hostname. The policy agent disallows vhost
+name patterns that reduce to the same pattern as an existing name
+pattern. For instance, name pattern _pass:[#.#.#.#.com]_ is reduced to _pass:[#.com]_.
+Attempts to create a vhost name pattern whose optimised
+name conflicts with an existing optimised name will be denied.
+
+== Policy Schema
+
+Policy configuration is specified in two schema objects.
+
+[options="nowrap"]
+----
+policy = {
+ <global settings>
+}
+
+vhost = {
+ id: vhost-name
+ <connection limits>
+ groups: {
+ group-name: {
+ <user group settings>
+ }
+ }
+}
+----
+
+The _policy_ object is a singleton. Multiple _vhost_ objects may be
+created as needed.
+
+=== Global Policy
+
+[options="header", cols="35,15,50"]
+|====
+| attribute | default | description
+| maxConnections | 65535 | Global maximum number of concurrent client connections allowed. This limit is always enforced even if no other policy settings have been defined. This limit is applied to all incoming connections regardless of remote host, authenticated user, or targeted vhost.
+| enableVhostPolicy | false | Enable vhost policy connection denial, and resource limit enforcement.
+| policyDir | "" | Absolute path to a directory that holds vhost definition .json files. All vhost definitions in all .json files in this directory are processed.
+| defaultVhost | "$default" | Vhost rule set name to use for connections with a vhost that is otherwise not defined. Default vhost processing may be disabled either by erasing the definition of _defaultVhost_ or by not defining a _vhost_ object named _$default_.
+| enableVhostNamePatterns | false | Enable vhost name patterns. When false vhost hostnames are treated as literal strings. When true vhost hostnames are treated as match patterns.
+|====
+
+=== Vhost Policy
+
+[options="header", cols="35,15,50"]
+|====
+| attribute | default | description
+| id | | Vhost name must be unique.
+| maxConnections | 65535 | Maximum number of concurrent client connections allowed.
+| maxConnectionsPerUser | 65535 | Maximum number of concurrent client connections allowed for any user.
+| maxConnectionsPerRemoteHost | 65535 | Maximum number of concurrent client connections allowed for any remote host.
+| allowUnknownUser | false | Allow unknown users who are not members of a defined user group. Unknown users are assigned to the '$default' user group and receive '$default' settings.
+| groups | | A map where each key is a user group name and the value is a Vhost User Group Settings map.
+|====
+
+=== Vhost User Group Settings Map
+
+This object is the data value contained in entries in the policy/groups map.
+
+[options="header", cols="35,15,50"]
+|====
+| Section/Attribute | default | description
+| *Group Membership* | |
+| users | "" | Comma separated list of authenticated users in this group.
+| *Connection Restrictions* | |
+| remoteHosts | "" | List of remote hosts from which the users may connect. List values may be host names, numeric IP addresses, numeric IP address ranges, or the wildcard '*'. An empty list denies all access.
+| *AMQP Connection Open Limits* | |
+| maxFrameSize | 2^31-1 | Largest frame that may be sent on this connection. (AMQP Open, max-frame-size)
+| maxSessions | 65535 | Maximum number of sessions that may be created on this connection. (AMQP Open, channel-max)
+| *AMQP Session Begin Limits* | |
+| maxSessionWindow | 2^31-1 |Incoming capacity for new sessions measured in octets. AMQP Begin, incoming-window measured in AMQP frames is calculated by (maxSessionWindow / maxFrameSize). (AMQP Begin, incoming-window)
+| *AMQP Link Attach* | |
+| maxMessageSize | 0 | Largest message size supported by links created on this connection. If this field is zero there is no maximum size imposed by the link endpoint. (AMQP Attach, max-message-size)
+| maxSenders | 2^31-1 | Maximum number of sending links that may be created on this connection.
+| maxReceivers | 2^31-1 | Maximum number of receiving links that may be created on this connection.
+| allowDynamicSource | false | This connection is allowed to create receiving links using the Dynamic Link Source feature.
+| allowAnonymousSender | false | This connection is allowed to create sending links using the Anonymous Sender feature.
+| allowUserIdProxy | false | This connection is allowed to send messages with a user_id property that differs from the connection's authenticated user id.
+| sources | "" | List of Source addresses allowed when creating receiving links. This list may be expressed as a CSV string or as a list of strings. An empty list denies all access.
+| targets | "" | List of Target addresses allowed when creating sending links. This list may be expressed as a CSV string or as a list of strings. An empty list denies all access.
+| sourcePattern | "" | List of Source address patterns allowed when creating receiving links. This list must be expressed as a CSV string. An empty string denies all access.
+| targetPattern | "" | List of Target address patterns allowed when creating sending links. This list must be expressed as a CSV string. An empty string denies all access.
+|====
+
+== Policy Wildcard and User Name Substitution
+
+Policy provides several conventions to make writing rules easier.
+
+=== Remote Host Wildcard
+
+Remote host rules may consist of a single asterisk character to
+specify all hosts.
+
+[options="nowrap"]
+----
+ remoteHosts: *
+----
+
+The asterisk must stand alone and cannot be appended to a host name
+or to an IP address fragment.
