---
title: "Axway with eBPF"
slug: "axway-with-ebpf"
updated: 2025-01-24T06:49:41Z
published: 2025-01-24T06:49:41Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Axway with eBPF

# Axway with eBPF TLS

This topic provides step-by-step instructions for integrating Axway, a leading API management solution, with Traceable using eBPF TLS traffic mirroring. Axway enables organizations to securely manage, monitor, and scale their API integrations, while Traceable’s eBPF integration allows for secure traffic mirroring and enhanced observability into TLS-encrypted communications. This setup helps organizations monitor API traffic in real-time, identify security risks, and capture spans and metrics without impacting performance.

**Supported Versions:**

- Traceable Platform Agent (TPA): Version 1.48.0 and later
- eBPF: Version 16 and later

---

## Before You Begin

Ensure the following prerequisites are met:

### System Requirements

1. **Virtual Machines (VMs):**
  - **VM1:** Hosts the Traceable Platform Agent (TPA).
  - **VM2:** Hosts eBPF and the Axway Gateway.
2. **Network Access:** Ensure both VMs can communicate over the required ports.

### Files and Configuration

1. **Certificates:** Obtain the required TLS certificates:
  - `domain.key`
  - `domain.crt`
  - `root_ca.crt`
2. **eBPF Override Config File:** Create an `override-config.yaml` file with necessary process inclusion settings.

### Software Dependencies

1. Install Java and other necessary runtime dependencies on VM2.
2. Download the `install.sh` script file from Traceable’s [download](https://downloads.traceable.ai/#install/traffic-mirroring/linux/latest/) site.

### Permissions

Ensure you have administrative access to both VMs.

### Assumptions

It is assumed that you already have a working Axway setup.

---

## Installation and Configuration

Follow the steps below to install and configure Axway with eBPF TLS:

### Step 1: Install the Traceable Platform Agent (TPA) on VM1

1. Refer to the TPA [installation](/docs/installation) documentation.
2. Start the TPA and verify it is running correctly. Make a note of the IP address of the Traceable Platform agent.

### Step 2: Set Up eBPF on VM2

1. **Install eBPF:**
  - Create an override configuration file named `override-config.yaml` with the following content:

> [!NOTE]
> Note
> 
> The `include_process` configuration is used to identify the Axway API Gateway process. The process name (`exec_name`) might vary and can be customized. The arguments in the process name are dependent on how the Axway API Gateway instance is configured at startup.
> 
> 1. Run the command:
> 
> ```bash
> ps -a | grep vshell
> ```
> 2. Review the output to find the name of your APIM instance and its associated arguments.
> 3. Update the configuration file accordingly to match your environment, ensuring the correct gateway process is included.

```yaml
include_processes:
  - exec_name: vshell
    cmdline_args:
      - "regex:<Replace_with_relevant_argument>"
```
  - Run the installation command:

```bash
sudo ./install.sh ebpf-only -s axway-ebpfservice --tpa-endpoint xx.xxx.xxx.xx  --override-config-file "override-config.yaml"
```
  - After running the installation command, the eBPF configuration file at `/etc/traceable/ebpf-tracer` will be updated with the `include_processes` content.
2. **Start eBPF Service.**

```bash
sudo systemctl start traceable-ebpf-tracer
```

### Step 3: Configure TLS Between TPA and eBPF

1. **On VM1 (TPA):**
  - Edit the TPA configuration file to include paths to the TLS certificates (`domain.key`, `domain.crt`, `root_ca.crt`). Example configuration:

```yaml
tls_server:
  endpoint: "0.0.0.0:5443"
  key_file: "/home/ubuntu/domain.key"
  cert_file: "/home/ubuntu/domain.crt"
  root_cert_file: "/home/ubuntu/root_ca.crt"
  idle_timeout: 60
  disable_keep_alive: false
```
  - Restart the TPA service.
2. **On VM2 (eBPF):**
  - Copy `root_ca.crt` from VM1 to VM2.
  - Update the eBPF configuration file located at `/etc/traceable/ebpf-tracer` to include the path to `root_ca.crt`. Example configuration:

```yaml
agent_config:
  secure: true
  ca_cert_file: "/home/ubuntu/root_ca.crt"
reporting:
  endpoint: "<Replace_with_IP_address>:5443"
  trace_reporter_type: "OTLP"
```
  - Restart the eBPF service.

### Step 4: Verify the Setup

1. Generate traffic by accessing the Axway Gateway URL:

```plaintext
https://<Axway_IP>:8075
```
2. Confirm that TLS traffic is captured and spans are visible in the Traceable platform.

---

## Troubleshooting

- **Certificate Errors:** Ensure that all certificate paths are correctly configured on both VMs.
- **Service Startup Failures:** Check logs for the TPA and eBPF services to identify issues.
- **Traffic Not Captured:** Verify network connectivity between VMs and check eBPF inclusion rules.