Layer7 API Management

  • Private Community

  • 1.  No expiry Caching

    Posted Oct 13, 2017 09:59 AM

    Hi Community,

     

    How can we set cache limit without time limit in store to cache and Look Up cache assertion in API GW. Ideally storing token does not have time limit when it will be expired hence I am looking for option to set to no expiry.

     

    Regards,

    Suneel



  • 2.  Re: No expiry Caching

    Broadcom Employee
    Posted Oct 16, 2017 05:20 PM

    Hello Suneel,

     

    Not sure why you would want to keep cache indefinitely, but to set the max allowed Cache for the gateway per our documentation you would use Max entry age: ${lifetime}.

     

    The best practice is to always use the same Max entry age per Cache ID. One way to do this is to use context variable instead of hard values:

    • Cache ID: ${cacheID}${lifetime}
    • Max entry age: ${lifetime}

    This technique ensures that if the value of "${lifetime}" changes, it will result in a new corresponding Cache ID.

     

     

    Here is a link to our guide that covers this:  Store to Cache Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 



  • 3.  Re: No expiry Caching
    Best Answer

    Broadcom Employee
    Posted Oct 17, 2017 01:46 PM

    The max value that can be specified in the store to cache assertion is 100,000,000 seconds, roughly 3.17 years. Though I an inclined to agree with hogma01, not really sure of the use case here.  With regards to something like an OAuth access token increasing this time elevates the risk of unauthorized access. 

     

    Regards,

    Joe



  • 4.  Re: No expiry Caching

    Posted Oct 23, 2017 02:02 PM

    It seems likely you've got a design issue.  You should check your system of record to populate your cache because cache is volitile and therefore cannot be your system of record, which means you must have one somewhere which is why the intent of having a cache is to balance latency of checking and load against the system of record versus server (gateway) resources (i.e. memory).  The cache lets you respond a little quicker (or a lot if your backend is very poor performing) but consumes memory on your gateway, so it's in your interest to expire content that is not required (i.e. expired oauth tokens that are no longer valid) or not being used (i.e. web page content that is not recently requested).  In the later case you can expire it at a long interval (i.e. once an hour, day , or even a week), but if it changes very rarely and you still want to keep from checking your backend then why not just consider it static content and embed it in policy?