Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.0 Manual
Page in Other Manuals
Tungsten Replicator 8.0 Manual
Tungsten Replicator 7.0 Manual
Tungsten Replicator 6.1 Manual
Tungsten Clustering (for MySQL) 7.1 Manual
Tungsten Clustering (for MySQL) 6.1 Manual
Tungsten Clustering (for MySQL) 8.0 Manual
Tungsten Replicator 7.1 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.0 Manual

       > 7. Tungsten Connector

       > 7.12. Advanced Configuration
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST APIv2
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
Navigate Up
7.12. Advanced Configuration
Parent Sections
7.12.1. Working with Proxy Protocol v1
7.12.2. Using Multiple Dataservices
7.12.3. Advanced Listeners
7.12.4. Connector Automatic Reconnect
7.12.5. Using the Connector with HAProxy
7.12.6. Using Fall-Back Bridge Mode
7.12.7. Using the Max Connections Feature
7.12.8. Adjusting the Client Disconnect Delay During Manual Switch
7.12.9. Adjusting the Bridge Mode Forced Client Disconnect Timeout
7.12.10. Adjusting the Connnector Response to Resource Losses
7.12.11. Connector Logging Configuration
7.12.12. Connector Audit Logging
7.12.13. Connector SSL Advertisement Configuration
7.12.14. Connector IP Address Configuration
7.12.15. Deploying a Connector through Docker
7.12.6. Using Fall-Back Bridge Mode
Prev  ^Up7.12. Advanced Configuration Next

7.12.6. Using Fall-Back Bridge Mode

7.12.6.1. Using Fall-Back SSL To Bridge Mode

This feature will allow the Tungsten Connector to fall back to bridge mode if a user cannot be successfully authenticated through user.map.

The connector is able to employ a special fall-back bridge mode which allows for a hybrid configuration of both Proxy and Bridge modes. By default, the bridge mode fallback feature is disabled.

When fallBackBridgeMode is set to either RW_STRICT or RO_RELAXED, the Connector will first check the user.map file for an entry that matches the user name passed in the connection request. If a match is found in the user.map, the Connector will act in Proxy mode so the conversation with the client will be handled locally, and a new connection will be opened from the connector to the database server based on the normal Proxy mode routing rules. If the user name is not found in the user.map, then the connector will act in Bridge mode, and the connection will be forwarded directly to the specified database server, either to the Primary (RW_STRICT) or to the Replica (RO_RELAXED) for handling with no intercept, just a TCP-layer packet routing. There will be no query interpretation or analysis, and no auto-reconnect, just failover handling.

Support for Fall-Back Bridge Mode and MySQL 8 was introduced in v7.0.3.

For more information, see Section 7.5, “Using Bridge Mode”, and Section 7.6, “User Authentication”.

To enable Fall-Back Bridge Mode to use the Primary, include the following entries to the /etc/tungsten/tungsten.ini file prior to installation, or issuing tpm update after installation: 

property=fallBackBridgeMode=RW_STRICT
connector-bridge-mode=false

To enable Fall-Back Bridge Mode to use a replica (if available);, include the following entries to the /etc/tungsten/tungsten.ini file prior to installation, or issuing tpm update after installation: 

property=fallBackBridgeMode=RO_RELAXED
connector-bridge-mode=false

Important

Updating these values require a connector restart (via tpm update), if enabled after installation, for the changes to be recognized.

Important

To be consistent, Bridge mode should be disabled when fallBackBridgeMode is enabled. The connector-bridge-mode option must be set to false. A consistency check is performed when starting the connector.

7.12.6.1. Using Fall-Back SSL To Bridge Mode

SSL connections are by design unreadable until the handshake has been exchanged. Because of this, the MySQL user name in the request is not visible to the Connector immediately, and therefore the Connector is unable to check against the user.map for fallBackBridgeMode.

Due to this situation, another feature was created to address SSL connections while the fallBackBridgeMode is enabled called fallBackSSLToBridge. When fallBackSSLToBridge is set to true (default), then all SSL connections will use Bridge mode, while non-SSL connections will use the fallBackBridgeMode setting (i.e. RW_STRICT which routes traffic to the Primary or RO_RELAXED which routes to the Replicas). When fallBackSSLToBridge is set to false, then SSL connections will run in non-Bridge mode - if the specified user doesn't exist in the user.map, an error will be raised.

Important

The fallBackSSLToBridge setting is ONLY available when fallBackBridgeMode is enabled, and is ignored when fallBackBridgeMode is set to false.

Since fallBackSSLToBridge is enabled by default when fallBackBridgeMode is enabled, you may turn it off with the following property: 

property=fallBackSSLToBridge=false

Warning

Updating these values require a connector restart (via tpm update), if enabled after installation, for the changes to be recognized.

Prev Up Next
7.12.5. Using the Connector with HAProxy  ^Level 7.12.7. Using the Max Connections Feature
Copyright © 2025 Continuent, Ltd.1 (415) 529-4901Terms of UsePrivacy & CookiesLegal NoticeExhibits