Overview
|
You can use the Remote Host Settings to configure the way in
which the Enterprise Gateway connects to a specific external server or routing destination.
For example, typical use cases for configuring Remote Hosts with the Enterprise Gateway
are as follows:
-
Forcing the Enterprise Gateway to send only HTTP 1.0
requests to a destination server because that server supports only HTTP 1.0.
-
Resolving inconsistencies in the way the destination server supports HTTP.
-
Mapping a hostname to a specific IP address or addresses (for example,
if a DNS server is unreliable or unavailable).
-
Setting the timeout, session cache size, input/output buffer size,
and other connection-specific settings for a destination server
(for example, if the destination server is particularly slow,
you can set a longer timeout).
-
Stop accepting inbound connections on the HTTP Interface when the
Enterprise Gateway loses connectivity to the remote host.
You can add Remote Hosts per-process by right-clicking the
Process in the Policy Studio tree view, and selecting Add Remote Host.
The tabs in the Remote Host Settings configuration screen are described
in the next sections.
|
General Settings
|
You can configure the following settings on the General tab:
Host Name:
The host name or IP address of the Remote Host to connect to. If the
host name entered in a Static Router filter matches
this host name, the connection-specific settings configured on
the Remote Host dialog are used when connecting to
this host. This also includes any IP addresses listed on the
Addresses tab, which override the default network
DNS server mappings, if configured.
Port:
The TCP port on the Remote Host to connect to.
Maximum Connections:
The maximum number of connections to open to a Remote Host. If the
maximum number of connections has already been established, the
Enterprise Gateway Process waits for a connection to drop or become idle
before making another request. The default maximum is 128 connections.
Force HTTP 1.0:
In cases where the Enterprise Gateway is routing on to a Remote Host that does
not fully support the HTTP 1.1 protocol, anomalies may occur
during the connection. To prevent this, you can force
the Enterprise Gateway to use the HTTP 1.0 protocol.
Include Content Length in Request:
When this option is selected, the Enterprise Gateway includes the
Content-length HTTP header in all requests to this Remote Host.
Include Content Length in Response:
When this option is selected, if the Enterprise Gateway receives a response from this
Remote Host that contains a Content-length HTTP header, it returns this length to
the client.
Send Server Name Indication TLS extension to server:
Adds a field to outbound TLS/SSL calls that shows the name that the
client used to connect. For example, this can be useful if the server
handles several different domains, and needs to present different
certificates depending on the name the client used to connect.
Verify server's certificate matches requested hostname:
Ensures that the certificate presented by the server matches the name of
the remote host being connected to. This prevents host spoofing and
man-in-the-middle attacks. This setting is selected by default.
|
Address Settings
|
You can configure the following settings on the Addresses tab:
Addresses to use instead of DNS lookup:
You can add a list of IP addresses that the Enterprise Gateway uses instead of
attempting a DNS lookup on the host name provided. This is useful in cases
where a DNS server is not available or is unreliable. By default, connection
attempts are made to the listed IP addresses on a round-robin basis.
For example, if a Static Router filter is configured to
route to www.webservice.com , it first checks if any
Remote Hosts have been configured with a Host Name
entry matching www.webservice.com . If it finds a Remote
Host with matching Host Name, it resolves the hostname to
the IP addresses listed here. In addition, it uses all the connection-specific settings
configured on the Remote Host dialog when routing messages to these
IP addresses. If it can not find a matching host, the Static Router
filter uses whatever DNS server has been configured for the network on which the
Enterprise Gateway is running.
To add a list of IP addresses for a Remote Host, perform the following steps:
- In the Addresses to use instead of DNS lookup box,
select a priority group (for example, Highest Priority).
- Click Add.
- Enter an IP address in the Configure IP Address dialog.
- Click OK.
- Repeat these steps to add more IP addresses as appropriate.
Load balancing:
The Load Balancing Algorithm drop-down box enables you to specify whether
load balancing is performed on a simple round-robin basis or weighted by response time.
Simple Round Robin is the default algorithm. Connection attempts are made
to the listed IP addresses on a round-robin basis in each priority group. The Weighted
by response time algorithm compares the request/reply response times for the server
address in each priority group. This is the simplest way of estimating the relative load of
the address. This algorithm works as follows:
- The address with the least response time is selected to send the next message to.
