IBM DataPower provides the API Gateway functionality in API Connect v2018 and hence plays a key role in securing and API invocation.
In this post, will be demonstrating how to load balance traffics (both API & management traffic) to multiple instances of DataPower as part of API Connect environment configuration / setup.
Below diagram illustrates the gateway service connection in API Connect (taken from IBM API Connect 2018 Knowledge Center)
Pre-requisites
For the purpose of illustration, my configurations or environment uses
3 VM's, each corresponding to DataPower virtual deployment
Each of the DataPower VM's has been configured as DataPower API Gateway for API Connect . If not done, follow the steps provided in IBM API Connect 2018 knowledge center or refer to my earlier blog on API Connect V2018.4.x – Kubernetes Deployment on Google Cloud Platform (GCP) [ refer to section Configuring DataPower for API Gateway Mode]
Ensure NTP service is enabled and configured in default domain, across all the DataPower instances that are being load balanced
Configure Host Alias referring to the IP addresses of each of our DataPower VM's in the default domain, in all VM's
API Connect v2018 deployment of Management Service is completed (either Kubernetes based or OVA based is fine, though for my purpose I have gone for Kubernetes based deployment). [For steps, refer to my earlier blog API Connect V2018.4.x – Kubernetes Deployment on Google Cloud Platform (GCP)]
Cloud Management Console (CMC) of API Connect Management Server is accessible for configuring API Connect Topology
I will be using nginx load balancer as part of this illustration. You can choose to install the load balancer on the same machine in which API Connect Kubernetes cluster is running containing Management Server and other components or a separate Linux server. In my setup, am installing the load balancer in the same Linux machine having my API Connect Kubernetes deployment. To install nginx package on Linux, follow instructions provided in the URL http://nginx.org/en/linux_packages.html as per your Linux distribution
Configuring default-gateway-peering on DataPower VM's
Gateway peering defines a peer group of gateway members in the gateway cluster. We will configure the default-gateway-peering object in each DataPower instances to add the other instances as group members.
Following configuration is to be done in the application domain that has been created for API Connect configuration in each DataPower instances.
Login to DataPower Web GUI by selecting the application domain created for API Connect purpose or switch to that domain after logging-in.
Search for Gateway Peering object from the search bar in the navigation bar on the left-side
Click on the default-gateway-peering object shown to configure & enable the object
Configure the Local Address (this is the address for management traffic), local port & monitor port and enable Peer Group mode checkbox as shown below
In the Peers section, click on Select Alias to select and add the host alias of other 2 DataPower instances as members to this peer group.
After adding all the other DataPower instances as peers to this default-gateway-peering object, select the Administrative state of the object as enabled and click Apply.
Check the status of gateway peering by searching for Gateway Peering in navigation bar and clicking on the Gateway Peering Status option as shown below. The Link status of each member (DataPower instance) in the peering group should be ok.
Repeat the step in each of the other DataPower instance VM's
Now that the DataPower Peering between 3 instance of the DataPower is configured successfully, now lets configure the load balancer. Note down the Local Port & API Gateway Port details from the API Connect Gateway Service object that would have been configured as part of the pre-requisite step mentioned in this post, from all the DataPower instances. This is required for the Load Balancer configuration.
NGINX Load Balancer Configuration
To configure the nginx load balancer, edit the /etc/nginx/nginx.conf file using appropriate text editor like vim / nano etc.
Add the section stream after the http section as shown in below snapshot to specify the listening ports of load balancer for management and data traffic and the appropriate routing details to DataPower instances.
For our configuration of nginx load balancer as per above snapshot,
nginx mgmt listen port = 3000
nginx data listen port = 9443
Now, you could register the Gateway Service in API Connect Cloud Manager, by following the instructions specified in IBM API Connect 2018 Knowledge Center or by referring to earlier blog on API Connect deployment. Note, while registering the gateway service, provide the value for the following properties as
Management Endpoint : https://<nginx load balancer IP or host name>:<nginx mgmt listen port>
API Invocation Endpoint and SNI : https://<nginx load balancer IP or host name>: <nginx data listen port>
In case of any queries / suggestion / corrections, please comment on the post itself or mail me at reachnebula@learnibmesb.com
Comments