Request header
Requirements and Limits for Flex Gateway
Before you download and install Anypoint Flex Gateway, review the following requirements and limits.
Permission Requirements
Running Flex Gateway requires the following permissions:
-
Manage Servers and Read Servers permissions in Runtime Manager
Your Anypoint Platform Admin can add these permissions in Access Management. See Manage Team Permissions for more information.
Your Anypoint Platform Admin can also add a Connected App with the appropriate permissions. See Connected Apps for more information.
To register Flex Gateway using a Connected App, the following scopes are required:
-
Manage Servers
-
Read Servers
-
View Organization
Software Requirements
Flex Gateway isn’t supported on Windows or in Docker running on Windows.
Software Requirements for Kubernetes and OpenShift Deployments
Running Flex Gateway requires:
-
A minimum of either Kubernetes 1.21 or OpenShift 4.8.
-
Ingress v1 (stable), which requires specifying
apiVersion: networking.k8s.io/v1
as the API version in your configuration resources. -
A private cloud or data center.
Or, a cloud provider such as the following:
-
Google Kubernetes Engine (GKE)
-
Amazon Elastic Kubernetes Service (Amazon EKS)
-
Azure Kubernetes Service (AKS)
-
-
A minimum Helm version of 3.0.0 is required.
Software Requirements for Linux Deployments
Flex Gateway runs on the following Long Term Support (LTS) versions of Linux:
-
Amazon Linux 2023
-
CentOS 8
-
Debian (Bullseye, Bookworm)
-
Red Hat Enterprise Linux (9)
-
Red Hat Enterprise Linux (9) on IBM Power (ppc64le)
-
SUSE Linux Enterprise (SLES 15 SP3)
-
SUSE Linux Enterprise (SLES 15 SP3) on IBM Power (ppc64le)
-
Ubuntu (Focal, Jammy)
Flex Gateway is designed to run in cloud-native architectures. You can therefore only install one gateway instance per Linux VM. Multiple installations on a single VM are not supported.
Hardware Requirements
A single Flex Gateway can support multiple backend APIs. To support more backend APIs, you can deploy multiple replicas or additional Flex Gateways. For information about sizing, refer to Resource Sizing for Flex Gateway.
Flex Gateway requires either an Intel or AMD-64 processor.
Limits
Limit | Value | Notes |
---|---|---|
60 KB |
Requests that exceed this limit receive a |
|
Payload |
1 MB |
This limit applies only to buffering the payload (such as logging the payload using message logging). If you’re not accessing the payload, the payload size has no limit. |
APIs per gateway instance |
600 |
Exceeding this limit isn’t supported but doesn’t cause errors. |
Upstreams per API |
50 |
The 50 upstreams is a combination of different routes. |
Contracts per API |
1,000 |
Exceeding this limit isn’t supported but doesn’t cause errors. |
Contracts per gateway instance |
10,000 |
Exceeding this limit isn’t supported and causes no error. |
Ports, IPs, and Hostnames Allowlist Requirements
For Flex Gateway to communicate with MuleSoft-managed online Anypoint Platform APIs and services, you must add the following hostnames and ports of external resources to the allowlist:
Plane | Host | Port | Mode | Description | Protocol |
---|---|---|---|---|---|
US |
anypoint.mulesoft.com |
443 |
Both |
Required to connect with the control plane, push internal metrics, and download custom policy binaries |
HTTPS |
US |
arm-mcm2-service.kprod.msap.io |
443 |
Both |
Required to communicate with the transport layer |
mTLS |
US |
logging.ingestion.us-east-1.prod.cloudhub.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
US |
metering.ingestion.us-east-1.prod.cloudhub.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
US |
monitoring.ingestion.us-east-1.prod.cloudhub.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
US |
exchange-files.anypoint.mulesoft.com |
443 |
Connected |
Required to download policies |
HTTPS |
US |
exchange2-asset-manager-kprod.s3.amazonaws.com |
443 |
Connected |
Required to download policies |
HTTPS |
US |
configuration-resolver.prod.cloudhub.io |
443 |
Connected |
Required to download policies |
mTLS |
US |
us1.ingest.mulesoft.com |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
US |
flex-packages.anypoint.mulesoft.com |
443 |
Both |
Required to download and install Flex Gateway |
HTTPS |
EU |
eu1.anypoint.mulesoft.com |
443 |
Both |
Required to connect with the control plane, push internal metrics, and download custom policy binaries |
HTTPS |
EU |
arm-mcm2-service.kprod-eu.msap.io |
443 |
Both |
Required to communicate with the transport layer |
mTLS |
EU |
logging.ingestion.eu-central-1.prod-eu.msap.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
EU |
metering.ingestion.eu-central-1.prod-eu.msap.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
EU |
eu1.ingest.mulesoft.com |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
EU |
monitoring.ingestion.eu-central-1.prod-eu.msap.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
EU |
configuration-resolver.prod-eu.msap.io |
443 |
Connected |
Required to download policies |
mTLS |
EU |
exchange-files.eu1.anypoint.mulesoft.com |
443 |
Connected |
Required to download policies |
HTTPS |
EU |
exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com |
443 |
Connected |
Required to download policies |
HTTPS |
EU |
flex-packages.anypoint.mulesoft.com |
443 |
Both |
Required to download and install Flex Gateway |
HTTPS |
EU |
flex-packages.eu1.anypoint.mulesoft.com |
443 |
Both |
Required to download and install Flex Gateway |
HTTPS |
Port 9998 is reserved for internal processes, and should not be used in |
Flex Gateway on Hyperforce
Hyperforce supports Flex Gateway versions 1.7 and later. Because Flex Gateway running in Local Mode is completely self-hosted, it is not affected by Hyperforce. For Flex Gateway running in Connected Mode, some API Manager Hyperforce limitations affect Mule Gateway. To learn more, see API Manager on Hyperforce.