Input/Output Cluster Properties

The following cluster properties configure input/output behavior on the gateway node or node cluster.
gateway94
The following cluster properties configure input/output behavior on the
node or node cluster.
Refer to "Time Units" under Cluster Properties for a list of the valid time units that you can use for time-related properties.
Property
Description
concall.globalCoreConcurrency
Number of assertions that can execute concurrently when using the Run All Assertions Concurrently Assertion. The value is the number of concurrent threads typically available to the assertion.
Default:
32
concall.globalMaxConcurrency
Maximum number of assertions that can execute concurrently when using the Run All Assertions Concurrently Assertion. This is a global limit across all such assertions.
Default:
64
The value of
concall.globalMaxConcurrency
should not exceed twice that of
concall.globalCoreConcurrency
.
concall.globalMaxWorkQueue
Maximum number of assertions that are waiting to execute concurrently. Once this limit is reached the Gateway runs assertion serially (that is, non-concurrently) until the queue drops.
Note that the work queue does not begin to fill up unless the
concall.globalMaxConcurrency
value is already reached.
Default:
64
The value of
concall.globalMaxWorkQueue
should not exceed twice that of
concall.globalMaxConcurrency
.
io.httpDefaultContentTypeCharset
Defines the value of the
Content-Type
HTTP header charset. Use this property when a response does not have a Content-Type header charset.
Default:
none
io.debugSsl
Controls whether to log debug information for SSL and TLS operations. Value is a Boolean. Restart the Gateway for changes to take effect.
Default:
false
io.EmailListenerMessageMaxBytes
Maximum size of an email message, including all MIME parts. Enter "0" (zero) for unlimited size.
This property affects only request messages. (Inbound from the client to the Gateway, outbound from the Gateway to the back-end system, and inbound from the back-end system to the Gateway). It has no effect on the size of response messages that are returned to the client using the Gateway.
Default:
2621440
(bytes)
io.failoverServerRetryDelay
Time before retrying a failed server when using a "Round-Robin" or "Ordered Sticky with Failover" failover strategy. This setting is used by assertions with a failover strategy; examples include the Scan Using ICAP-Enabled Antivirus Assertion.
A value of zero indicates delays for these failover strategies:
  • "Ordered Sticky with Failover":
    15m
  • "Round Robin":
    5m
The maximum server retry delay is 2^63-1 milliseconds.
Default:
0
(milliseconds)
io.httpAllowBackslash
Determines whether the backslash ('\') character is permitted URLs. Values is a Boolean.
Default:
false
io.httpChallengeOrder
Controls whether the legacy order is used in HTTP response challenges. The valid values are:
  • reverse
    : Use the legacy challenge order (NTLM, Negotiate, Digest, Basic)
  • windows
    : Use the Windows challenge order (Negotiate, NTLM, Digest, Basic).
Default:
windows
io.httpConcurrencyWarning.repeatDelay
Controls how frequently audit messages warning about HTTP(S) thread pool concurrency exceeding a threshold should repeat. Changes take effect immediately.
For more information, see "Advanced Properties" in Listen Port Properties.
Default:
60
(seconds)
io.httpConnectionIdleInterval
Determines the interval between checks for outbound HTTP connection timeout (timeunit)
Default:
5
(seconds)
This is a hidden property that is editable by typing in its name in the
Key
field and then pressing [Tab]. (It
cannot
be located using the drop-down list.)
io.httpConnectionIdleTimeout
Maximum time that an HTTP connection may remain idle before it times out. Value is in seconds. Enter "0" (zero) to have the connection never time out.
Default:
0
(seconds)
This is a hidden property that is editable by typing in its name in the
Key
field and then pressing [Tab]. (It
cannot
be located using the drop-down list.)
For improved performance, consider setting this property to 5 seconds. This preserves performance, while ensuring that resources are not being consumed unnecessarily by leaving connections open when no shutdown acknowledgment is received.
io.httpCoreConcurrency
Number of concurrent active HTTP connections per node. A negative number means to use a fraction of
io.httpMaxConcurrenc
y. For example, "-5" would mean 1/5 of the maximum.
