Sample configuration for multiple peering objects on gateway services external to Kubernetes
Sample for reconfiguring the API Connect domain configuration for your gateway services to include multiple peering objects.
- This reference shows how to configure API Connect domain configuration with gateway-peering configuration. To review domain configuration settings, see Configuring DataPower Gateway for API Connect.
- This sample applies only to gateway services that are deployed external to Kubernetes, on either a physical or virtual appliance. This sample does not apply to gateway services that are deployed on Kubernetes.
The following examples show sample configuration for 3 different gateways, listed here with sample IP addresses of 1.1.1.1, 2.2.2.2, and 3.3.3.3. Note the following:
- The priority should be set differently on each of the three gateways. Set the lowest priority for the gateway that will run as primary.
persistence
should be set tomemory
for all configured peering objects.- Optionally, add SSL configuration.
- Configuration on gateway 1 (1.1.1.1)
-
top; configure terminal; domain apiconnect; visible default; exit; sw apiconnect; loglevel debug; logging target gwd-log type file format text timestamp syslog size 50000 local-file logtemp:///gwd-log event apic-gw-service debug exit config-sequence "apiconnect" location "local:///" watch "on" delete-unused "on" match "(.*)\.cfg$" summary "Toolkit Reboot configuration" run-sequence-interval 3000 optimize-for-apic on exit crypto key sth_apic sharedcert:///sth_apic-privkey.cer certificate sth_apic sharedcert:///sth_apic-sscert.cer idcred sth_apic sth_apic sth_apic ssl-client gwd_to_mgmt idcred sth_apic no validate-server-cert exit ssl-server gwd_to_mgmt idcred sth_apic no request-client-auth validate-client-cert off exit exit gateway-peering subs admin enabled local-address 1.1.1.1 local-port 15222 monitor-port 26222 priority 100 enable-ssl off enable-peer-group on peer 2.2.2.2 peer 3.3.3.3 persistence memory exit gateway-peering rate-limit admin enabled local-address 1.1.1.1 local-port 15223 monitor-port 26223 priority 100 enable-ssl off enable-peer-group on peer 2.2.2.2 peer 3.3.3.3 persistence memory exit gateway-peering gwd admin enabled local-address 1.1.1.1 local-port 15224 monitor-port 26224 priority 100 enable-ssl off enable-peer-group on peer 2.2.2.2 peer 3.3.3.3 persistence memory exit gateway-peering probe admin enabled local-address 1.1.1.1 local-port 15225 monitor-port 26225 priority 100 enable-ssl off enable-peer-group on peer 2.2.2.2 peer 3.3.3.3 persistence memory exit gateway-peering gws-rate-limit admin enabled local-address 1.1.1.1 local-port 15226 monitor-port 26226 priority 100 enable-ssl off enable-peer-group on peer 2.2.2.2 peer 3.3.3.3 persistence memory exit gateway-peering-manager admin enabled apic-gw-service gwd rate-limit rate-limit subscription subs apiprobe probe ratelimit-module gws-rate-limit apic-gw-service admin-state enabled local-address 0.0.0.0 local-port 3000 api-gw-address 0.0.0.0 api-gw-port 9443 v5-compatibility-mode off ssl-server gwd_to_mgmt ssl-client gwd_to_mgmt exit write mem
- Configuration on gateway 2 (2.2.2.2)
-
top; configure terminal; domain apiconnect; visible default; exit; sw apiconnect; loglevel debug; logging target gwd-log type file format text timestamp syslog size 50000 local-file logtemp:///gwd-log event apic-gw-service debug exit config-sequence "apiconnect" location "local:///" watch "on" delete-unused "on" match "(.*)\.cfg$" summary "Toolkit Reboot configuration" run-sequence-interval 3000 optimize-for-apic on exit crypto key sth_apic sharedcert:///sth_apic-privkey.cer certificate sth_apic sharedcert:///sth_apic-sscert.cer idcred sth_apic sth_apic sth_apic ssl-client gwd_to_mgmt idcred sth_apic no validate-server-cert exit ssl-server gwd_to_mgmt idcred sth_apic no request-client-auth validate-client-cert off exit exit gateway-peering subs admin enabled local-address 2.2.2.2 local-port 15222 monitor-port 26222 priority 105 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 3.3.3.3 persistence memory exit gateway-peering rate-limit admin enabled local-address 2.2.2.2 local-port 15223 monitor-port 26223 priority 105 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 3.3.3.3 persistence memory exit gateway-peering gwd admin enabled local-address 2.2.2.2 local-port 15224 monitor-port 26224 priority 105 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 3.3.3.3 persistence memory exit gateway-peering probe admin enabled local-address 2.2.2.2 local-port 15225 monitor-port 26225 priority 105 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 3.3.3.3 persistence memory exit gateway-peering gws-rate-limit admin enabled local-address 2.2.2.2 local-port 15226 monitor-port 26226 priority 105 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 3.3.3.3 persistence memory exit gateway-peering-manager admin enabled apic-gw-service gwd rate-limit rate-limit subscription subs apiprobe probe ratelimit-module gws-rate-limit exit apic-gw-service admin-state enabled local-address 0.0.0.0 local-port 3000 api-gw-address 0.0.0.0 api-gw-port 9443 v5-compatibility-mode off ssl-server gwd_to_mgmt ssl-client gwd_to_mgmt exit write mem
- Configuration on gateway 3 (3.3.3.3)
-
top; configure terminal; domain apiconnect; visible default; exit; sw apiconnect; loglevel debug; logging target gwd-log type file format text timestamp syslog size 50000 local-file logtemp:///gwd-log event apic-gw-service debug exit config-sequence "apiconnect" location "local:///" watch "on" delete-unused "on" match "(.*)\.cfg$" summary "Toolkit Reboot configuration" run-sequence-interval 3000 optimize-for-apic on exit crypto key sth_apic sharedcert:///sth_apic-privkey.cer certificate sth_apic sharedcert:///sth_apic-sscert.cer idcred sth_apic sth_apic sth_apic ssl-client gwd_to_mgmt idcred sth_apic no validate-server-cert exit ssl-server gwd_to_mgmt idcred sth_apic no request-client-auth validate-client-cert off exit exit gateway-peering subs admin enabled local-address 3.3.3.3 local-port 15222 monitor-port 26222 priority 110 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 2.2.2.2 persistence memory exit gateway-peering rate-limit admin enabled local-address 3.3.3.3 local-port 15223 monitor-port 26223 priority 110 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 2.2.2.2 persistence memory exit gateway-peering gwd admin enabled local-address 3.3.3.3 local-port 15224 monitor-port 26224 priority 110 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 2.2.2.2 persistence memory exit gateway-peering probe admin enabled local-address 3.3.3.3 local-port 15225 monitor-port 26225 priority 110 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 2.2.2.2 persistence memory exit gateway-peering gws-rate-limit admin enabled local-address 3.3.3.3 local-port 15226 monitor-port 26226 priority 110 enable-ssl off enable-peer-group on peer 1.1.1.1 peer 2.2.2.2 persistence memory exit gateway-peering-manager admin enabled apic-gw-service gwd rate-limit rate-limit subscription subs apiprobe probe ratelimit-module gws-rate-limit exit apic-gw-service admin-state enabled local-address 0.0.0.0 local-port 3000 api-gw-address 0.0.0.0 api-gw-port 9443 v5-compatibility-mode off ssl-server gwd_to_mgmt ssl-client gwd_to_mgmt exit write mem