Stefan,
Definitely a few items to look through. I will see what I can do to answer your questions.
Current understanding
- Requests will be loaded into memory by default
- Responses will be streamed by default
- For both requests and responses, in case the payload needs to be analyzed, adjusted or whatever, it will/must be loaded into memory
- In regards to message size limit, this is only affective if the request or response will be loaded into memory
- Streamed requests or responses will not be affected by any size limits
Response: The response payload by default will steam only if an assertion after the HTTP Routing assertion does not touch the body of the message including Audit with save request/response enabled. The other point appear to be on target.
Open questions
- Assuming I don't need to touch the payload, how can I guarantee that also the request will be streamed? I made some local tests with the following result:
- Using just a "Return Template Response"-assertion (so NO route assertion in use at all), the request seems to be streamed, because I don't get any message size limit error with a request-size of 3MB.
- Using the "Copy Request Message to Response"-assertion will fail with a request-size of 3MB, but it is successful when adding the "Configure Message Streaming (enable Streaming)"-assertion.
- Using the "Route via HTTP(S)"-assertion will always fail, doesn't matter if I use the "Configure Message Streaming"-assertion or not.
- Based on these tests:
- Is it important where the "Configure Message Streaming"-assertion is placed in the policy?
Response: To stream inbound the Message Streaming assertion should be at the beginning of the policy and for response message it is not needed if no assertion touches the payload.
- Is it depending how the backend in the "Route via HTTP(S)"-assertion handles the transfer of the large payload?
Response: If it is chunked encoded that analyzing the payload would be the only way to get the size. Otherwise the size of the payload or the type is unimportant to stream it back only the modification or review of the payload will affect this.
- I found the CWP "attachment.diskThreshold" (default 1MB), but when is this affective?
- Also in streaming mode or only when the request/response will be loaded into memory?
Response: Only loaded into memory
- Only for real attachments?
Response: The whole message will be sent to disk if it exceeds the size outlined in the diskthreshold CWP. (Configure Message Streaming Assertion - CA API Gateway - 9.3 - CA Technologies Documentation )
- Or for the size of the full request/response (even without attachments)?
Response: Same as above
- Am I right that the main difference between SOAP and REST policies is the verification of the request against the configured WSDL-file and therefor always need to be loaded into memory? So assuming I don't need to offload these checks from the backend, I can handle a SOAP API via a "REST"-policy without being buffered, right?
Response: There is the validation against the WSDL and also WS-Security processing as outlined below from the Service Properties. you can covert any SOAP API to a Web API and just lose some of the SOAP based assertions. It may be worthwhile noting that response streaming works the same for both SOAP and REST services.
Sincerely,
Stephen Hughes
Broadcom Support