Layer7 API Management

  • Private Community

  • 1.  Connection to Gateway Broken

    Posted Oct 03, 2017 07:19 AM

    Hello,

     

    It feels like connections between Policy Manager and my Gateways are breaking more frequently.  Has anyone else experienced this?  It is a little frustrating when this happens unexpectedly.  Any hints?

     

    Thanks,

     

    Alejandro 



  • 2.  Re: Connection to Gateway Broken

    Posted Oct 03, 2017 07:23 AM

    would you be able to check ssm log for errors, you should be able to find it here

     

    C:\Users\<username>\.l7tech



  • 3.  Re: Connection to Gateway Broken

    Posted Oct 03, 2017 12:16 PM

    Thanks.  Nothing particularly earth shattering:

     

    Oct 03, 2017 12:12:57 PM com.l7tech.console.logging.RmiErrorHandler handle
    WARNING: Disconnected from gateway, notifying workspace.
    Oct 03, 2017 12:12:57 PM com.l7tech.console.logging.RmiErrorHandler handle
    SEVERE: A Gateway error or a communication error occurred.

     

    Is there a way to bump up the log level for more detail?

     

    Thanks,

     

    Alejandro



  • 4.  Re: Connection to Gateway Broken

    Broadcom Employee
    Posted Oct 03, 2017 09:08 PM

    Hello Alejandro ,

    First, ensure the network is good and low latency. If using ldap provider, ensure the ldap server is good, and the network between ldap and gateway is good.

     

    2nd, check the roles of current user, Internal Identity Provider -> search the user, open properties -> Roles tab

    If you can see a large number of roles for this user, it may be the reason of the connection broken between the policy manager and gateway.

    A quick work around is to only set one role for this user (administrator), and configure the cluster wide properties to disable auto role assignment,

    rbac.autoRole.managePolicy.autoAssign=false
    rbac.autoRole.manageProvider.autoAssign=false
    rbac.autoRole.manageService.autoAssign=false

     

    If you still want the permission control, you may need to use security zone, assign permission of entities to the zone, and add only 2 roles to the user or group,

    View X Zone
    Manage X Zone

     

    Hope this can help.

     

    Regards,

    Mark



  • 5.  Re: Connection to Gateway Broken

    Posted Oct 06, 2017 09:35 AM

    Thanks for the info.  I'm thinking that the issue has to do with latency since none of the other conditions apply to my setup.

     

    So, what qualifies as "low" latency?

     

    Thanks,

     

    Alejandro



  • 6.  Re: Connection to Gateway Broken

    Broadcom Employee
    Posted Oct 08, 2017 09:09 PM

    It depends, I believe <10ms should be good for most occasions.

    I usually run the policy manager on a machine in the same LAN of the gateway server, and then use remote desktop to control the policy manger machine.



  • 7.  Re: Connection to Gateway Broken

    Posted Oct 19, 2017 07:03 AM

    Hmm... If that's the case then I'll hit some problems.  I'm getting ping replies in the 18-20ms range.

     

    Alejandro



  • 8.  Re: Connection to Gateway Broken

    Broadcom Employee
    Posted Nov 09, 2017 10:15 AM

    Alejandro,

     

    Several of the biggest reasons that connection are broken is VPNs not maintaining connections properly and connections going through Load Balancers where the port is not set for sticky sessions.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support