+
+=== AMQP Source and Target User Name Substitution
+
+The rule definitions for `sources`, `targets`, `sourcePattern`, and
+`targetPattern` may include the username
+substitution token
+
+[options="nowrap"]
+----
+ ${user}
+----
+
+The username substitution token is replaced with the authenticated user name for
+the connection. Using this token, an administrator may allow access to
+some resources specific to each user without having to name each user
+individually. This token is substituted once for the leftmost
+occurrence in the link name.
+
+=== AMQP Source and Target Link Name Match Wildcard
+
+The rule definitions for `sources` and `targets` may contain a trailing
+asterisk character.
+The asterisk is recognized only if it is the last character in the
+link name.
+
+[options="nowrap"]
+----
+ sources: tmp_${user}, temp*, ${user}-home-*
+----
+
+The rule definitions for `sourcePattern` and `targetPattern` use the same
+patterns defined for router addresses and link routes. The patterns consist of one or more
+tokens separated by a forward slash /. A token can be one of the following:
+a * character, a # character, or a sequence of characters that do not
+include /, *, or #. The * token matches any single token. The # token
+matches zero or more tokens.
+
+The user name substitution token may be used in a sourcePattern or in a
+targetPattern subject to the following restrictions:
+
+* The user name substitution token must be the first or last token in the rule clause.
+* The user name substitution token must stand alone within its delimited field.
+ It may not be concatenated with literal text prefixes or suffixes.
+
+For each rule definition multiple patterns may be specified in a comma
+separated list.
+
+[options="nowrap"]
+----
+ sourcePattern: tmp.${user}, temp/#, ${user}.home/*
+----
+
+[NOTE]
+====
+A rule definition may contain `sources` or `sourcePattern` but not both.
+A rule definition may contain `targets` or `targetPattern` but not both.
+====
+
+
+
+== Composing Policies
+
+This section shows policy examples designed to illustrate some common use cases.
+
+=== Example 1. User Policy Disabled
+
+Policy is disabled when no policy configuation objects are defined.
+Any number of connections are allowed and all users have
+access to all AMQP resources in the network.
+
+[id='example2']
+=== Example 2. All Users Have Simple Connection Limits
+
+This example shows how to keep users from overwhelming the router with
+connections. Any user can create up to ten connections and the router
+will limit the aggregated user connection count to 100 connections
+total. No other restrictions apply.
+
+This example also shows how to use a default vhost policy effectively.
+Only one vhost policy is defined and all user connections regardless
+of the requested vhost use that policy.
+
+[options="nowrap"]
+----
+policy {
+ maxConnections: 100 <1>
+}
+
+vhost {
+ name: $default <2>
+ maxConnectionsPerUser: 10 <3>
+ allowUnknownUser: true <4>
+ groups: {
+ $default: {
+ remoteHosts: * <5>
+ sources: * <6>
+ targets: * <6>
+ }
+ }
+}
+----
+
+<1> The global maxConnections limit of 100 is enforced.
+<2> No normal vhost names are defined; user is assigned to default vhost '$default'.
+<3> The vhost maxConnectionsPerUser limit of 10 is enforced.
+<4> No groups are defined to have any users but allowUnknownUser is true so all users are assigned to group $default.
+<5> The user is allowed to connect from any remote host.
+<6> The user is allowed to connect to any source or target in the AMQP network. Router system-wide values are used for the other AMQP settings that are unspecified in the vhost rules.
+
+=== Example 3. Admins Must Connect From Localhost
+
+This example shows how an admin group may be created and restricted
+to accessing a vhost only from localhost. The admin users are allowed
+to connect to any AMQP resources while normal users are restricted.
+
+In this example a user connects to vhost 'example.com'.
+
+[options="nowrap"]
+----
+vhost {
+ name: example.com <1>
+ allowUnknownUser: true <3>
+ groups: {
+ admin: {
+ users: alice, bob <2>
+ remoteHosts: 127.0.0.1, ::1 <4>
+ sources: * <5>
+ targets: * <5>
+ },
+ $default: {
+ remoteHosts: * <6>
+ sources: news*, sports*, chat* <7>
+ targets: chat* <7>
+ }
+ }
+}
+----
+
+<1> A connection to vhost 'example.com' locates this vhost rule set.
+<2> If one of users _alice_ or _bob_ is connecting then she or he is assigned to the 'admin' user group.
+<3> Any other user is not defined by a user group. However, since the _allowUnknownUser_ setting is true then this user is assigned to the '$default' user group.
+<4> Users in the 'admin' user group must connect from localhost. Connections for an 'admin' user from other hosts on the network are denied.
+<5> Users in the 'admin' user group are allowed to access any resource offered by the vhost service.
+<6> Other users are allowed to connect from any host.
+<7> Other users have source and target name lists that restrict the resources they are allowed to access.
+
+=== Example 4. Limiting Possible Memory Consumption
+
+Policy provides a mechanism to control how much system buffer memory a
+user connection can potentially consume. The formula for computing
+buffer memory consumption for each session is
+set directly by _maxSessionWindow_.
