May 2nd, 2024

To:         Layer7 API Gateway Customers

From:     The Broadcom Layer7 API Gateway Product Team

Subject:  Release Announcement for Layer7 API Gateway 11.1

The Layer7 product group of Broadcom's IMS division is pleased to announce that the Layer7 API Gateway 11.1 is now available.

Congratulations to the team for reaching this important milestone and for continuing to deliver value to our customers.

Here are the highlights of this release:

• Debian 12 Upgrade

To improve reliability and security, and to include an operating system version that will be supported for the lifetime of 11.1, the appliance Gateway’s operating system was upgraded from Debian 11 to Debian 12. Not only will this release provide a Debian 12 based OVA for new deployments, it will also support in-place upgrades of existing 11.0 appliance Gateways. This will be the first time Layer7 supports in-place upgrades, not only expedited upgrades, between major Gateway versions with major operating system upgrades.

• JDK 17 Upgrade

To improve reliability and security, the Gateway’s JDK was upgraded from JDK 11 to JDK 17. This included upgrades to many other dependent libraries. This also resulted in a significant performance improvement to garbage collection specifically, and overall Gateway performance generally.

• ESXi 8 Support

The release introduces support for the virtual appliance on ESXi 8, technically required for Debian 12. However, we will also support this release with Debian 12 on ESXi 7, for customers unable to upgrade their ESXi environments to the later release.

• MySQL Enterprise with Group Replication Support

This release will support connecting through a proxy to MySQL Enterprise with group replication for the Gateway database. This provides Gateway customers with another self-managed MySQL alternative that may have better and preferred qualities of services, and especially for high availability, replication and enterprise support.

• Percona XtraDB Clusters Support

This release will support connecting through a proxy to Percona XtraDB Clusters (PXC) in strict mode for the Gateway database. This provides Gateway customers with another self-managed MySQL alternative that may have better and preferred qualities of services, and especially for high availability, replication and enterprise support.

• OpenTelemetry (Preview)

This release greatly improves API and Gateway observability by allowing customers to easily use vendor solutions they prefer to collect, correlate and present metrics, traces and logs based on new Gateway support for OpenTelemetry.

• Graphman Enhancements (Preview)

This release continues to enhance Graphman, the newer and more flexible Gateway management API based on GraphQL, and as compared to Restman. In the release, we have added support for policy revisions and key certificate management; and we have enhanced support for identity providers and Graphman encryption.

• Policy as Code (Preview)

This release introduces a developer and DevOps friendly alternative to authoring policies in Policy Manager. Graphman can now export/import policies as not just an XML string, but also as a YAML string, JSON string, or JSON object inside the definition of service or policy fragment. This makes it easy to author policies in a simple text editor or IDE, and integrated with source control and CI/CD automation, without having to have access to and familiarity with Policy Manager.

• Throughput Quota Assertion Enhancements for Redis (Preview)

This release includes enhancements to the existing Apply Throughput Quota Assertion to distribute shared counters across Gateways in a cluster, multiple Gateway clusters or unclustered Gateways within a region using Redis. These enhancements have demonstrated orders of magnitude better performance and accuracy for throughput quota enforcement than previous supported methods. These enhancements also include new support for auth over TLS for Redis Standalone connections.

• Require and Introspect OAuth Token Assertion (Preview)

This release includes a new assertion which can enforce OAuth access control in Gateway services without requiring the installation of OAuth Toolkit (OTK) components. It allows customers to decouple the OTK from their API Gateways. The assertion is designed to work with the OTK deployed and managed separately as a service, or to work with any other industry standard OAuth provider that supports opaque or JWT token introspection.

• Key Value Storage Assertion (Preview)

This release includes a new assertion that combines local and distributed storage of key value pairs in Gateway memory or in external shared state providers like Hazelcast or Redis.

• WebSockets via Shared HTTP Port (Preview)

The release advances all of the capabilities required for the new end to end WebSockets over shared HTTP port feature to the preview state, and includes enhancements to support backend client certificate authentication, to access headers from saved upgrade event request and response messages, to close WebSocket connections with custom codes and message triggers, to support custom response handling, and to enhance error logging.

Progressive Delivery Preview Features

Some features may be delivered as experimental or preview through Layer7’s progressive delivery model. In most cases, Layer7 will be ready to provide production support of preview features to a limited number of approved customers. If you’re interested in using a preview feature in production with support from Broadcom, we welcome you to open a support ticket to request approval.

New Gateway Versioning Semantics

Beginning with the 11.1 release, we will have subminor version releases instead of CR releases. For instance, our next release will be labeled as 11.1.01 instead of 11.1 CR1. This will align us more with industry standards and Broadcom’s preferred product versioning semantics. It will also give us an opportunity to remove artificial feature design and release limitations by expecting subminor release upgrades to require database upgrades, and optionally allow for platform upgrades. These changes will not apply to 11.0 which will continue to have CR releases until it reaches its end of life.

Hardware Appliance Gateway Deprecation

We are announcing deprecation of support for hardware models  X7-2 and X8-2, in this release. The 11.1 release will be the last Gateway version that supports these hardware appliance Gateways. Hardware appliance Gateway customers will need to move to another supported Gateway form factor (including the virtual appliance Gateways, software Gateways or container Gateways) before the 11.1 EOL, which will be at least 3 years from its release. An official EOL announcement for the hardware appliance Gateways will be sent approximately 18 months before the EOL date. 

For a complete list of enhancements and changes, please see the release notes and product documentation for more information.

You can download your copy of Layer7 API Gateway 11.1 from Broadcom Support Online https://support.broadcom.com/. If you have any questions or require assistance please contact Broadcom Customer Care online at https://www.broadcom.com/support/software/contact where you can submit an online request using the Customer Care web form: https://ca-broadcom.wolkenservicedesk.com/web-form?_ga=2.205828371.1432263889.1590607313-713014253.1588711301 .  You can also call Broadcom Customer Care at +1-800-225-5224 in North America or see https://www.broadcom.com/support/software/contact for the local number in your country. 

Should you need any assistance, our Broadcom Services experts can help.  For more information on Broadcom Services and how you can leverage our experience, please visit https://www.broadcom.com/support/ca/services-support/ca-services.

Your success is very important to us, and we look forward to continuing our successful partnership with you.

To review Broadcom Support lifecycle policies, please review the Broadcom Support Policy and Terms located at: https://support.broadcom.com/.  

Thank you again for your business.