Layer7 API Management

Hi,
   
   After some research trying to solve a particular routing case during Policy Development, I came into a scenario that I would like to share and suggest an improvement in "Route to HTTP(S)" Assertion.

  My customer has 3 separate servers providing the same content, but each one serving a different group of users.

  Besides having different IP Addresses, all servers share the same hostname. The requestors use hosts file to point to the right server in the no-gateway scenario.

  In this particular case there is no load balancing involved.

  When developing a Policy to manage requests to this servers via Gateway, I have to branch different route assertions to the same hostname, but specifying a different IP address depending on request source, as in this case I can't rely on DNS to resolve the server's IP address.

  My first thought was to use a Context Variable to hold the IP Address after evaluating the request source, but the assertion's input field of IP address in "Use the following IP addresses:" property only accepts numbers, dot (.) and Hex Characters (A-F), thus making it impossible to provide a context variable reference like "${ServerIP}".

  Out of curiosity, I copied the Policy XML code and replaced the hardcoded IP I had provided with a context variable reference.

---
<L7p:HttpRoutingAssertion>
<L7p:CustomIpAddresses stringArrayValue="included">
<L7p:item stringValue="10.20.30.40"/>
</L7p:CustomIpAddresses>
---
With
---
<L7p:HttpRoutingAssertion>
<L7p:CustomIpAddresses stringArrayValue="included">
<L7p:item stringValue="${ServerIP}"/>
</L7p:CustomIpAddresses>
---

After pasting it back and saving the policy, to my surprise It worked, which makes me belileve that assertion is ready to process variable references and just the IP input field suffers validation.

As this behavior benefits some particular complex scenarios such as my example above, my suggestion would be to remove validation in input field of IP addresses in Routing Assertion.

I would like to hear the thoughts of CA Staff and other members regarding this suggestion.

I've attached a screenshot to illustrate.


Best Regards,

Marlos Chida

Hi, Marlos.

Any particular reason why not use the ip address as url?


------------------------------
Sr. Consultant Services
HCL Enterprise Studio
------------------------------

Original Message:
Sent: 07-30-2019 04:32 PM
From: Marlos Chida
Subject: Idea: Permit use of Context Variables to specify IP addresses in Routing Properties

Hi,
   
   After some research trying to solve a particular routing case during Policy Development, I came into a scenario that I would like to share and suggest an improvement in "Route to HTTP(S)" Assertion.

  My customer has 3 separate servers providing the same content, but each one serving a different group of users.

  Besides having different IP Addresses, all servers share the same hostname. The requestors use hosts file to point to the right server in the no-gateway scenario.

  In this particular case there is no load balancing involved.

  When developing a Policy to manage requests to this servers via Gateway, I have to branch different route assertions to the same hostname, but specifying a different IP address depending on request source, as in this case I can't rely on DNS to resolve the server's IP address.

  My first thought was to use a Context Variable to hold the IP Address after evaluating the request source, but the assertion's input field of IP address in "Use the following IP addresses:" property only accepts numbers, dot (.) and Hex Characters (A-F), thus making it impossible to provide a context variable reference like "${ServerIP}".

  Out of curiosity, I copied the Policy XML code and replaced the hardcoded IP I had provided with a context variable reference.

---
<L7p:HttpRoutingAssertion>
<L7p:CustomIpAddresses stringArrayValue="included">
<L7p:item stringValue="10.20.30.40"/>
</L7p:CustomIpAddresses>
---
With
---
<L7p:HttpRoutingAssertion>
<L7p:CustomIpAddresses stringArrayValue="included">
<L7p:item stringValue="${ServerIP}"/>
</L7p:CustomIpAddresses>
---

After pasting it back and saving the policy, to my surprise It worked, which makes me belileve that assertion is ready to process variable references and just the IP input field suffers validation.

As this behavior benefits some particular complex scenarios such as my example above, my suggestion would be to remove validation in input field of IP addresses in Routing Assertion.

I would like to hear the thoughts of CA Staff and other members regarding this suggestion.

I've attached a screenshot to illustrate.

Best Regards,

Marlos Chida

Hi Leandro,

  IP addresses could be used, but as the servers serve HTTPS pages all servers certificates would have to be reissued with SAN adding the IP's. Depending on the scenario this could be an issue.

  Besides solving my specific case, my point is that since the assertion seems to be prepared to use variables but has an input validation accepting only IPv4/IPv6 addresses, maybe removing this limitation could add a degree of flexibility that would benefit everyone.

Marlos Chida
Original Message:
Sent: 07-31-2019 10:46 AM
From: Leandro Dantas
Subject: Idea: Permit use of Context Variables to specify IP addresses in Routing Properties

Hi, Marlos.

Any particular reason why not use the ip address as url?

------------------------------
Sr. Consultant Services
HCL Enterprise Studio

Original Message:
Sent: 07-30-2019 04:32 PM
From: Marlos Chida
Subject: Idea: Permit use of Context Variables to specify IP addresses in Routing Properties

Hi,
   
   After some research trying to solve a particular routing case during Policy Development, I came into a scenario that I would like to share and suggest an improvement in "Route to HTTP(S)" Assertion.

  My customer has 3 separate servers providing the same content, but each one serving a different group of users.

  Besides having different IP Addresses, all servers share the same hostname. The requestors use hosts file to point to the right server in the no-gateway scenario.

  In this particular case there is no load balancing involved.

  When developing a Policy to manage requests to this servers via Gateway, I have to branch different route assertions to the same hostname, but specifying a different IP address depending on request source, as in this case I can't rely on DNS to resolve the server's IP address.

  My first thought was to use a Context Variable to hold the IP Address after evaluating the request source, but the assertion's input field of IP address in "Use the following IP addresses:" property only accepts numbers, dot (.) and Hex Characters (A-F), thus making it impossible to provide a context variable reference like "${ServerIP}".

  Out of curiosity, I copied the Policy XML code and replaced the hardcoded IP I had provided with a context variable reference.

---
<L7p:HttpRoutingAssertion>
<L7p:CustomIpAddresses stringArrayValue="included">
<L7p:item stringValue="10.20.30.40"/>
</L7p:CustomIpAddresses>
---
With
---
<L7p:HttpRoutingAssertion>
<L7p:CustomIpAddresses stringArrayValue="included">
<L7p:item stringValue="${ServerIP}"/>
</L7p:CustomIpAddresses>
---

After pasting it back and saving the policy, to my surprise It worked, which makes me belileve that assertion is ready to process variable references and just the IP input field suffers validation.

As this behavior benefits some particular complex scenarios such as my example above, my suggestion would be to remove validation in input field of IP addresses in Routing Assertion.

I would like to hear the thoughts of CA Staff and other members regarding this suggestion.

I've attached a screenshot to illustrate.

Best Regards,

Marlos Chida