+
+By adjusting _maxSessions_, and _maxSessionWindow_ an
+administrator can prevent a user from consuming too much memory by
+buffering messages in flight.
+
+[NOTE]
+====
+The settings passed into the AMQP protocol connection and session
+negotiations. Normal AMQP session flow control limits buffer
+consumption in due course with no processing cycles required by the
+router.
+====
+
+In this example normal users, the traders, are given smaller buffer
+allocations while high-capacity, automated data feeds are given a
+higher buffer allocation. This example skips the details of settings
+unrelated to buffer allocation.
+
+[options="nowrap"]
+----
+vhost {
+ name: traders.com <1>
+ groups: {
+ traders: {
+ users: trader-1, trader-2, ... <2>
+ maxFrameSize: 10000 <3>
+ maxSessionWindow: 5000000 <3>
+ maxSessions: 1 <4>
+ ...
+ },
+ feeds: {
+ users: nyse-feed, nasdaq-feed <5>
+ maxFrameSize: 60000 <6>
+ maxSessionWindow: 1200000000 <6>
+ maxSessions: 3 <7>
+ ...
+ }
+ }
+}
+----
+
+<1> These rules are for vhost traders.com.
+<2> The 'traders' group includes trader-1, trader-2, and any other user defined in the list.
+<3> _maxFrameSize_ and _maxSessionWindow_ allow for at most 5,000,000 bytes of data to be in flight on each session.
+<4> Only one session per connection is allowed.
+<5> In the 'feeds' group two users are defined.
+<6> _maxFrameSize_ and _maxSessionWindow_ allow for at most 1,200,000,000 bytes of data to be in flight on each session.
+<7> Up to three sessions per connection are allowed.
+
+////
+
+- Should we used signed ints for limits to allow for magic values?
+
+- In example 3, alice and bob cannot connect from an outside server and
+ get the $default settings.
+
+- Limits are enforced per router, so a vhost policy of maxConnections
+ 10 across 10 routers will allow 100 connections to that vhost.
+
+////
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/schema_txt.py
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/schema_txt.py b/docs/books/old-user-guide/schema_txt.py
new file mode 100644
index 0000000..9f340f3
--- /dev/null
+++ b/docs/books/old-user-guide/schema_txt.py
@@ -0,0 +1,109 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements. See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership. The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied. See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+
+"""
+Generate the schema.md chapter for the dispatch book from the qdrouter.json schema.
+"""
+from __future__ import unicode_literals
+from __future__ import division
+from __future__ import absolute_import
+from __future__ import print_function
+
+import sys, re
+from qpid_dispatch_internal.management.qdrouter import QdSchema
+from qpid_dispatch_internal.management.schema_doc import SchemaWriter
+
+class BookSchemaWriter(SchemaWriter):
+
+ def run(self):
+ self.heading("Management Schema")
+ self.writeln("""
+This chapter documents the set of *management entity types* that define
+configuration and management of a Dispatch Router. A management entity type has
+a set of *attributes* that can be read, some attributes can also be
+updated. Some entity types also support *operations* that can be called.
+
+All management entity types have the following standard attributes:
+
+type::
+ The fully qualified type of the entity,
+ e.g. `org.apache.qpid.dispatch.router`. This document uses the short name
+ without the `org.apache.qpid.dispatch` prefix e.g. `router`. The dispatch
+ tools will accept the short or long name.
+
+name::
+ A user-generated identity for the entity. This can be used in other entities
+ that need to refer to the named entity.
+
+identity::
+ A system-generated identity of the entity. It includes
+ the short type name and some identifying information. E.g. `log/AGENT` or
+ `listener/localhost:amqp`
+
+There are two main categories of management entity type.
+
+Configuration Entities::
+ Parameters that can be set in the configuration file
+ (see `qdrouterd.conf(5)` man page) or set at run-time with the `qdmanage(8)`
+ tool.
+
+Operational Entities::
+ Run-time status values that can be queried using `qdstat(8)` or `qdmanage(8)` tools.
+""")
+
+ with self.section("Configuration Entities"):
+ self.writeln("""
+Configuration entities define the attributes allowed in the configuration file
+(see `qdrouterd.conf(5)`) but you can also create entities once the router is
+running using the `qdrouterd(8)` tool's `create` operation. Some entities can also
+be modified using the `update` operation, see the entity descriptions below.
+""")
+ self.entity_types_extending("configurationEntity")
+
+ with self.section("Operational Entities"):
+
+ self.writeln("""
+Operational entities provide statistics and other run-time attributes of the router.
+The `qdstat(8)` tool provides a convenient way to query run-time statistics.
+You can also use the general-purpose management tool `qdmanage(8)` to query
+operational attributes.
+""")
+ self.entity_types_extending("operationalEntity")
+
+ with self.section("Management Operations"):
+ self.writeln("""
+The 'qdstat(8)' and 'qdmanage(8)' tools allow you to view or modify management entity
+attributes. They work by invoking *management operations*. You can invoke these operations
+from any AMQP client by sending a message with the appropriate properties and body to the
+'$management' address. The message should have a 'reply-to' address indicating where the
+response should be sent.
