Hi Jade,
What version of the gateway are you using? This was a known issue which was introduced in 9.3 in which the gateway
would cache IP addresses of hostnames indefinitely.
There is a Dev defect for this. But in the mean time this behavior can be adjusted by the following,
1) Run this command: chmod 777 opt/SecureSpan/Gateway/runtime/etc/profile.d/ssgruntimedefs.sh
2) Next, edit the file with this command: vi opt/SecureSpan/Gateway/runtime/etc/profile.d/ssgruntimedefs.sh
3) Change the line that reads default_java_opts="$default_java_opts -Dfile.encoding=UTF-8 " to instead read
default_java_opts="$default_java_opts -Dfile.encoding=UTF-8 -Dsun.net.inetaddr.ttl=30 "
Notice the added -Dsun.net.inetaddr.ttl=30 value. Ensure there is a space after the 30 and before the closing double-quote. This will cause the gateway to only cache IP addresses for 30 seconds and we will then do a fresh name resolution after that time period.
4) Restart the Gateway service: service ssg restart
This is also noted in public KB, https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=12118
Hope that helps.
Daren
Original Message:
Sent: 01-06-2020 12:26 AM
From: PASAKORN SINGHAKAN
Subject: CA Gateway cache IP from lookup which back-end change their IP periodically
CA Gateway cache IP from lookup which back-end change their IP periodically
We were facing an CA Gateway IP lookup issue. The Gateway would do IP lookup and cache IP address without re-lookup again. A problem caused when some IP address at ALB changed (Destination DNS at AWS changed their IP address periodically). This cause the gateway slowness when it hit out-date IPs.
Could you please advise how to handle this issue without much impact on gateway performance ?
Thanks,
Jade.