Default:
500
For a detailed discussion on how to best use this property along with
io.httpMaxConcurrency
, see "Increasing 'io.httpCoreConcurrency' and 'io.httpMaxConcurrency'" below.
io.httpDefaultContentType
Value of the "Content-Type" HTTP header to use if a response does not have a "Content-Type" header.
If a value is configured for this cluster property and the Gateway encounters a response without a "Content-Type" header, audit message 4049 is generated.
The value can include parameters, such as "text/xml; charset=utf-8". If the value is not valid, it is ignored and a warning is logged.
Default:
none
io.httpDisableKeepAlive
Disables the HTTP Keep-Alive connections for outbound HTTP connections (other than routing assertions). Value is a Boolean.
Default:
false
io.httpEnableAutoChallenge
Enables Auto Challenge when preemptive authenticate is used.
Default:
false
This is a hidden property that is editable by typing in its name in the
Key
field and then pressing [Tab]. (It
cannot
be located via the drop-down list.)
io.httpExpectContinue
Uses an "Expect: 100-continue" header during HTTP routing to improve efficiency when authenticating. Value is a Boolean.
Default:
false
io.httpMaxConcurrency
Maximum number of concurrent HTTP and HTTPS connections (per node) that can be active simultaneously without causing delays. Changes to this setting take effect within 30 seconds. This value is shared across all listen ports that are not configured to use their own private thread pool.
Default:
750
Technical Note:
The value of
io.httpMaxConcurrency
is closely linked to the
c3p0DataSource.maxPoolSize
setting within the
node.properties
file.
Additional Information
Increasing the concurrency limit permits more in-flight requests to be handled simultaneously. This increases throughput in situations where the performance bottleneck is inbound requests waiting for a handler thread. For example, this may occur when many threads are busy inside Route via HTTP(S) Assertions waiting for a slowback end server. The drawback of increasing concurrency is that it increases the working set size of the Gateway: each in-flight request requires some amount of memory to do its job.
The memory that is required by a Gateway under peak load depends on a variety of factors:
  • the mix of requests and their sizes
  • the assertions being used (for example, if DOM parsing of large XML requires substantially more memory than simply passing through message bodies)
  • the request size limits (such as the value of the
    io.xmlPartMaxBytes
    cluster property).
For a details on how to best use this property, see "Increasing io.httpCoreConcurrency and io.httpMaxConcurrency" below.
io.httpParamsMaxFormPostBytes
Maximum number of bytes to buffer when processing an HTTP form post (application/x-www-form-urlencoded).
Default:
5242880
Technical Note:
The
io.httpParamsMaxFormPostBytes
cluster property replaces the former
com.l7tech.message.httpParamsMaxFormPost
system property.However if the system property is set, it overrides this cluster property.
io.httpRequestAuthzHashAlg
Available as of Version 9.4 CR2
Hashes the authorization header so that subsequent requests from the same host, port, and with the same authorization header can reuse the outbound connection.
Default:
true
io.httpResponseStreamUnlimited
Ignores message size limit when streaming HTTP responses. Value is a Boolean.
Default:
true
io.httpResponseStreaming
Streams responses back to the client. Value is a Boolean.
  • true
    : The Gateway streams a response to a request that arrived over HTTP. The response must be from a routing assertion that supports streaming (such as HTTP or SSH routing). There must be nothing in the service policy that requires examination of the response by the Gateway.
    When streaming is in effect, the response body is not buffered by the Gateway before being returned to the client. This can greatly reduce the overall latency, especially for large responses. This setting is the default.
    Observe the following issues when enabling streaming:
    • Streamed responses are not accessible by the Audit Sink policy
    • The client should have its own provisions for protecting itself if your service policy contains no logic for checking the response.
  • false
    : The Gateway always buffers the entire response before returning it to the client, regardless of whether the policy requires an examination of the response.
io.httpRoutingAuthorizationStatePoolTimeout
Specifies the period of time a connection identifier can remain in the pool while idle, during the routing of requests using HTTP(S). Value is a time unit.
Examples:
  • The Gateway receives a message and routes it to a back-end server using a set of username/password credentials. If no more requests with the same username/password come in within this timeout period, the identifier expires.
  • After an identifier expires, if a new message then comes in with the same credentials, the Gateway generates a new identifier and opens a new connection.
  • If a new message comes in before the timeout period, the Gateway uses the same identifier for routing. This means it reuses the connection that was previously opened.
Default:
1m
io.httpRoutingAuthorizationStatePoolSize
Sets the maximum number of HTTP(S) connection identifiers that can be stored by the Gateway. Once the maximum is reached, the oldest identifiers are dropped when new ones are created. If a request tries to use an old dropped identifier, the Gateway opens a new connection.
Default:
10000
io.httpVersion
Sets the HTTP version that is used by the routing assertions. If set to "1.0", the cluster property
io.httpExpectContinue
is ignored.
Default:
1.1
The default value may be overridden during HTTP(S) routing though the [
Request HTTP Rules
] tab in the Route via HTTP(S) Assertion.
io.httpsHostAllowWildcard
Determines whether wildcards are permitted when verifying hostnames:
  • true
    = the wildcard character '*' is permitted when verifying server hostnames against the certificate name
  • false
    = the wildcard character is not permitted; the server hostname must be explicit
Default:
false
io.httpsHostVerify
Enables verification of server names against certificates, for certificates that are not trusted and which are unsigned by another trusted certificate.
  • true
    = server name is verified against the name on the certificate. A mismatch causes a validation failure.
  • false
    = server name is not verified against the name on the certificate. A mismatch does not result in a validation failure.
Default:
true
This setting works with the "Verify Hostnames for Outbound SSL Connections" setting for a certificate. For details, see Edit a Certificate.
io.jmsConnectionCacheMaxAge
Maximum age for a cached JMS connection. Enter "0" (zero) for no time limit. Value is a time unit.
Default:
10m
io.jmsConnectionCacheMaxIdleTime
Maximum time that an idle JMS connection is cached. Enter "0" (zero) for no time limit. Value is a time unit.
Default:
5m
io.jmsConnectionCacheMaxSize
Number of JMS connections to cache. Enter "0" (zero) to disable caching for JMS connections, and for WebLogic JMS destinations. The cache size is a soft limit that can be exceeded under the following conditions:
  • There are hundreds of concurrent requests using JMS routing, each with a distinct connection. In this case, there would be as many JMS connections are there are requests, even if this exceeds the
    io.jmsConnectionCacheMaxSize
    property.
  • If template outbound destinations are used, it is possible to create new queue connections dynamically (one per request). In this case, the cache size may be exceeded until eligible cached connections are removed.
For connection pooling, ensure that this property value is set to a number that is higher than the total number of queues of all the JMS destinations to avoid connection leaks.
Default:
100
io.jmsConnectionEvictionBatchSize
The number of expired idle connections to be collected during each run of the pool cleanup task (maximum 10000).
Default:
1
io.jmsConnectionIdleTime
Maximum time that an idle JMS connection can remain in the connection pool when the number of idle connections exceeds the specified idle connection limit (
io.jmsSessionMaxIdle
). Enter "0" (zero) for no limit. Value is a time unit.
Default:
5m
io.jmsConnectionMaxWait
Maximum time to wait while acquiring a JMS Connection. Enter "0" (zero) for no limit.
Default:
5s
io.jmsConnectionMinIdle
The minimum number of reserved idle connections in the connection pool (maximum 10000).
Default:
0
io.jmsConnectionPoolSize
The maximum JMS Connection pool size (maximum 10000).
Default:
1
For best results, use a connection pool size between 100 and 200.
io.jmsConnectionTimeBetweenEviction
The interval between pool cleanup thread runs. Value is a time unit.
Default:
10s
io.jmsConsumerConnections
Number of inbound JMS consumer connections that are allowed for a JMS destination across the cluster. This value can be overridden for individual JMS destinations through the [Inbound Options] tab of the JMS Destination Properties.
Default:
1
io.jmsMessageMaxBytes
Maximum size of a JMS message, including all MIME parts. Enter "0" (zero) for unlimited size. This property affects only request messages (inbound from the client to the Gateway, outbound from the Gateway to the back-end system, and inbound from the back-end system to the Gateway). It has no effect on the size of response messages that are returned to the client via the Gateway.
Default:
2621440
(bytes)
io.jmsRoutingMaxRetries
Maximum number of connection attempts for an outbound JMS Queue.
