I have an OPDK install which uses a proxy server to talk to an API ... the proxy is configured as a DNS name ... but it looks like the MP is caching the IP address of the proxy server and not the DNS name ... the IP which the DNS name mapps to changed and MP was not able to pick it up for 2 weeks before we did a MP restart ? Is that accurate ? Does the MP hold on to the IP address of the proxy server's DNS names ?
Solved! Go to Solution.
Hi @sarthak , I believe you are talking about Mp caching the southbound enabler ips ?
If thats the case refer this http://www.myhowto.org/java/42-understanding-host-name-resolution-and-dns-behavior-in-java/
networkaddress.cache.ttl Specified in java.security to indicate the caching policy for successful name lookups from the name service.. The value is specified as as integer to indicate the number of seconds to cache the successful lookup.
A value of -1 indicates "cache forever". The default behavior is to cache forever when a security manager is installed, and to cache for an implementation specific period of time, when a security manager is not installed.
I believe you should change this on your http.properties
# the number of seconds to cache the successful DNS Lookup # -1 indicates "cache forever" # default: -1 #security.networkaddress.cache.ttl=-1
Hi @sarthak , I believe you are talking about Mp caching the southbound enabler ips ?
If thats the case refer this http://www.myhowto.org/java/42-understanding-host-name-resolution-and-dns-behavior-in-java/
networkaddress.cache.ttl Specified in java.security to indicate the caching policy for successful name lookups from the name service.. The value is specified as as integer to indicate the number of seconds to cache the successful lookup.
A value of -1 indicates "cache forever". The default behavior is to cache forever when a security manager is installed, and to cache for an implementation specific period of time, when a security manager is not installed.
I believe you should change this on your http.properties
# the number of seconds to cache the successful DNS Lookup # -1 indicates "cache forever" # default: -1 #security.networkaddress.cache.ttl=-1
So does this apply to TARGET server addresses AND Proxy Server addresses?
in my environment we assume that all TARGET servers will be directly available - but in some cases we need to use a network proxy to reach things. To make this as seamless as possible to the userbase we have set up the proxy config settings in http.properties to include the local network's proxy - but told the message processor not to use it by default or to tunnel. at this point you can add a use proxy param to a target - inside your apigee proxy config - and force that target to use the proxy (or let it not use it..)
Is this the relationship you are BOTH talking about?
@Maruti Chand this is very interesting. Thanks a lot for pointing this out. Let me give it a shot.
Hi @sarthak and @Benjamin Goldman
Want to update this thread with my latest findings 🙂
I realized that the ttl values are being read from /opt/apigee4/conf/apigee/message-processor/security-policy.properties but not from http.properties as these values should be set even before the http module comes up.
In OPDK by default security.manager is false which means Apigee doesn't control the cache ttl as per this http://docs.oracle.com/javase/7/docs/technotes/guides/net/properties.html and
https://docs.oracle.com/javase/7/docs/api/java/net/InetAddress.html
# Enable or disable the SecurityManager. If false the SecurityManager # is not installed and all other properties in this file are ignored. enable.security.manager=false
when you say it doesnt control the cache ttl - does that mean it does not cache or that some other setting overrides it?
It can be set here jre/lib/security/java.security. More details here : https://docs.oracle.com/javase/7/docs/api/java/net/InetAddress.html
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |