The API Gateway uses a HTTP client to send HTTP requests to HTTP-enabled servers. This client is configured with several default values that may limit the number of outbound HTTP connections to a specific host or to all outbound destinations. The API Gateway will be unable to route requests via HTTP(S) if these limits are being met.

API Gateway

The following message may appear in the audit records or Gateway logs:

Problem routing to http://<HostName>/service. Error msg: Unable to obtain HTTP response from http://<HostName>/service: Read timed out. Timed out at 60000ms.

This error message can indicate that the API Gateway did not receive any HTTP-related packets over an existing TCP connection during a specific duration.

This occurs most commonly for one of two reasons:

1. The protected service being routed to is busy. For example: A TCP connection can be opened by the server application has queued the request
2. The outbound HTTP client connection limits have been exceeded. For example: The API Gateway has too many concurrent HTTP requests going to one specific host

To resolve this issue, configure the API Gateway to allow more outbound HTTP requests to a specific host. This can be done as follows:

1. Log in to the API Gateway as the ssgconfig user
2. Select Option #3: Use a privileged shell (root)
3. Open the /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties file in a text editor
4. Append the following system properties

• com.l7tech.common.http.prov.apache.CommonsHttpClient.maxConnectionsPerHost=1500
• com.l7tech.common.http.prov.apache.CommonsHttpClient.maxTotalConnections=3000

5. Save the file and exit the editor
6. Restart the Gateway appliance
7. Repeat steps #1 through #6 on each node in the cluster