Layer7 API Management

 View Only
  • 1.  Error Login CA Policy Manager - Cluster IP

    Posted Sep 18, 2019 03:17 PM
    Hi,

    I am implementing a Cluster of CA Api Gateway 9.4, I followed all the documentation steps.
    I determine the IP as follows:
    Node1: 10.0.0.11 (ssg1.clarity.pe)
    Node2: 10.0.0.12 (ssg2.clarity.pe)
    However, would the Cluster IP (FQDN) be that of the balancer (apache)?

    VirtualHost: ssgload.clarity.pe:80 --> Redirect 8080
    VirtualHost: ssgload.clarity.pe:443 --> Redirect 8443
    Apache Server IP: 10.0.0.10

    The configuration of the cluster Name in CA API Gateway
    cluster.hostname = ssgload.clarity.pe

    To enter CA Policy Manager I can only login using ssgload.clarity.pe:443

    But when entering the CA Policy Manager using ssgload.clarity.pe, I get an error.

    My question is why I cannot enter using the port (80 -> 8080) to the CA Policy Manager. Also if the Cluster's IP is that of the balancer (apache).

    Regards,
    Enrique Mestas


  • 2.  RE: Error Login CA Policy Manager - Cluster IP
    Best Answer

    Broadcom Employee
    Posted Sep 18, 2019 10:04 PM
    Dear Enrique,
    This is expected behaviour, because,
    1. policy manager requires ssl connection to the gateway server.
    2. the policy manager by default use port 8443 to connect to gateway, as you didn't expose port 8443, you need to manually input the port.

    Furthermore, the policy manager is supposed to connect to a gateway node, (the session info is stored locally in memory), if the policy manager connect to load balancer, your load balancer need to configure session affinity, otherwise it will cause error when the following traffic route to another gateway node.

    Regards,
    Mark


  • 3.  RE: Error Login CA Policy Manager - Cluster IP

    Posted Sep 23, 2019 01:32 PM
    Thanks Mark for the answer, I have clarified my doubt.