Default:
5
io.jmsRoutingRetrySleep
Time to sleep after a connection error for an outbound JMS Queue.
Default:
1s
io.jmsSessionMaxIdle
Maximum number of sessions that can sit idle in the session pool (maximum 10000). Enter "-1" to indicate no limit.
Default:
8
io.jmsSessionMaxWait
Maximum period of time to wait for an idle session when the pool is exhausted. Enter "0" (zero) for no limit. Value is a time unit.
Default:
5000ms
io.jmsSessionPoolSize
Maximum number of sessions that can be allocated by the session pool (maximum 10000). Enter "-1" to indicate no limit.
Default:
8
io.mqConnectionCacheMaxAge
Maximum age for a cached MQ native connection. Enter "0" (zero) for no time limit. Value is a time unit.
Default:
10m
io.mqConnectionCacheMaxIdleTime
Maximum time an idle MQ native connection is cached. Enter "0" (zero) for no time limit. Value is a time unit.
Default:
5m
io.mqConnectionCacheSize
Number of MQ native connections to cache. Enter "0" (zero) to disable caching for MQ native connections. The cache size is a "soft" limit that may be exceeded under the following conditions:
  • There are hundreds of concurrent requests using MQ native routing, each with a distinct connection. In this case, there would be as many MQ connections are there are requests, even if this exceeds the
    io.mqConnectionCacheMaxSize
    property.
  • If template outbound queues are used, it is possible to create new queue connections dynamically (one per request). In this case, the cache size may be exceeded until eligible cached connections are removed.
Default:
100
io.mqConversionCCSID
Sets a requested CCSID to convert for the Gateway in a MQGET from the IBM MQ server. This property requires that the
io.mqConvertMessageApplicationDataFormat
cluster property be set to
true
to enable MQGMO_CONVERT.
Value is a CCSID value (integer). The default value of "0" is converted to 819 (ISO-8859-1) in the Gateway. CA Technologies recommends the use of either 819 (ISO-8859-1) or 1208 (UTF-8).
Setting this cluster property to
0
or
819
produces the same results (ISO-8859-1 is used). To use UTF-8, set this property to
1208
. For a list of CCSIDs, see: https://www-01.ibm.com/software/globalization/ccsid/ccsid_registered.html
Default:
0
(ISO-8859-1 is used)
io.mqConvertMessageApplicationDataFormat
Convert the MQ Message application data to a format specified by the queue manager. Value is a Boolean.
The conversion occurs when:
Default:
true
io.mqForceReturnPropertiesInMQRFH2Header
Force the properties in an MQ Message to be returned in the MQRFH2 header when reading a message from a queue. This occurs when:
  • a MQ listener gets a message from a queue, or
  • the MQ Native routing assertion gets a message from a queue, or
  • the MQ Native routing assertions gets a reply message after writing a message to a queue
Default:
false
When this cluster property is enabled, you must reference the message properties using different context variables. For example, to look up the value of the “myMessageProperty” property in a request message:
  • Use this:
    ${request.mqnative.additionalheader.myMessageProperty}
  • Instead of this:
    ${request.mqnative.property.myMessageProperty}
io.mqMessageMaxBytes
Maximum size of an MQ Native message, including all MIME parts. Enter "0" (zero) for unlimited size. This property affects only request messages. It has no effect on the size of response messages that are returned to the client via the Gateway.
Default:
2621440 bytes
All these are considered request messages:
  • inbound from the client to the Gateway
  • outbound from the Gateway to the back-end system
  • inbound from the back-end system to the Gateway
io.mqPutOperationCorePoolSize
Specifies the initial pool size for the thread pool for PUT operation on the MQ Native queue.
Default:
50
io.mqPutOperationPoolKeepAliveDuration
Specifies the keep alive duration in seconds of threads in the pool for PUT operation on MQ Native queue.
Default:
60
io.mqPutOperationMaxPoolSize
Specifies the maximum pool size for the thread pool for PUT operation on the MQ Native queue.
Default:
100
io.mqResponseTimeout
Time the Route via MQ Native Assertion waits for a response on the replyTo queue before timing out. This value can be overridden in the "MQ response timeout" field in the assertion properties.