+""")
+ def operation_section(title, entity_type):
+ with self.section(title):
+ self.operation_defs(entity_type)
+ operation_section("Operations for all entity types", self.schema.entity_type("entity"))
+ for e in self.schema.filter(lambda et: et.operation_defs and not et.name_is("entity")):
+ operation_section("Operations for '%s' entity type" % e.short_name, e)
+
+def main():
+ """Generate schema markdown documentation from L{QdSchema}"""
+ BookSchemaWriter(sys.stdout, QdSchema()).run()
+
+if __name__ == '__main__':
+ main()
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/theory_of_operation.adoc
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/theory_of_operation.adoc b/docs/books/old-user-guide/theory_of_operation.adoc
new file mode 100644
index 0000000..c2deab8
--- /dev/null
+++ b/docs/books/old-user-guide/theory_of_operation.adoc
@@ -0,0 +1,395 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+== Theory of Operation
+
+This section introduces some key concepts about the router.
+
+=== Overview
+
+The router is an _application layer_ program running as a normal
+user program or as a daemon.
+
+The router accepts AMQP connections from clients and creates AMQP
+connections to brokers or AMQP-based services. The router classifies
+incoming AMQP messages and routes the
+messages between message producers and message consumers.
+
+The router is meant to be deployed in topologies of multiple routers,
+preferably with redundant paths. It uses link-state routing protocols
+and algorithms similar to OSPF or IS-IS from the networking world to
+calculate the best path from every message source to every message
+destination and to recover quickly from failures. The router relies on
+redundant network paths to provide continued connectivity in the face
+of system or network failure.
+
+A messaging client can make a single AMQP connection into a messaging
+bus built with routers and, over that connection, exchange messages
+with one or more message brokers connected to any router in the
+network. At the same time the client can exchange messages directly
+with other endpoints without involving a broker at all.
+
+=== Connections
+
+The router connects clients, servers, AMQP services, and other
+routers through network connections.
+
+==== Listener
+
+The router provides _listeners_ that accept client connections.
+A client connecting to a router listener uses the
+same methods that it would use to connect to a broker. From the
+client's perspective the router connection and link establishment are
+identical to broker connection and link establishment.
+
+Several types of listeners are defined by their role.
+
+[cols="20,80"]
+|===
+| Role | Description
+| normal | The connection is used for AMQP clients using normal message delivery.
+| inter-router | The connection is assumed to be to another router in the network. Inter-router discovery and routing protocols can only be used over inter-router connections.
+| route-container | The connection is a broker or other resource that holds known addresses. The router will use this connection to create links as necessary. The addresses are available for routing only after the remote resource has created a connection.
+|===
+
+==== Connector
+
+The router can also be configured to create outbound connections to
+messaging brokers or other AMQP entities using _connectors_. A
+connector is defined with the network address of the broker and the
+name or names of the resources that are available in that broker. When
+a router connects to a broker through a connector it uses the same
+methods a normal messaging client would use when connecting to the
+broker.
+
+Several types of connectors are defined by their role.
+
+[cols="20,80"]
+|===
+| Role | Description
+| normal | The connection is used for AMQP clients using normal message delivery. On this connector the router will initiate the connection but it will never create any links. Links are to be created by the peer that accepts the connection.
+| inter-router | The connection is assumed to be to another router in the network. Inter-router discovery and routing protocols can only be used over inter-router connections.
+| route-container | The connection is to a broker or other resource that holds known addresses. The router will use this connection to create links as necessary. The addresses are available for routing only after the router has created a connection to the remote resource.
+|===
+
+=== Addresses
+
+AMQP addresses are used to control the flow of messages across a
+network of routers. Addresses are used in a number of different places
+in the AMQP 1.0 protocol. They can be used in a specific message in
+the _to_ and _reply-to_ fields of a message's properties. They are also
+used during the creation of links in the _address_ field of a _source_ or
+a _target_.
+
+[NOTE]
+====
+Addresses in this discussion refer to AMQP protocol addresses and not
+to TCP/IP network addresses. TCP/IP network addresses are used by
+messaging clients, brokers, and routers to create AMQP connections.
+AMQP protocol addresses are the names of source and destination
+endpoints for messages within the messaging network.
+====
+
+Addresses designate various kinds of entities in a messaging network:
+
+* Endpoint processes that consume data or offer a service
+* Topics that match multiple consumers to multiple producers
+* Entities within a messaging broker:
+** Queues
+** Durable Topics
+** Exchanges
+
+The syntax of an AMQP address is opaque as far as the router network
+is concerned. A syntactical structure may be used by the administrator
+who creates addresses but the router treats them as opaque
+strings.
+
+The router maintains several classes of address based on how the address is
+configured or discovered.
+
+[cols="25,75"]
+|===
+| Address Type | Description
+| mobile | The address is a rendezvous point between senders and receivers. The router aggregates and serializes messages from senders and distributes messages to receivers.
+| link route | The address defines a private messaging path between a sender and a receiver. The router simply passes messages between the end points.
