Layer7 API Management

  • Private Community
 View Only

  • 1.  CA API GW - HTTP(s) routing and timeouts

    Broadcom Employee
    Posted Aug 07, 2020 05:07 AM
    Anyone knows how GW works with the connections within the Route via HTTP (S) assertion? The communication from the server (through CURL directly on the server where GW runs) was passed to the backend, but from GW (Route via HTTP (S) Assertion) it always ended with a connection-timeout error. After restarting the GW service (service ssg restart) everything was fine and timeouts stopped occurring.

    We have a theory that the connection pool was timed-out on one of the GWs, then a request came and the connection always ended in a timeout.

    We know that we can influence the behavior by com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion.statePool.enable property, but it would be good to know how the routing really works.

    ------------------------------
    Senior Security Consultant
    CA CEE
    ------------------------------


  • 2.  RE: CA API GW - HTTP(s) routing and timeouts
    Best Answer

    Broadcom Employee
    Posted Aug 11, 2020 08:56 PM
    It's more likely a DNS caching issue.
    Some gateway versions (9.4) has no DNS ttl set by default, ie. it cache the IP forever until restart, then when the backend sever changes IP (common seen for those servers deployed on Amazon without 'Elastic IP'), the connect will have problem.

    There is a KB for this ,
    https://knowledge.broadcom.com/external/article?articleId=12118

    Regards,
    Mark

    Original Message