Layer7 API Management

I am trying to set up an HTTP connection over a leased line where the IP address I have to use is different from the host name. I'd thought that setting the host name I want in the URL of the HTTP routing assertion *and* the "use following IP address" in the connection tab would do what I want but it doesn't seem to. Can anyone confirm how the specified IP addresses on the connection tab are used?

The work around we've come up with is to add this host to the local /etc/hosts and map it do the IP we need. That will work functionally but will be a pain to manage. Is there a way to get this effect just from policy configuration.

This is covered in the documentation but it's not really clear what it does.

TIA,

Greg

Hello Greg,

I believe you have the assertion understanding correct, and it should be able to do what you need it to do, directly how you have described.

I'm not sure what was configured correctly/incorrectly, but let me show you an example I set up in a lab environment routing from one Gateway to a group of two Gateways in a cluster.

GW1 IP: 192.168.112.129

GW2 IP: 192.168.112.131

Initial request to: https://gw91.ca.com:8443/test2

Service simply routes to /return on either node in the existing cluster using the routing connection properties for failover:

**Note I have added some bogus hostname on the route itself that would be unreachable if we did not specify IP addresses.

You can see here I have added my two Gateway node IPs and selected Round-Robin failover strategy so that we can see the service going to both IP addresses even though the hostname provided in the route itself is unreachable.

Ex:

You can see here every call will follow the failover strategy and go to each different node.

So in theory you should be able to do what you want. Feel free to post what you have attempted and we could assist you in a resolution.

Hi Nathan,

Sorry it's taken so long for me to get back to this. I now have the same problem with another external data source but have enough time to try to come up with a better solution. I wasn't very clear last time.

The HTTP route approach you outline does work from a network perspective. The problem is the remote data source is expecting the DNS name in the host header and fails when it doesn't get it. When I supply the IP address it is the IP address that is sent in the host header. I've found some systems require this and some don't.

I've tried using the Manage Transport Properties/Headers to change the request host header but I don't see that it has any effect. The policy is just the manage call and the HTTP route that uses an IP map. The echo endpoint I am calling just logs the headers and returns the request. It could be I am doing the manage assertion wrong.

When I check the log in the echo policy the header contains the IP address.

017-10-12T16:33:36.201-0500 INFO    2448 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -4: ECHO Headers - Headers: connection:Keep-Alive, content-length:22, content-type:text/xml, host:127.0.0.1:8080, user-agent:Layer7-SecureSpan-Gateway/v9.2.00-b6904

thanks,

Greg

Hello Greg,

Nathan's answer should resolve your problem, but I think this is a network problem, should be done by your network team -- just need to setup the DNS properly.

You should be able to configure DNS on gateway main menu or /etc/resolv.conf

Or, you may use IP address in the URL directly.

Regard,

Mark

You are right, but in this case it is an external vendor DNS name and there are other systems on our side that access this domain. I don't understand DNS but the network group was nervous about using our DNS to just resolve one host from an external domain and not the rest. The external host name must map to an internal IP address.

We can use /etc/hosts but then we have to remember to copy the change when we set up new servers, etc.

thanks,

Greg