+|===
+
+==== Mobile Addresses
+
+Routers consider addresses to be mobile such that any users of an
+address may be directly connected to any router in a network and may
+move around the topology. In cases where messages are broadcast to or
+balanced across multiple consumers, the address users may be connected
+to multiple routers in the network.
+
+Mobile addresses are rendezvous points for senders and receivers.
+Messages arrive at the mobile address and are dispatched to their
+destinations according to the routing defined for the mobile address.
+The details of these routing patterns are discussed later.
+
+Mobile addresses may be discovered during normal router operation or
+configured through management settings.
+
+===== Discovered Mobile Addresses
+
+Mobile addresses are created when a client creates a link to a source
+or destination address that is unknown to the router network.
+
+Suppose a service provider wants to offer _my-service_ that clients
+may use. The service provider must open a receiver link with source
+address _my-service_. The router creates a mobile address
+_my-service_ and propagates the address so that it is known to every
+router in the network.
+
+Later a client wants to use the service and creates a sending link
+with target address _my-service_. The router matches the service
+provider's receiver having source address _my-service_ to the client's
+sender having target address _my-service_ and routes messages between
+the two.
+
+Any number of other clients can create links to the service as
+well. The clients do not have to know where in the router network the
+service provider is physically located nor are the clients required to
+connect to a specific router to use the service. Regardless of how
+many clients are using the service the service provider needs only a
+single connection and link into the router network.
+
+Another view of this same scenario is when a client tries to use the
+service before service provider has connected to the network. In this
+case the router network creates the mobile address _my-service_ as
+before. However, since the mobile address has only client sender links
+and no receiver links the router stalls the clients and prevents them
+from sending any messages. Later, after the service provider connects
+and creates the receiver link, the router will issue credits to the
+clients and the messages will begin to flow between the clients and
+the service.
+
+The service provider can connect, disconnect, and reconnect from a
+different location without having to change any of the clients or
+their connections. Imagine having the service running on a
+laptop. One day the connection is from corporate headquarters and the
+next day the connection is from some remote location. In this case the
+service provider's computer will typically have different host IP
+addresses for each connection. Using the router network the service
+provider connects to the router network and offers the named service
+and the clients connect to the router network and consume from the
+named service. The router network routes messages between the mobile
+addresses effectively masking host IP addresses of the service
+provider and the client systems.
+
+===== Configured Mobile Addresses
+
+Mobile addresses may be configured using the router _autoLink_
+object. An address created via an _autoLink_ represents a queue,
+topic, or other service in an external broker. Logically the
+_autoLink_ addresses are treated by the router network as if the
+broker had connected to the router and offered the services itself.
+
+For each configured mobile address the router will create a single
+link to the external resource. Messages flow between sender links and
+receiver links the same regardless if the mobile address was
+discovered or configured.
+
+Multiple _autoLink_ objects may define the same address on multiple
+brokers. In this case the router network creates a sharded resource
+split between the brokers. Any client can seamlessly send and receive
+messages from either broker.
+
+Note that the brokers do not need to be clustered or federated to
+receive this treatment. The brokers may even be from different vendors
+or be different versions of the same broker yet still work together to
+provide a larger service platform.
+
+==== Link Route Addresses
+
+Link route addresses may be configured using the router _linkRoute_
+object. An link route address represents a queue, topic, or other
+service in an external broker similar to addresses configured by
+_autoLink_ objects. For link route addresses the router propagates a
+separate link attachment to the broker resource for each incoming
+client link. The router does not automatically create any links to the
+broker resource.
+
+Using link route addresses the router network does not participate in
+aggregated message distribution. The router simply passes message
+delivery and settlement between the two end points.
+
+=== Message Routing
+
+Addresses have semantics associated with them that are assigned when
+the address is provisioned or discovered. The semantics of an address
+control how routers behave when they see the address being
+used. Address semantics include the following considerations:
+
+* Routing pattern - balanced, closest, multicast
+* Routing mechanism - message routed, link routed
+
+// * TODO: describe these???
+// * Undeliverable action - drop, hold and retry, redirect
+// * Reliability - N destinations, etc.
+
+==== Routing Patterns
+
+Routing patterns define the paths that a message with a mobile address
+can take across a network. These routing patterns can be used for both
+direct routing, in which the router distributes messages between
+clients without a broker, and indirect routing, in which the router
+enables clients to exchange messages through a broker.
+
+Note that the routing patterns fall into two categories: Anycast
+(Balanced and Closest) and Multicast. There is no concept of
+"unicast" in which there is only one consumer for an address.
+
+Anycast distribution delivers each message to one consumer whereas
+multicast distribution delivers each message to all consumers.
+
+Anycast delivery is reliable when the message deliveries are
+unsettled. There is a reliability contract that the router network
+abides by when delivering unsettled messages to anycast addresses.
+For every such delivery sent by a producer, the router network
+guarantees that one of the following outcomes will occur:
+
+* The delivery shall be settled with ACCEPTED or REJECTED disposition
+ where the disposition is supplied by the consumer.
