ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Virtual Appliance Network Interfaces

book

Article ID: 237724

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are starting to plan for a new Internal API Gateway Virtual VMware Appliance and had a couple of questions.  

We are looking to have 1 network interface that will handle the incoming requests and 3 network interfaces which will handle the outgoing requests with each one having access to a different VLAN. 

 

Is this possible with the VMware Appliance and how would we direct a policy to use a specific network interface?

 

Environment

Release : 10.0

Component : API GATEWAY

Resolution

NOTE: This is a customized configure beyond our docs.  This type of configuration would need to be done on the appliance by Linux Network admin at the OS level  (customizing iptables, routing….) 

 First issue inbound and configuration I think the multi interface docs looks like a possibility.  Will the three need to share the same listening port (8443) and service?  If so can they be defined using an address pattern?

Configure a new interface using Address patterns for selected interfaces in Policy Manager  - Manage listening Ports.  Can the three be defined by a address patterns

Example Name: “Inbound” with address pattern 10.74.32.0/21

10.74.32.0/21 (Subnet) Range 10.74.32.1 - 10.74.39.254

 

 

Outbound 

If you created a vlan interface on the Gateway...  you can clone the existing interface by adding a Vlan link to it

# ip link add link ssg_eth0 name ssg)_eth0.1 type vlan id1

# ip link set ssg_eth0.1 up

First line is to add a link to the existing ssg_eth0 (can be done to any of the configured interface) and to assign to it the VLAN ID tag, second line to bring the interface up, then they can setup the virtual interface with the correct ip 

The outbound doesn't matter... tcp packets carrying a vlan tag should  be routed to correct subnet/ip