Does Apigee cache proxy server's IP addresses when proxy's DNS name is configured in http.properties ?

sarthak
Participant V

I have an OPDK install which uses a proxy server to talk to an API ... the proxy is configured as a DNS name ... but it looks like the MP is caching the IP address of the proxy server and not the DNS name ... the IP which the DNS name mapps to changed and MP was not able to pick it up for 2 weeks before we did a MP restart ? Is that accurate ? Does the MP hold on to the IP address of the proxy server's DNS names ?

Solved Solved
3 6 7,412
1 ACCEPTED SOLUTION

Not applicable

Hi @sarthak , I believe you are talking about Mp caching the southbound enabler ips ?

If thats the case refer this http://www.myhowto.org/java/42-understanding-host-name-resolution-and-dns-behavior-in-java/

networkaddress.cache.ttl Specified in java.security to indicate the caching policy for successful name lookups from the name service.. The value is specified as as integer to indicate the number of seconds to cache the successful lookup.

A value of -1 indicates "cache forever". The default behavior is to cache forever when a security manager is installed, and to cache for an implementation specific period of time, when a security manager is not installed.

I believe you should change this on your http.properties

# the number of seconds to cache the successful DNS Lookup
# -1 indicates "cache forever"
# default: -1
#security.networkaddress.cache.ttl=-1

View solution in original post

6 REPLIES 6

Not applicable

Hi @sarthak , I believe you are talking about Mp caching the southbound enabler ips ?

If thats the case refer this http://www.myhowto.org/java/42-understanding-host-name-resolution-and-dns-behavior-in-java/

networkaddress.cache.ttl Specified in java.security to indicate the caching policy for successful name lookups from the name service.. The value is specified as as integer to indicate the number of seconds to cache the successful lookup.

A value of -1 indicates "cache forever". The default behavior is to cache forever when a security manager is installed, and to cache for an implementation specific period of time, when a security manager is not installed.

I believe you should change this on your http.properties

# the number of seconds to cache the successful DNS Lookup
# -1 indicates "cache forever"
# default: -1
#security.networkaddress.cache.ttl=-1

So does this apply to TARGET server addresses AND Proxy Server addresses?

in my environment we assume that all TARGET servers will be directly available - but in some cases we need to use a network proxy to reach things. To make this as seamless as possible to the userbase we have set up the proxy config settings in http.properties to include the local network's proxy - but told the message processor not to use it by default or to tunnel. at this point you can add a use proxy param to a target - inside your apigee proxy config - and force that target to use the proxy (or let it not use it..)

Is this the relationship you are BOTH talking about?

@Maruti Chand this is very interesting. Thanks a lot for pointing this out. Let me give it a shot.

Not applicable

Hi @sarthak and @Benjamin Goldman

Want to update this thread with my latest findings 🙂

I realized that the ttl values are being read from /opt/apigee4/conf/apigee/message-processor/security-policy.properties but not from http.properties as these values should be set even before the http module comes up.

In OPDK by default security.manager is false which means Apigee doesn't control the cache ttl as per this http://docs.oracle.com/javase/7/docs/technotes/guides/net/properties.html and

https://docs.oracle.com/javase/7/docs/api/java/net/InetAddress.html

 # Enable or disable the SecurityManager.  If false the SecurityManager
 # is not installed and all other properties in this file are ignored.  
enable.security.manager=false

when you say it doesnt control the cache ttl - does that mean it does not cache or that some other setting overrides it?

It can be set here jre/lib/security/java.security. More details here : https://docs.oracle.com/javase/7/docs/api/java/net/InetAddress.html