+* The delivery shall be settled with RELEASED disposition, meaning
+ that the message was not delivered to any consumer.
+* The delivery shall be settled with MODIFIED disposition, meaning
+ that the message may have been delivered to a consumer but should be
+ considered in-doubt and re-sent.
+* The connection to the producer shall be dropped, signifying that all
+ unsettled deliveries should now be considered in-doubt by the
+ producer and later re-sent.
+
+Multicast delivery is not reliable. If a producer sends an unsettled
+delivery, the ingress router shall settle the delivery with ACCEPTED
+disposition regardless of whether the message was delivered to any
+consumers.
+
+===== Balanced
+
+An anycast method which allows multiple receivers to use the same
+address. In this case, messages (or links) are routed to exactly one
+of the receivers and the network attempts to balance the traffic load
+across the set of receivers using the same address. This routing
+delivers messages to receivers based on how quickly they settle the
+deliveries. Faster receivers get more messages.
+
+===== Closest
+
+An anycast method in which even if there are more receivers for the
+same address, every message is sent along the shortest path to reach
+the destination. This means that only one receiver will get the
+message. Each message is delivered to the closest receivers in terms
+of topology cost. If there are multiple receivers with the same lowest
+cost, deliveries will be spread evenly among those receivers.
+
+===== Multicast
+
+Having multiple consumers on the same address at the same time,
+messages are routed such that each consumer receives one copy of the
+message.
+
+
+==== Routing Mechanisms
+
+The fact that addresses can be used in different ways suggests that
+message routing can be accomplished in different ways. Before going
+into the specifics of the different routing mechanisms, it would be
+good to first define what is meant by the term _routing_:
+
+ In a network built of multiple, interconnected routers 'routing'
+ determines which connection to use to send a message directly
+ to its destination or one step closer to its destination.
+
+Each router serves as the terminus of a collection of incoming and
+outgoing links. Some of the links are designated for message routing,
+and others are designated for link routing. In both cases, the links
+either connect directly to endpoints that produce and consume
+messages, or they connect to other routers in the network along
+previously established connections.
+
+===== Message Routed
+
+Message routing occurs upon delivery of a message and is done based on
+the address in the message's _to_ field.
+
+When a delivery arrives on an incoming message-routing link, the
+router extracts the address from the delivered message's _to_ field and
+looks the address up in its routing table. The lookup results in zero
+or more outgoing links onto which the message shall be resent.
+
+Message routing can also occur without an address in the
+message's _to_ field if the incoming link has a target address. In
+fact, if the sender uses a link with a target address, the _to_ field
+shall be ignored even if used.
+
+===== Link Routed
+
+Link routing occurs when a new link is attached to the router across
+one of its AMQP connections. It is done based on the _target.address_
+field of an inbound link and the _source.address_ field of an outbound
+link.
+
+Link routing uses the same routing table that message routing
+uses. The difference is that the routing occurs during the link-attach
+operation, and link attaches are propagated along the appropriate path
+to the destination. What results is a chain of links, connected
+end-to-end, from source to destination. It is similar to a virtual
+circuit in a telecom system.
+
+Each router in the chain holds pairs of link termini that are tied
+together. The router then simply exchanges all deliveries, delivery
+state changes, and link state changes between the two termini.
+
+The endpoints that use the link chain do not see any difference in
+behavior between a link chain and a single point-to-point link. All of
+the features available in the link protocol (flow control,
+transactional delivery, etc.) are available over a routed link-chain.
+
+==== Message Settlement
+
+Messages may be delivered with varying degrees of reliability.
+
+* At most once
+* At least once
+* Exactly once
+
+The reliability is negotiated between the client and server during
+link establishment. The router handles all levels of reliability by treating
+messages as either _pre-settled_ or _unsettled_.
+
+[cols="20,80"]
+|===
+| Delivery | Handling
+| pre-settled | If the arriving delivery is pre-settled (i.e., fire and forget), the incoming delivery shall be settled by the router, and the outgoing deliveries shall also be pre-settled. In other words, the pre-settled nature of the message delivery is propagated across the network to the message's destination.
+| unsettled | Unsettled delivery is also propagated across the network. Because unsettled delivery records cannot be discarded, the router tracks the incoming deliveries and keeps the association of the incoming deliveries to the resulting outgoing deliveries. This kept association allows the router to continue to propagate changes in delivery state (settlement and disposition) back and forth along the path which the message traveled.
+|===
+
+
+=== Security
+
+The router uses the SSL protocol and related certificates and SASL
+protocol mechanisms to encrypt and authenticate remote peers. Router
+listeners act as network servers and router connectors act as network
+clients. Both connection types may be configured securely with SSL
+and SASL.
