Idea Details

Load Balancing capabilities for CA Access Gateway (formerly CA SPS)

Last activity 06-13-2019 10:02 AM
Anon Anon's profile image
08-15-2016 03:32 PM

Currently the CA Access Gateway does not support even basic load balancing to back-end applications. It is currently a requirement to have a 2nd tier VIP behind the the CA Access Gateway. I think it would add a lot of value if CA were to add this functionality in the product.

 

Think of the Nginx Load Balancing capabilities.


Comments

07-24-2018 09:37 PM

A note here in case someone is looking to do this.

 

Original Demo Version:

I do have straw man setup for SPS that does load balancing. 

 

The version I had implemented a cookie to do sticky load balancing implemented as a filter. 

 

It was a bit messy since if the cookie was not set it required a "loopback" call to set the cookie and then execute the sps filter in the right order to forward to the loadbalanced backend. 

 

The setup was something like : 

server.conf

filter.LoadBalanceFilter.class=LoadBalanceFilter
filter.LoadBalanceFilter.init-param.debugTraceLevel="2"
filter.LoadBalanceFilter.init-param.backendSite.1="backend1.example.com"
filter.LoadBalanceFilter.init-param.backendSite.2="backend2.example.com"

#filter.LoadBalanceFilter.init-param.cookieName="PROXY_LB"
#filter.LoadBalanceFilter.init-param.LBHeaderHostName="LB_HOSTNAME"
#filter.LoadBalanceFilter.init-param.enabled="true"

 

proxyrules.xml 

<nete:proxyrules xmlns:nete="http://www.ca.com/" debug="yes">
<nete:forward filter="LoadBalanceFilter">http://{{LB_HOSTNAME}}$0</nete:forward>
</nete:proxyrules>

 

(Latter version had a direct forward based on the cookie value, and loopback to localhost if cookie was not set).

 

 

A Better Method : 

Since then I have thought of a simpler and better method.  So if I was revisiting it now, I would now set the PROXY_LB cookie (and probably the LD_HOSTNAME header as well) in apache using mod_headers settings, similar to what I ended up doing here: 

https://communities.ca.com/ideas/235737271-white-or-blacklisting-capability-in-access-gateway-within-product#comment-233… 

 

As that would require only one pass even when the cookie was not set, and possibly not even need the sps filter. 

 

Cheers - Mark