Default:
10000
(milliseconds)
io.mqRoutingMaxRetries
Maximum number of connection attempts for an outbound MQ Queue.
Default:
5
io.mqRoutingRetrySleep
Time to sleep after a connection error for an outbound MQ Queue.
Default:
1s
io.mqRoutingSetAllContext
Controls which MQ message descriptors can be set. Value is a Boolean.
  • true
    = All MQ message descriptors can be set, with the exception of the following:
  • false
    = When adding a new message descriptor, only the MQ message descriptors visible in the “Name” drop-down list can be set (see Customizing MQ Messages). This setting is the default.
    • backoutCount
    • messageSequenceNumber
    • originalLength
For a list of MQ message descriptors, see “Class MQMessage” on the IBM WebSphere web site.
io.outConnectTimeout
Maximum time to wait for a connection to be established for routing. If exceeded, routing fails (or fails over). This timeout can be overridden for a specific routing assertion through the HTTP(S) Routing Properties.
Default:
30000
(milliseconds)
io.outTimeout
Maximum time for response data to be read for the outbound request. If exceeded, routing fails (or fails over). This timeout can be overridden for a specific routing assertion through the HTTP(S) Routing Properties.
Default:
60000
(milliseconds)
io.rateLimit
Minimum rate for incoming requests.
Default:
1024
(bytes per second)
io.rateTimeout
IO timeout period for incoming request rate checking.
Default:
60000
(milliseconds)
io.signedPartMaxBytes
Maximum size of attachments that are permitted for signature processing. Enter "0" (zero) for unlimited size. This property is enforced for any signed message part that is processed for security.
Default:
5242880
(bytes)
io.staleCheckCount
Number of stale checked connections per interval.
Default:
1
io.staleCheckHosts
Maximum number of stale checked hosts.
Default:
10
io.timeout
IO timeout for incoming requests from the client before timing out. This is the amount of time the Gateway will wait for data from the client before timing out.
Default:
60000
(milliseconds)
io.xmlPartMaxBytes
Maximum size of the XML part of a message (part 1). When the maximum message size is reached, a SOAP fault '500' is returned. Enter "0" (zero) for unlimited size.
Use the setting to constrain the use of Gateway resources. Rather than enforcing an arbitrary size limit, use the Limit Message Size Assertion. Do not use with small values.
Default:
2621440
(bytes)
1) If compression is in effect, this property applies to the uncompressed message size. 2) The Route via Raw TCP Assertion uses a different method of restricting message size. 3) If
io.xmlPartMaxBytes
is not returning correct results, try setting
io.httpResponseStreamUnlimited
to "false."
jms.connectErrorSleep
Time to wait after an inbound JMS connection error before attempting a reconnection. Value is a time unit.
Default:
60s
jms.listenerThreadLimit
Number of processing threads that can be created to work off all JMS endpoints. Value must be >= 5.
Default:
25
jms.ResponseTimeout
Time the Route via JMS assertion waits for a response on the
replyTo
queue before timing out. This value can be overridden in the "JMS response timeout" field in the assertion properties.
Default:
10000
(milliseconds)
mq.connectErrorSleep
Time to wait after an inbound MQ Native connection error before attempting to connect again. Value is a time unit.
Default:
60s
Changes to this cluster property require a listener or Gateway restart to take effect. To restart the listener, edit and save the MQ Native configuration.
mq.ConnectionPool.maxActive
Maximum number of active connections per MQ Native connection pool. Enter "0" (zero) to allow no active connections. Any negative value indicates unlimited active connections.
This property is used in the [Outbound Options] tab of the MQ Native Queue Properties.
Default:
20
mq.ConnectionPool.maxIdle
Maximum number of idle connections that are allowed in a MQNative connection pool. Enter "0" (zero) to allow no idle connection. Any negative value indicates unlimited idle connections.
This property is used in the [Outbound Options] tab of the MQ Native Queue Properties.
Default:
20
For best performance, set
mq.ConnectionPool.maxIdle
to the same value as
mq.ConnectionPool.maxActive
.
mq.ConnectionPool.maxWait
Maximum amount of time to wait for an MQ Native connection to become available. Value is in milliseconds. Enter "0" (zero) or a negative value to wait indefinitely.
This property is used in the [Outbound Options] tab of the MQ Native Queue Properties.