+
+The router Policy module is an optional authorization mechanism
+enforcing user connection restrictions and AMQP resource access
+control.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/old-user-guide/tools.adoc
----------------------------------------------------------------------
diff --git a/docs/books/old-user-guide/tools.adoc b/docs/books/old-user-guide/tools.adoc
new file mode 100644
index 0000000..6f8298d
--- /dev/null
+++ b/docs/books/old-user-guide/tools.adoc
@@ -0,0 +1,92 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+[[tools]]
+Tools
+-----
+
+[[qdstat]]
+qdstat
+~~~~~~
+
+_qdstat_ is a command line tool that lets you view the status of a
+Dispatch Router. The following options are useful for seeing what the
+router is doing:
+
+[width="100%",cols="17%,83%",options="header",]
+|=======================================================================
+|_Option_ |_Description_
+|-l |Print a list of AMQP links attached to the router. Links are
+unidirectional. Outgoing links are usually associated with a
+subscription address. The tool distinguishes between _endpoint_ links
+and _router_ links. Endpoint links are attached to clients using the
+router. Router links are attached to other routers in a network of
+routbers.
+
+|-a |Print a list of addresses known to the router.
+
+|-n |Print a list of known routers in the network.
+
+|-c |Print a list of connections to the router.
+
+|--autolinks |Print a list of configured auto-links.
+
+|--linkroutes |Print a list of configures link-routes.
+|=======================================================================
+
+For complete details see the 'qdstat(8)' man page and the output of
+`qdstat --help`.
+
+[[qdmanage]]
+qdmanage
+~~~~~~~~
+
+_qdmanage_ is a general-purpose AMQP management client that allows you
+to not only view but modify the configuration of a running dispatch
+router.
+
+For example you can query all the connection entities in the router:
+
+----------------------------------
+$ qdmanage query --type connection
+----------------------------------
+
+To enable logging debug and higher level messages by default:
+
+-------------------------------------------
+$ qdmanage update log/DEFAULT enable=debug+
+-------------------------------------------
+
+In fact, everything that can be configured in the configuration file can
+also be created in a running router via management. For example to
+create a new listener in a running router:
+
+-----------------------------------------
+$ qdmanage create type=listener port=5555
+-----------------------------------------
+
+Now you can connect to port 5555, for exampple:
+
+--------------------------------------------------
+$ qdmanage query -b localhost:5555 --type listener
+--------------------------------------------------
+
+For complete details see the 'qdmanage(8)' man page and the output of
+`qdmanage --help`. Also for details of what can be configured see the
+'qdrouterd.conf(5)' man page.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/user-guide/attributes.adoc
----------------------------------------------------------------------
diff --git a/docs/books/user-guide/attributes.adoc b/docs/books/user-guide/attributes.adoc
new file mode 100644
index 0000000..0162710
--- /dev/null
+++ b/docs/books/user-guide/attributes.adoc
@@ -0,0 +1,78 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+// Standard document attributes
+
+:data-uri!:
+:doctype: article
+:experimental:
+:idprefix:
+:imagesdir: images
+:numbered:
+:sectanchors!:
+:sectnums:
+:source-highlighter: highlightjs
+:highlightjs-theme: solarized_dark
+:toc: left
+:linkattrs:
+:toclevels: 3
+
+// Component attributes
+
+:ProductName: Apache Qpid
+:RouterLongName: {ProductName} Dispatch Router
+:ClientAmqpPythonName: {ProductName} Proton Python
+:ConsoleName: {RouterLongName} Console
+:FragmentDir: common
+:RouterName: Dispatch Router
+:RouterSchemaDir: ../../build/doc/book
+:DispatchRouterVersion: 1.0.1
+
+// Book names
+
+:RouterBook: Using {RouterLongName}
+
+// Doc links
+
+:DispatchRouterUrlBase: https://qpid.apache.org/releases/qpid-dispatch-{DispatchRouterVersion}
+
+:ManagementEntitiesUrl: {DispatchRouterUrlBase}/man/managementschema.html
+:ManagementEntitiesLink: link:{ManagementEntitiesUrl}[{RouterName} Management Schema^]
+
+:RouterBookUrl: {DispatchRouterUrlBase}/book/book.html
+:RouterBookLink: link:{RouterBookUrl}[{RouterBook}]
+
+:qdmanageManPageUrl: {DispatchRouterUrlBase}/man/qdmanage.html
+:qdmanageManPageLink: link:{qdmanageManPageUrl}[qdmanage man page^]
+
+:qdrouterdManPageUrl: {DispatchRouterUrlBase}/man/qdrouterd.html
+:qdrouterdManPageLink: link:{qdrouterdManPageUrl}[qdrouterd man page^]
+
+:qdrouterdConfManPageUrl: {DispatchRouterUrlBase}/man/qdrouterd.conf.html
+:qdrouterdConfManPageLink: link:{qdrouterdConfManPageUrl}[qdrouterd.conf man page^]
+
+:qdstatManPageUrl: {DispatchRouterUrlBase}/man/qdstat.html
+:qdstatManPageLink: link:{qdstatManPageUrl}[qdstat man page^]
+
+:ClientAmqpPythonUrl: https://qpid.apache.org/proton/
+
+// Other links
+
+:AmqpSpecUrl: http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-overview-v1.0-os.html
+:AmqpSpecLink: link:{AmqpSpecUrl}[AMQP 1.0 specification^]
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/user-guide/book.adoc
----------------------------------------------------------------------
diff --git a/docs/books/user-guide/book.adoc b/docs/books/user-guide/book.adoc
new file mode 100644
index 0000000..4ed6bdf
--- /dev/null
