【API管理 APIM】APIM集成内部VNet后，自我访问出现（Unable to connect to the remote server）问题，而Remote Server正是APIM它自己

问题描述

在使用APIM配置内部VNET后，如API-1正常配置访问后端服务器的一个接口，而API-2则是通过调用APIM中的API-1来作为backendUrl，会出现500错误。 经过测试，目前这种配置内部集成VNET的情况下，会出现错误。这是一个已知的问题。

错误消息为：Unable to connect to the remote server

而在APIM的开发者门户中测试跟踪接口，则会获取到如下的错误信息：

异常日志

System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:443
   at System.Net.Sockets.Socket.InternalEndConnect(IAsyncResult asyncResult)
   at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Handlers.DefaultServiceRequestExecutor.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.WindowsAzure.ApiManagement.Proxy.Runtime.Configuration.Models.DefaultHttpBackend.<ProcessAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.IO.CallServiceHandler.<ProcessAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.PipelineWalker.<ExecuteAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.PipelineWalker.<ExecuteAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.PipelineExecutor.<ExecuteAsync>d__15.MoveNext()

问题原因

因为APIM 后端实例中, 所有传出流量(包含请求到自己的流量)都被路由到APIM Load Balancer，而不是直接环回接口(Loopback)。 由于SLB的一个局限性，即如果它映射到相同的VM，则不允许建立从后端池中的VM到SLB IP的连接。最终结果是，请求发送到同一APIM服务的API调用开始失败。

解决办法

使用127.0.0.1来代替APIM的域名，并且在API的inbound策略中设置host header，指定值为该APIM的域名。 操作步骤如下：

1：使用127.0.0.1替换APIM域名

2：添加Host header，设置值为APIM域名

设置后全部的 API Policy 为：

<policies>
    <inbound>
        <set-header name="Host" exists-action="override">
            <value>your apim url here</value>
        </set-header>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>