- If the address fails to send the message, it ignores that address for a period
of time and selects another address in the same way.
- If all addresses in a given group fail to accept a connection, addresses in
the next group in ascending order of priority are used in the same way.
- Only when all addresses in all priorities have failed to accept connections is
delivery of the message abandoned, and an error raised.
The response times used by this algorithm decline over time. You can specify the rate of
exponential decline by specifying a Period to wait before response time is halved.
The default is 10,000 ms (10 sec). This enables addresses that were heavily loaded for a period of
time to eventually resume accepting messages after the load subsides. For example, server A takes
100 ms to reply, and the other servers in the same priority group reply in 25 ms. A Period
to wait before response time is halved of 10,000 ms (10 sec) means that after 20 seconds
server A is retried along with the other servers. In this case, the response time has been halved
twice (100 ms / 2 / 2 = 25 ms).
|
Advanced Settings
|
The options available on the Advanced tab are used when creating sockets for
connecting to the Remote Host. Default values are provided for all fields, which should only be
modified under advice from the
Oracle Support Team.
You can configure the following configuration options on the Advanced tab:
Active Timeout:
When the Enterprise Gateway receives a large HTTP request, it reads the request
off the network when it becomes available. If the time between reading
successive blocks of data exceeds the Active Timeout,
the Enterprise Gateway closes the connection. This prevents a Remote Host from closing
the connection while sending data. For example, the Remote Host's network connection
is pulled out of the machine while sending data to the Enterprise Gateway. When the Enterprise Gateway
has read all the available data off the network, it waits the Active Timeout
period of time before closing the connection.
Idle Timeout:
The Enterprise Gateway supports HTTP 1.1 persistent connections. The Idle Timeout
is the time that Enterprise Gateway waits after sending a message over a persistent connection to
the Remote Host before it closes the connection. Typically, the Remote Host tells the Enterprise Gateway
that it wants to use a persistent connection. The Enterprise Gateway acknowledges this, and keeps
the connection open for a specified period of time after sending the message to the host.
If the connection is not reused by within the Idle Timeout period,
the Enterprise Gateway closes the connection.
Input Buffer Size:
The maximum amount of memory allocated to each request.
Output Buffer Size:
The maximum amount of memory allocated to each response.
Cache Addresses For:
The period of time to cache addressing information after it has
been received from the naming service (for example, DNS).
SSL Session Cache Size:
Specifies the size of the SSL session cache for connections to the remote host. This controls the
number of idle SSL sessions that can be kept in memory. You can use this setting to improve performance
because it caches the slowest part of establishing the SSL connection. A new connection does not
need to go through full authentication if it finds its target in the cache. Defaults to
32 . If there are more than 32 simultaneous SSL sessions, this does not prevent another
SSL connection from being established, but means that no more SSL sessions are cached. A cache size
of 0 means the cache size is unlimited.
At DEBUG level or higher, the Enterprise Gateway outputs trace when an entry goes
into the cache, for example:
DEBUG 09:09:12:953 [0d50] cache SSL session 11AA3894 to support.acme.com:443
If the cache is full, the output is as follows:
DEBUG 09:09:12:953 [0d50] enough cached SSL sessions 11AA3894 to support.acme.com:443 already
|
Configuring Watchdogs
|
You can configure an HTTP Interface to shut down based on
certain conditions. One such condition is
dependent on the Enterprise Gateway being able to contact a particular back-end
Web Service running on a Remote Host. To do this, you can configure an
HTTP Watchdog for a Remote Host to poll the endpoint.
If the endpoint cannot be reached, the HTTP Interface is shut down.
To configure the Enterprise Gateway to shut down an HTTP Interface based on the
availability of a Remote Host, perform the following steps:
-
Configure an HTTP Watchdog for the Remote Host.
-
Configure a Requires Endpoint condition on the
HTTP Interface.
-
When configuring this condition, select the Remote Host configured
in step 1 (the host with the associated Watchdog).
Note:
When Load Balancing is configured as Weighted by response
time, and Remote Host Watchdogs are configured, the watch dog polling also
contributes to the load balancing calculations.
For more information on adding a watchdog to a Remote Host, see
Configuring an HTTP Watchdog.
For more information on adding Conditions to an HTTP Interface, see
Configuring Conditions for HTTP Interfaces.
|
|