Default:
-1
mq.listenerInboundFailureQueuePutMessageOptions
Customize the PUT message options when the consumption of an inbound message fails. See "Configuring the [Inbound Options] Tab" in the MQ Native Queue Properties.
This cluster property has no default and it is consulted only if no Failure queue Put Message option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.listenerInboundGetMessageOptions
Customize the inbound MQ Native listener's Get Message options when consuming a message (Receiving Message). See "Configuring the [MQ Connection Properties] Tab" in the MQ Native Queue Properties.
This cluster property has no default and it is consulted only if no Get option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.listenerInboundOpenOptions
Customize the Open options when accessing a queue object for the inbound MQ Native listener (Receiving Message). See "Configuring the [MQ Connection Properties] Tab" in the MQ Native Queue Properties.
This cluster property has no default and it is consulted only if no Open option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.listenerOutboundReplyQueueGetMessageOptions
Customize the GET reply message options for the outbound MQ Native connector. See "Configuring the [Outbound Options] Tab" in the MQ Native Queue Properties.
This cluster property has no default. It is consulted only if no Get Reply Message option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.listenerInboundReplyQueuePutMessageOptions
Customize the PUT message options for the inbound MQ Native listener. See "Configuring the [Inbound Options] Tab" in the MQ Native Queue Properties.
This cluster property has no default. It is consulted only if no Reply queue Put option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.listenerMaxConcurrentConnections
Maximum number of concurrent connections that are allowed for any inbound MQ Native queue.
Default:
1000
(1) The limit that is specified here overrides any larger value specified in the queue properties (in the Inbound Options tab of the MQ Native Queue Properties. (2) Changes require a listener or Gateway restart.
mq.routingGetOpenOptions
Customize the GET open options for the Route via MQ Native Assertion (see "Configuring the [Target] Tab").
This cluster property has no default and it is consulted only if no Open option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.routingGetMessageOptions
Customize the GET message options for the Route via MQ Native Assertion (see "Configuring the [Target] Tab").
This cluster property has no default and it is consulted only if no GET message option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.routingPutMessageOptions
Customize the PUT message options for the Route via MQ Native Assertion (see "Configuring the [Target] Tab").
This cluster property has no default. It is consulted only if no PUT message option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.routingPutOpenOptions
Customize the PUT open options for the Route via MQ Native Assertion (see "Configuring the [Target] Tab").
This cluster property has no default and it is consulted only if no PUT open option is specified. If it is not set when consulted, the Gateway uses the defaults from the MqNativeConstants class.
mq.listenerPollingInterval
Time to wait when polling for messages on an empty queue. Value is a time unit.
Default:
5s
Changes to this cluster property require a listener or Gateway restart to take effect. To restart the listener, edit and save the MQ Native configuration.
mq.listenerThreadLimit
Number of processing threads that can be created to work off all MQ endpoints. Value must be >= 5.
Default:
25
Changes require a Gateway restart.
mq.preventAuditFloodPeriod
Time to prevent audit message flooding by the MQ Native listener. If the most recent listener audit message occurred within this period, the next listener message is logged (no audit record is created). Enter "0" (zero) for no audit flood throttling. Value is a time unit.
Default:
0s
Changes to this property requires a restart of the MQ listener or the Gateway. To restart the listener, edit and save the MQ Native configuration.
sftpPolling.connectErrorSleep
Time to sleep after a connection error for an SFTP polling listener. Value is a time unit.
Default:
10s
sftpPolling.downloadThreadWait
Maximum wait time limit for file download thread to run (in seconds).
Default:
3
(seconds)
sftpPolling.ignoredFileExtensionList
File extensions to ignore during SFTP polling.
Default:
.filepart
Changes to this property requires restarting SFTP polling listeners.
sftpPolling.listenerThreadLimit
The global limit on the number of processing threads that can be created to work off all SFTP polling listeners.Value must be greater than or equal to 5.
Default:
25
sftpPolling.messageMaxBytes
Maximum number of bytes permitted for an SFTP message. Enter "0" (zero) for unlimited size.