+++ b/docs/books/user-guide/book.adoc
@@ -0,0 +1,61 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+include::attributes.adoc[]
+
+= {RouterBook}
+
+// Introduction
+include::introduction.adoc[leveloffset=+1]
+
+// Theory of Operation
+include::theory_of_operation.adoc[leveloffset=+1]
+
+// Getting Started
+include::getting-started.adoc[leveloffset=+1]
+
+// Configuration
+include::understand-router-configuration.adoc[leveloffset=+1]
+
+// Network Connections
+include::configuration-connections.adoc[leveloffset=+1]
+
+// Security
+include::configuration-security.adoc[leveloffset=+1]
+
+// Routing
+include::routing.adoc[leveloffset=+1]
+
+// Logging
+include::logging.adoc[leveloffset=+1]
+
+// Management
+include::management.adoc[leveloffset=+1]
+
+// Reliability
+include::reliability.adoc[leveloffset=+1]
+
+// Technical Details and Specifications
+include::technical-details-specifications.adoc[leveloffset=+1]
+
+[appendix]
+include::cyrus-sasl.adoc[leveloffset=+1]
+
+// Revision information
+include::revision-info.adoc[]
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/user-guide/common
----------------------------------------------------------------------
diff --git a/docs/books/user-guide/common b/docs/books/user-guide/common
new file mode 120000
index 0000000..60d3b0a
--- /dev/null
+++ b/docs/books/user-guide/common
@@ -0,0 +1 @@
+../common
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f77f92cb/docs/books/user-guide/configuration-connections.adoc
----------------------------------------------------------------------
diff --git a/docs/books/user-guide/configuration-connections.adoc b/docs/books/user-guide/configuration-connections.adoc
new file mode 100644
index 0000000..26e10a2
--- /dev/null
+++ b/docs/books/user-guide/configuration-connections.adoc
@@ -0,0 +1,90 @@
+////
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License
+////
+
+[id='router-network-connections']
+= Network Connections
+
+Connections define how the router communicates with clients, other routers, and brokers. You can configure _incoming connections_ to define how the router listens for data from clients and other routers, and you can configure _outgoing connections_ to define how the router sends data to other routers and brokers.
+
+[id='adding-incoming-connections']
+== Listening for Incoming Connections
+
+Listening for incoming connections involves setting the host and port on which the router should listen for traffic.
+
+.Procedure
+
+. In the router's configuration file, add a `listener`:
++
+--
+[options="nowrap",subs="+quotes"]
+----
+listener {
+ host: _HOST_NAME/ADDRESS_
+ port: _PORT_NUMBER/NAME_
+ ...
+}
+----
+
+`host`:: Either an IP address (IPv4 or IPv6) or hostname on which the router should listen for incoming connections.
+`port`:: The port number or symbolic service name on which the router should listen for incoming connections.
+
+For information about additional attributes, see link:{qdrouterdConfManPageUrl}#_listener[listener] in the `qdrouterd.conf` man page.
+--
+
+. If necessary, xref:securing-incoming-connections[secure the connection].
++
+If you have set up SSL/TLS or SASL in your environment, you can configure the router to only accept encrypted or authenticated communication on this connection.
+
+. If you want the router to listen for incoming connections on additional hosts or ports, configure an additional `listener` entity for each host and port.
+
+[id='adding-outgoing-connections']
+== Adding Outgoing Connections
+
+Configuring outgoing connections involves setting the host and port on which the router connects to other routers and brokers.
+
+// Adding this here for now; in the future it might be better to have separate procedures for creating inter-router and route-container connections.
+When a router connects to a broker, the broker might provide backup connection data that the router can use if the primary connection fails. If the primary connection fails, the router attempts to reconnect by using a combination of the primary and -- if provided -- backup connections in round-robin fashion until the connection is successful. For more information about viewing the backup connection data provided by the broker, see xref:managing-connectors[].
+
+.Procedure
+
+. In the router's configuration file, add a `connector`:
++
+--
+[options="nowrap",subs="+quotes"]
+----
+connector {
+ name: _NAME_
+ host: _HOST_NAME/ADDRESS_
+ port: _PORT_NUMBER/NAME_
+ ...
+}
+----
+
+`name`:: The name of the `connector`. You should specify a name that describes the entity to which the connector connects. This name is used by configured addresses (for example, a `linkRoute` entity) in order to specify which connection should be used for them.
+`host`:: Either an IP address (IPv4 or IPv6) or hostname on which the router should connect.
+`port`:: The port number or symbolic service name on which the router should connect.
+
+For information about additional attributes, see link:{qdrouterdConfManPageUrl}#_connector[connector] in the `qdrouterd.conf` man page.
+--
+
+. If necessary, xref:securing-outgoing-connections[secure the connection].
++
+If you have set up SSL/TLS or SASL in your environment, you can configure the router to only send encrypted or authenticated communication on this connection.
+
+. For each remaining router or broker to which this router should connect, configure an additional `connector` entity.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org