Unable to connect to Back end API service, hosted on Private Azure Network through APIGEE Edge

Not applicable

Please see below attached "Network" diagram for Request life cycle and for Environment details.

Network Diagram:network-diagram.png

Issue is:

Able to connect Public LoadBalacer (Public IP) from APIGEE Edge Server

Unable to connect PRIVATE LoadBalacer (PRIVATE IP) from APIGEE Edge Server.

Observation:

We already raised a firewall request and verified with the Nework Security team as well. Required firewall rules are already implemented

also checked through nc -v command in linux.

We are able to see the ICMP traffic getting from the (APIGEE Edge Dev Server) xxx.xx.xx.82 => xx.xx.xx.100 (Private Load Balancer)

Everytime when we run the API Proxy from TRACE in APIGEE EDGE we were getting exception as

502: Bad Gateway Exception

Exception Body:

Body {"fault":"{\"detail\":{\"errorcode\":\"messaging.adaptors.http.UnexpectedEOF\"},\"faultstring\":\"Unexpected EOF\"}"}

Question:

1. Is there any internal firewall on APIGEE Edge server which is blocking the traffic?

2. APIGEE Edge sever is hosted on Linux machine so is there any IP configuration we need to o on the Linux server(APIGEE)?

3. Is there any issue with APIGEE Edge Server while connecting Private machine on Azure

0 2 1,043
2 REPLIES 2

@Vinod

Just wondering, have you resolved the problem? what is the solution? We are planning a similar implementation, would love to hear your solutions.

There is a good article here: https://docs.apigee.com/api-platform/troubleshoot/runtime/502-bad-gateway which goes through some good troubleshooting tips to check.

You mentioned your Apigee edge is hosted on a linux server? Can I confirm this is a (non SaaS) deployed Apigee instance?

Are you able to replace your target server with a fake Mock target server to test the Api call?

Maybe share an Apigee trace when you run an API call and check where the EOF is coming from. Is it sending out the Api call correctly to the target server? You could grab the exact command being sent out to the target server and check for yourself.

just some thoughts.