How to configure FIX sessions with different listening ports

Overview

The feature is available since FIX Antenna C++ 2.28.0

FIX Antenna-based products allow clients to allocate a separate listening port for each acceptor session. Such a configuration enhances the usability and security of the solution.

When the session bound to a particular port is being terminated (or not used anymore), i.e. according to the schedule, the Engine stops listening to connections on the given port.

FIX Antenna provides a few ways to define listening ports for acceptor FIX sessions:

  • by configuring a port per single session
  • by configuring port per multiple sessions
  • by defining a single not secure port via API
  • by defining multiple listening ports via API (both SSL and non-SSL)

Configure FIX session with a dedicated port

The ListenPort parameter can accept multiple values separated by a comma. In case when it is needed to accept a session to a dedicated port the user can add all required ports to the list and ask initiators to use the provided port.

Code example: 

engine.properties
#defaults
Session.Default.StorageType = persistentMM
Session.Default.Validation.IsEnabled = false
Session.Default.ReconnectMaxTries = -1
Session.Default.ReconnectInterval = 60000

# acceptor #1
Session.FIXServer/Client42.Role = Acceptor
Session.FIXServer/Client42.ParserVersion = FIX42
Session.FIXServer/Client42.ReconnectInterval = 30000
Session.FIXServer/Client42.ListenPort = 9001
Session.FIXServer/Client42.ListenAddress = 127.0.0.1

# acceptor #2
Session.FIXServer/Client44.Role = Acceptor
Session.FIXServer/Client44.ParserVersion = FIX44
Session.FIXServer/Client44.ReconnectInterval = 30000
Session.FIXServer/Client44.ListenPort = 9002
Session.FIXServer/Client44.ListenAddress = 127.0.0.1

Similar configuration in QuickFIX: 

acceptor.cfg
[DEFAULT]
FileStorePath=store
FileLogPath=log
ConnectionType=acceptor
SenderCompID=FIXServer

[SESSION]
BeginString=FIX.4.2
TargetCompID=Client42
ReconnectInterval=30
HeartBtInt=30
SocketAcceptPort=9001
SocketAcceptHost=127.0.0.1
DataDictionary=..\spec\fix\FIX42.xml

[SESSION]
BeginString=FIX.4.4
TargetCompID=Client44
ReconnectInterval=30
HeartBtInt=30
SocketAcceptPort=9002
SocketAcceptHost=127.0.0.1
DataDictionary=..\spec\fix\FIX44.xml

The TCP socket option SO_REUSEADDR is always enabled for listening ports

Parameters priority

The session parameters have priority over default session parameters.

If the listening port is defined for a default session, it will be used for the sessions, if the listening port for a specific session is not defined.

If the listening port is not defined for a specific session and for a default session, the session will be listened to on the global ports.

If unregistered sessions are allowed, they will be accepted on listening ports of global level only.

Code example:

engine.properties
# The session parameters has the highest priority
Session.FIXServer/TLS12_Client42.ListenPort = 9001
Session.FIXServer/TLS12_Client42.ListenAddress = 127.0.0.1

# defines defaults if session's parameters are not set
Session.Default.ListenPort = 9105
Session.Default.ListenAddress = 0.0.0.0

# defines default Engine level parameters if session's parameters are not set
ListenPort = 9105
ListenAddress = 0.0.0.0

Session.Default.ListenPort and Session.Default.ListenAddress parameters are used for an acceptor session if ListenPort and ListenAddress parameters for a session are not set.

Disable listening

To disable listening of incoming connections, a user should comment or remove a value for all ListenPort parameters.

Code example:

engine.properties
Session.<SenderId>/<TargetId>.ListenPort = 
ListenPort = 
ListenSSLPort =
Monitoring.ListenPort =

Configure an Administrative session with a dedicated port

The feature is available since FIX Antenna C++ 2.29.0

The administrative session has a configurable listen port as well as a FIX session.

FIX Antenna C++ provides a few ways to configure listening ports for administrative FIX sessions.

To configure listen port per single administrative FIX session:

  • Enable monitoring feature Monitoring.Enable in the engine.properties file.
  • Configure Monitoring.ListenAddress and Monitoring.ListenPort parameters exclusively for an administrative FIX session.
  • Specify administrative FIX session in the engine.properties file.

To configure listen port per multiple sessions (administrative FIX session and another FIX session):

  • Enable monitoring feature Monitoring.Enable in the engine.properties file.
  • Configure Monitoring.ListenAddress and Monitoring.ListenPort parameters non-exclusively for an administrative FIX session.
  • Share Monitoring.ListenPort parameter with other FIX sessions.
  • Specify administrative FIX session in the engine.properties file.

