-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Zone dependent Name resolution #2545
Comments
Is the problem here that you want to register with the FQDN to support the cross region communication but only want that used in that scenario. Otherwise when making a request to an app in the same region you want to use the VIP instead? |
So you essentially want Ribbon to be smart and choose the correct one? |
Yes, the caller checks if the callee is on same zone (could be done by comparing the zone field i think). What is needed is a address the DiscoveryClient register the microservice for a local route (same zone) and one that can be used for same region (outside same PCF) , what will be mostly a global dns name or wan address |
There is partly a solution (https://content.pivotal.io/isolation-segments/6-ways-pivotal-cloud-foundry-1-10-improves-your-security-posture , https://content.pivotal.io/blog/building-spring-microservices-with-cloud-foundrys-new-container-networking-stack ) which allows to register a micoservice running on PCF/PWS with its local ip address (instead of public route) which allows combined with container to container networking since PCF 1.10 to have a direct communication setup between direct registered application/microservices in same PCF instance(local access route using overlay IP). However if i want that the same microservice should be accessed also from outside, e.g. all same zone app instances are no healthy and ribbon wants to choose an instance which runs on the "other" pcf instance in the "other" cloud, there is no "overlay network" spaned in between and i need to use the "public route" which shall be known i my zone by peered Eureka's (see http://docs.pivotal.io/spring-cloud-services/1-2/service-registry/enabling-peer-replication.html ). |
Thats all assuming you are using PCF, which may not always be the case. |
@csterwa Would you help us to find a good solution, where/how to implement that shared for both worlds (pcf or any other xaas). Tx a lot. |
I'm still digging, but it seems that...
WDYT? |
Using a custom RibbonLb was the first idea i had also, but not sure if that is all waht is necesarry to achieve the clean solution - however a good start. |
In my testing, I've confirmed that the default behavior is to register both the app's route (in the "hostName" property) and the app's IP address (in the "ipAddr" property), UNLESS In order to achieve the desired outcome, BOTH the IP and the route need to be registered--the IP for local, direct access and the route for external access through the GoRouter. And, in fact, that is precisely what happens by default (if you don't use "direct" registration). As I stated, the IP is in "ipAddr" and the route is in "hostName". Along with the "zone" in the registration metadata, we have everything we need for the load balancer to make an informed choice and select either the IP or the route. Except... At the point where the request URL is reconstructed, only the "zone" and "hostName" properties are available. The "ipAddr" property is not available. Therefore, there's no way for Therefore... In order for a custom This surfaces the question: Can Spring Cloud Netflix be modified (in a future version) to offer the value from the service registration entry's "ipAddr" field in |
I don't think a custom |
@spencergibb Are you thinking that perhaps SCS could (in its connectors) configure a On the surface (meaning that I've not tried any experiments), that sounds like it could work and would require no changes to OSS code. |
Yes. |
Don't forget that a compare of target host with current zone evaluating to true is not enough to fullfill a successfull route. If using the ip it's still possible that it not reachable because there is no Conatiner 2 Conatiner network (fwall open, overaly network etsbalished) connection between source and target. |
@cforce @spencergibb @ryanjbaxter @habuma sounds like we have a potential solution. The SCS team has prioritized this now and will provide an update when we have more information. |
Great news for multi/hybrid cloud scenarios 😀. good luck for the Sprint, looking forward to it |
@cforce Your first option is a bit unsettling. At this point, the clients only deal with Eureka and any services that they discover from Eureka. This option would require that they also be aware of and communicate with the cloud platform to know if the target is reachable. This would be highly dependent on the capabilities of the platform in question and would make the application aware of the platform. I'm not sure I'm excited about this option. The retry approach is intriguing, though. I think that you're suggesting that it should try one way (IP, let's say) and then, if that doesn't work, try the other way (host). On the surface it sounds reasonable, but thinking through where this would need to happen makes me think it is a bit complex. And I worry about performance, as making a bad first call and then falling back will take longer than just making the right call the first time. Even so, it's an option worth exploring. |
Actually spring cloud netflix is not aware of the XaaS, what is advantage and disadvantage at the same time. I don't see a big disadvantage to introduce a XaaS native API (to ask for C2C or P2P connectivity) as dep in Spring Cloud Ribbon that is implemented at runtime by autoconfiguration for the supported XaaS (PCF or Kubernetes). Kubernetes assumes that pods can communicate with other pods, regardless of which host they land on. A every pod has its own cluster-private-IP address so you do not need to explicitly create links between pods or mapping container ports to host ports. This means that containers within a Pod can all reach each other’s ports on localhost, and all pods in a cluster can see each other without NAT. Despite from that pods running nginx in a flat, cluster wide, address space talking to these pods directly is possible, but hen a node dies pods die with it, and the Deployment will create new ones, with different IPs. Therefore in kuberentes solves this by service exporting a logical set of Pods running somewhere in your cluster, that all provide the same functionality. Each Service is assigned a unique cluster IP address which is is tied to the lifespan of the Service. |
This module has entered maintenance mode. This means that the Spring Cloud team will no longer be adding new features to the module. We will fix blocker bugs and security issues, and we will also consider and review small pull requests from the community. |
I have a hybrid cloud scenario with zone east and zone west where each zone is running on a own paas that does outbound discovery by DNS Name resolution using a router component. Discovery is done with zone affinity in each cloud west or east or if no server found by discovery in other regions zone using peered eureka in each region.
In case if discovery on same zone the extra hop vua the router that resolves discovered global unique FQDN (Wan) is to expensive. Instead I want to use for a connection to targets in same Zone the lan ipadress instead of the global Wan FQDN.
The only idea I have is to implement a selection in ribbon basd on own with target zone match, that uses either VIP or up address.
The text was updated successfully, but these errors were encountered: