Oracle® Fusion Middleware
Part 7. API Gateway instances

You can use the Remote Host Settings to configure the way in which API Gateway connects to a specific external server or routing destination. For example, typical use cases for configuring remote hosts with API Gateway are as follows:

You can add remote hosts per-instance by right-clicking the API Gateway instance in the Policy Studio tree view, and selecting Add Remote Host. The tabs in the Remote Host Settings configuration window are described in the following sections.

You can configure the following settings on the General tab:

Host Alias:

The human readable alias name for the remote host (for example, StockQuote Host). This setting is required.

Host Name:

The host name or IP address of the remote host to connect to (for example stockquote.com). If the host name entered in a Static Router filter matches this host name, the connection-specific settings configured on the Remote Host dialog are used when connecting to this host. This also includes any IP addresses listed on the Addresses and Load Balancing tab, which override the default network DNS server mappings, if configured. This setting is required.

Port:

The TCP port on the remote host to connect to. Defaults to 80.

Maximum Connections:

The maximum number of connections to open to a remote host. If the maximum number of connections has already been established, the API Gateway instance waits for a connection to drop or become idle before making another request. The default maximum is 128 connections.

Allow HTTP 1.1:

The API Gateway uses HTTP 1.0 by default to send requests to a remote host. This prevents any anomalies if the destination server does not fully support HTTP 1.1. If the API Gateway is routing on to a remote host that fully supports HTTP 1.1, you can use this setting to enable API Gateway to use HTTP 1.1.

Include Content Length in Request:

When this option is selected, the API Gateway includes the Content-Length HTTP header in all requests to this remote host.

Include Content Length in Response:

When this option is selected, if the API Gateway receives a response from this remote host that contains a Content-Length HTTP header, it returns this length to the client.

Send Server Name Indication TLS extension to server:

Adds a field to outbound TLS/SSL calls that shows the name that the client used to connect. For example, this can be useful if the server handles several different domains, and needs to present different certificates depending on the name the client used to connect.

Verify server's certificate matches requested hostname:

Ensures that the certificate presented by the server matches the name of the remote host being connected to. This prevents host spoofing and man-in-the-middle attacks. This setting is selected by default.

You can configure the following settings on the Addresses and Load Balancing tab:

Addresses to use instead of DNS lookup:

You can add a list of IP addresses that the API Gateway uses instead of attempting a DNS lookup on the host name provided. This is useful in cases where a DNS server is not available or is unreliable. By default, connection attempts are made to the listed IP addresses on a round-robin basis.

For example, if a Static Router filter is configured to route to www.webservice.com, it first checks if any remote hosts have been configured with a Host Name entry matching www.webservice.com. If it finds a Remote Host with matching Host Name, it resolves the hostname to the IP addresses listed here. In addition, it uses all the connection-specific settings configured on the Remote Host dialog when routing messages to these IP addresses. If it can not find a matching host, the Static Router filter uses whatever DNS server has been configured for the network on which the API Gateway is running.

To add a list of IP addresses for a remote host, perform the following steps:

Load balancing:

The Load Balancing Algorithm drop-down box enables you to specify whether load balancing is performed on a simple round-robin basis or weighted by response time. Simple Round Robin is the default algorithm. Connection attempts are made to the listed IP addresses on a round-robin basis in each priority group. The Weighted by response time algorithm compares the request/reply response times for the server address in each priority group. This is the simplest way of estimating the relative load of the address. This algorithm works as follows:

The response times used by this algorithm decline over time. You can specify the rate of exponential decline by specifying a Period to wait before response time is halved. The default is 10,000 ms (10 sec). This enables addresses that were heavily loaded for a period of time to eventually resume accepting messages after the load subsides. For example, server A takes 100 ms to reply, and the other servers in the same priority group reply in 25 ms. A Period to wait before response time is halved of 10,000 ms (10 sec) means that after 20 seconds server A is retried along with the other servers. In this case, the response time has been halved twice (100 ms / 2 / 2 = 25 ms).

The options available on the Advanced tab are used when creating sockets for connecting to the remote host. Default values are provided for all fields, which should only be modified under advice from the Oracle Support Team.

You can configure the following configuration options on the Advanced tab:

Connection Timeout:

If a connection to this remote host is not established within the time set in this field, the connection times out and the connection fails. Defaults to 30000 milliseconds (30 seconds).

Active Timeout:

When the API Gateway receives a large HTTP request, it reads the request off the network when it becomes available. If the time between reading successive blocks of data exceeds the Active Timeout, the API Gateway closes the connection. This prevents a remote host from closing the connection while sending data. Defaults to 30000 milliseconds (30 seconds). For example, the remote host's network connection is pulled out of the machine while sending data to the API Gateway. When the API Gateway has read all the available data off the network, it waits the Active Timeout period before closing the connection.

Transaction Timeout (ms):

A configurable transaction timeout that detects slow HTTP attacks (slow header write, slow body write, slow read) and rejects any transaction that keeps the worker threads occupied for an excessive amount of time. The default value is 240000 milliseconds.

Max Received Bytes:

The maximum number of bytes received in a transaction. This is a configurable maximum length for the received data on transactions that API Gateway can handle. This setting limits the entire amount of data received over the link, regardless of whether it consists of body, headers, or request line. The default value is 10 MB (10485760 bytes).

Max Sent Bytes:

The maximum number of bytes sent in a transaction. This is a configurable maximum length for the transmitted data on transactions that API Gateway can handle. This setting limits the entire amount of data sent over the link, regardless of whether it consists of body, headers, or request line. The default value is 10 MB (10485760 bytes).

Idle Timeout:

The API Gateway supports HTTP 1.1 persistent connections. The Idle Timeout is the time that API Gateway waits after sending a message over a persistent connection to the remote host before it closes the connection. Defaults to 15000 milliseconds (15 seconds). Typically, the remote host tells the API Gateway that it wants to use a persistent connection. The API Gateway acknowledges this, and keeps the connection open for a specified period of time after sending the message to the host. If the connection is not reused by within the Idle Timeout period, the API Gateway closes the connection.

Input Buffer Size:

The maximum amount of memory allocated to each request. The default value is 8192 bytes.

Output Buffer Size:

The maximum amount of memory allocated to each response. The default value is 8192 bytes.

Cache addresses for (ms):

The period of time to cache addressing information after it has been received from the naming service (for example, DNS). The default value is 300000 milliseconds.

SSL Session Cache Size:

Specifies the size of the SSL session cache for connections to the remote host. This controls the number of idle SSL sessions that can be kept in memory. Defaults to 32. If there are more than 32 simultaneous SSL sessions, this does not prevent another SSL connection from being established, but means that no more SSL sessions are cached. A cache size of 0 means no cache, and no outbound SSL connections are cached.

At DEBUG level or higher, the API Gateway outputs trace when an entry goes into the cache, for example:

DEBUG   09:09:12:953 [0d50] cache SSL session 11AA3894 to support.acme.com:443

If the cache is full, the output is as follows:

DEBUG   09:09:12:953 [0d50] enough cached SSL sessions 11AA3894 to 
support.acme.com:443 already

Input Encodings:

Click the browse button to specify the HTTP content encodings that the API Gateway can accept from peers. The available content encodings include gzip and deflate. By default, the content encodings configured the Default Settings are used. You can override this setting at the remote host and HTTP interface levels. For more details, see the topic on Compressed content encoding.

Output Encodings:

Click the browse button to specify the HTTP content encodings that the API Gateway can apply to outgoing messages. The available content encodings include gzip and deflate. By default, the content encodings configured the Default Settings are used. You can override this setting at the remote host and HTTP interface levels. For more details, see the topic on Compressed content encoding.

Include correlation ID in headers:

Specifies whether to insert the correlation ID in outbound messages. This means that an X-CorrelationID header is added to the outbound message. This is a transaction ID that is attached to each message transaction that passes through API Gateway, and which is used for traffic monitoring in the API Gateway Manager web console. You can use the correlation ID to search for messages in the web console, and you can also access its value from a policy using the id message attribute. This setting is selected by default.

You can configure an HTTP interface to shut down based on certain conditions. One such condition is dependent on the API Gateway being able to contact a particular back-end web service running on a remote host. To do this, you can configure an HTTP Watchdog for a remote host to poll the endpoint. If the endpoint cannot be reached, the HTTP interface is shut down.

To configure the API Gateway to shut down an HTTP interface based on the availability of a remote host, perform the following steps:

For more information on adding a watchdog to a remote host, see Configure HTTP watchdog. For more information on adding conditions to an HTTP interface, see Configure conditions for HTTP interfaces.

A remote host is normally used to configure specific connection features for the outward connection, that is, for the connection from API Gateway to the backend service. However, you can also configure a remote host for an incoming connection, that is, for the connection from the client to API Gateway.

To configure an incoming remote host, configure the following settings on the General tab of the remote host settings: