The default configuration of the CA API Gateway is optimized for handling messages in the range of 1 to 50 . There are a several specific changes that are required for tuning the Gateway appliance to handle larger messages.
Several settings and configuration files must be changed in order to meet this use case:
To check for how much memory is being allocated to java for the gateway, use the ps -efa | grep Gateway.jar | grep --color Xmx command.
The following configuration file has the multiplication factor for the amount of memory. By default its 1/2
/opt/SecureSpan/Gateway/runtime/etc/profile.d/appliancedefs.sh
Change the multiplication factor to a higher number than 1/2. Example 2/3 or 4/5
For more information on this please see: https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=12306
Log in to the CA API Gateway Policy Manager as an administrative user.
Open the Manage Cluster-Wide Properties task
Add or edit the following properties:
There are also three additional cluster-wide properties that need to be set with customized values:
template.partBodyMaxSize specifies the maximum amount of memory to use for storing message parts. The value of this property should meet or exceed the maximum expected size of an individual message part. Setting this property to a value that exceeds the total size of the message should be sufficient.
attachment.diskThreshold specifies the maximum size of a message attachment to store in memory before stashing it to disk. If a message attachment exceeds the size of this value then the attachment will be stashed to disk. This value should meet or exceed the maximum total size of any individual message attachments for MTOM or Soap With Attachments.
io.httpParamsMaxFormPostBytes maximum number of bytes to buffer when processing an HTTP form POST. Technical Note: The io.httpParamsMaxFormPostBytes cluster property replaces the former com.l7tech.message.httpParamsMaxFormPost system property. However if the system property is set, it overrides this cluster property.
In some circumstances, it may be necessary to change one or more service policies or global policy fragments to minimize the risk of globally increasing the maximum message and attachment thresholds. There are a few factors that are at play with respect to this behavior and what should be changed. The following items must be taken into consideration:
If the service policy acts upon a request or response message that exceeds io.xmlMaxPartBytes then the request will fail. "Acts upon" includes but is not limited to: Any threat protection assertion, XPath evaluation, regular expression evaluation, message transformation. This limitation is overridden by using Limit Message Size assertion. The Gateway will enforce the message size on a per-service basis as long as that assertion is used. The assertion is overridden by enabling "Perform WS-Security Processing..." within the Service Properties dialog. If this is enabled then io.xmlMaxPartBytes overrides the value of Limit Message Size assertion. This occurs because the WS-Security processing specified above occurs before the service policy itself (and before Limit Message Size would take over as the authority).
Below are some examples to illustrate the interaction of these changes:
Listen Ports
This is specific to incoming Gateway requests that would be passed through to a backend or processed by Gateway and stopping there.
Complete the [Advanced] tab of the Listen Port Properties as follows:
If you need to support large uploads (>2GB), select the "Override maximum message size" check box and specify a new limit or allow unlimited message size.