Default:
5242880
(bytes)
ssh.routingEnabledCiphers
Ciphers to enable for SSH2 routing (comma separated). Valid values:
aes128-ctr
aes192-ctr
aes256-ctr
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
3des-cbc
Default:
aes128-ctr, aes128-cbc, 3des-cbc, blowfish-cbc, aes192-ctr, aes192-cbc, aes256-ctr, aes256-cbc
ssh.routingEnabledKexAlgs
Specifies the ordered CSV list of all the enabled KEX algorithms that are used in SSH routing. Unrecognized KEX algorithm is removed from the list for the KEX algorithms negotiation.
Valid values:
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
Default:
ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1
ssh.routingExplicitlyValidateDeleteFile
Validation during file deletion for SSH routing. Value is a Boolean.
  • true
    : Verifies that a file for deletion exists and is a file. This setting is the default.
  • false
    : No verification that the file for deletion exists.
ssh.routingExplicitlyValidateDeleteDir
Validation during directory deletion for SSH routing. Value is a Boolean.
  • true
    : The Gateway verifies that a directory to be deleted actually exists and that is a directory. This setting is the default.
  • false
    : No verification is performed on whether a directory being deleted actually exists.
ssh.routingInactiveTimeout
Note
: Formerly ssh.routingInactiveInterval (deprecated) prior to Version 9.4 CR1
Time to wait before the Gateway closes an SCP response stream with no activity. Typically the response stream is closed by the client after an SCP response. This cluster property ensures that abandoned SCP responses do not fill up the thread pool and block the Gateway. Value is a time unit.
Generally used to transfer/store files via SFTP. It's recommended that users do not download and edit files at the same time.
This is a hidden property that is editable by typing in its name in the
Key
field and then pressing [Tab]. (It cannot be located using the drop-down list.)
Default:
10s
ssh.session.authMaxRetryCount
Maximum number of times authentication is attempted before falsifying the assertion.
Default:
1
ssh.session.pool.maxActive
Maximum number of sessions (per key) that can be allocated by the pool (checked out to client threads) at one time. Set to -1 for no limit to the number of sessions per key.
After the maximum number of sessions is reached, the session pool is exhausted, and the assertion fails. The maximum value is 1000.
Default:
10
ssh.session.pool.
minEvictableIdleTimeMillis
Minimum time an object can remain idle in the pool before it is eligible for eviction.
Default:
600000
(milliseconds)
ssh.session.pool.
timeBetweenEvictionRunsMillis
Time to sleep between examining idle objects for eviction. Set to 0 or -1 to have the session remain idle forever.
Default:
1800000
(milliseconds)
ssh.sftpRoutingExplicitlyValidateMkdir
Determines that a directory of the same name does not exist before attempting to create it during SSH routing. Value is a Boolean.
  • true
    : Verifies that a directory or file of the same name does not exist. This setting is the default.
  • false
    : No verification that a directory of the same name exists.
Increasing io.httpCoreConcurrency and io.httpMaxConcurrency
Core concurrency (set by
io.httpCoreConcurrency
) specifies how many initial HTTP listeners are created when the
starts. You need enough HTTP listeners running at initialization time for good performance. However too many listeners can impact performance adversely, as starting HTTP listeners require time and resources. The ideal is to set the core concurrency based on the expected level of traffic for the system.
Maximum concurrency (set by
io.httpMaxConcurrency
) specifies the maximum number of HTTP listeners. The Gateway does not allow more HTTP listeners to be created, which results in queued requests if there are insufficient HTTP listeners. However, creating additional listeners require more CPU and RAM to manage and keep open.
Tip:
The maximum concurrency must be greater than the core concurrency, but only by a small amount.
CA Technologies does not recommend increasing these concurrency properties to overly large values, as the drain in system resources offsets any performance gains. Gateways that are equipped with more RAM and CPUs can keep more listeners open, but resources are finite.
How to find the correct values?
Determining the correct values for your Gateway's concurrency requires a certain amount of trial and error. The factory settings are designed to avoid inundating your production environment with too many concurrent requests. However for non-production environments, you are free to experiment to see what works best. Increase the cluster properties by 50 percent, then perform a load test, and then repeat. Performance should gradually increase, but you use more system resources as concurrency increases. Monitor the Gateway's resources carefully (specifically RAM and CPU) during the load tests to determine the best values for your environment.