For multiple administrative sessions, specify all required sessions in session Monitoring.AdminSessionNames list with their own sets of parameters.

If the parameters do not exist or are empty, the global engine's parameters ListenAddress and ListenPort are used in the same way as for ordinary FIX sessions.

Monitoring.ListenPort does not support a secure connection.

To enable SSL for administrative sessions, the port number must be also added to ListenSSLPort.

Configure SSL listening port

The same listening SSL port (i.e. SSL context) cannot be shared between two and more sessions if their SSL parameters are not the same. Secure and non-secure connections can't share the same port.

In case of the SSL context for multiple sessions is different or if a secure and insecure session is configured for using the same port, then the corresponding error will be logged. The session under conflict will not be created.

Code example:

engine.properties
# SSL acceptor #1
Session.FIXServer/TLS12_Client42.Role = Acceptor
Session.FIXServer/TLS12_Client42.ParserVersion = FIX42
Session.FIXServer/TLS12_Client42.ListenPort = 9001
Session.FIXServer/TLS12_Client42.ListenAddress = 127.0.0.1
Session.FIXServer/TLS12_Client42.SSLValidatePeerCertificate = true
Session.FIXServer/TLS12_Client42.SSLCertificate = cert.pem
Session.FIXServer/TLS12_Client42.SSLPrivateKey = cert.pem
Session.FIXServer/TLS12_Client42.SSLCACertificate = certCA.pem
Session.FIXServer/TLS12_Client42.SSLProtocols = TLSv1_2

# SSL acceptor #2
Session.FIXServer/TLS12_Client44.Role = Acceptor
Session.FIXServer/TLS12_Client44.ParserVersion = FIX44
Session.FIXServer/TLS12_Client44.ListenPort = 9001
Session.FIXServer/TLS12_Client44.ListenAddress = 127.0.0.1
Session.FIXServer/TLS12_Client44.SSLValidatePeerCertificate = true
Session.FIXServer/TLS12_Client44.SSLCertificate = cert.pem
Session.FIXServer/TLS12_Client44.SSLPrivateKey = cert.pem
Session.FIXServer/TLS12_Client44.SSLCACertificate = certCA.pem
Session.FIXServer/TLS12_Client44.SSLProtocols = TLSv1_2

# SSL acceptor #3 with different TLS version => must use a different port.
Session.FIXServer/TLS10_Client44.Role = Acceptor
Session.FIXServer/TLS10_Client44.ParserVersion = FIX44
Session.FIXServer/TLS10_Client44.ReconnectInterval = 30000
Session.FIXServer/TLS10_Client44.ListenPort = 9002
Session.FIXServer/TLS10_Client44.ListenAddress = 127.0.0.1
Session.FIXServer/TLS10_Client44.SSLValidatePeerCertificate = true
Session.FIXServer/TLS10_Client44.SSLCertificate = cert2.pem
Session.FIXServer/TLS10_Client44.SSLPrivateKey = cert2.pem
Session.FIXServer/TLS10_Client44.SSLProtocols = TLSv1_0

# Non secure acceptor #4 => must use a different port.
Session.FIXServer/NonSecure_Client44.Role = Acceptor
Session.FIXServer/NonSecure_Client44.ParserVersion = FIX44
Session.FIXServer/NonSecure_Client44.ReconnectInterval = 30000
Session.FIXServer/NonSecure_Client44.ListenPort = 9003
Session.FIXServer/NonSecure_Client44.ListenAddress = 127.0.0.1
Session.FIXServer/NonSecure_Client44.SSLValidatePeerCertificate = true
Session.FIXServer/NonSecure_Client44.SSLCertificate = cert2.pem
Session.FIXServer/NonSecure_Client44.SSLPrivateKey = cert2.pem
Session.FIXServer/NonSecure_Client44.SSLProtocols = TLSv1_0

If the session connects to the ListenAddress and SenderCompID does not match TargetCompID, the session will not be accepted and the corresponding error will be logged:

Session.FIXServer/NonSecure_Client44.ListenPort = 9003

Configure listening ports via API

To configure a listening address for a session use the field: Engine::SessionExtraParameters::listenAddress_

To configure listening ports for a session use the field: Engine::SessionExtraParameters::listenPort_.

To set an SSL port or several non-secure listening ports for a session via API, you need to use listenEndpoints (the list of structures where ListenAddress and listenSocketEndpoint parameters are defined). The listenSocketEndpoint parameter defines the listening port and sslCtx which sets the parameters of the listening port (whether this port supports SSL or not).

By using API, any combination of listening ports for acceptor sessions can be defined.

stopListeningIncomingConnections function

The API call Engine::FixEngine::stopListeningIncomingConnections() stops listening and closes all the ports (global and sessions ones).