Thank you for the interesting use case for route services, Guillaume! A
mechanism to halt idle apps does seem valuable.

I've recorded your request for including app_id and will keep an ear out
for other use cases that could leverage it, despite being out of date or
incorrect.

In the meantime, couldn't your service put to sleep all apps that share a
route, if no requests for the route are received in a given period?

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Thu, Jul 30, 2015 at 3:23 AM, Guillaume Berche <bercheg(a)gmail.com>
wrote:

Thanks Shannon for your feedback.

I understand there is a small window into which the pre-determined app
might not exist anymore (e.g. during blue/green deployment traffic shift).
The default behavior you're suggesting (picking a different app instance)
seems sensible to me, even though it will lead to seldom false associations.

We can imagine to refine this behavior in a second step, when use-cases
of router service being sensitive to false associations become more
frequent: allow the gorouter to comply to hints provided by the route
service to tune the behavior in case the pre-determined app might not exist
anymore. The router service could for instance augment the router-service
HTTP header with hints fields:


- missing-app-policy with one of the following values:
- reassign-app: the router transparently route the request to
another app(default)
- reject: reject the request (e.g. 502 status code with a json
body providing the currently available app ids). In this case the route
service may reemit the request to the gorouter, specifying the second param
below
- route-to-app override the predetermined app to which to route
the traffic


I'm currently planning to implement a route-service that would leverage
the app_id in the request in an "autosleep", see [1]. The "reassign-app"
default policy seems fine as a first step. The reject policy would be a
nice refinement to close this corner case.

[1]
https://docs.google.com/document/d/1tMhIBX3tw7kPEOMCzKhUgmtmr26GVxyXwUTwMO71THI/edit#

Guillaume.

On Sat, Jul 18, 2015 at 12:08 AM, Shannon Coen <scoen(a)pivotal.io> wrote:

Guillaume,

Including the app_id with the request forwarded to the route service
becomes misleading/false when, upon receiving the request back from the
route service, the pre-determined app no longer has instances available. At
that time GoRouter should be able to choose a different app instance for
the route, possibly of a different app, rather than rejecting the request
or re-forwarding the request to the route service with a different app id.
Otherwise, the route service may be making false associations.

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Thu, Jun 25, 2015 at 9:19 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:

I was about to suggest a similar UX for expressing a list of route
services, by relying on params ordering

cf update-route DOMAIN [-n HOST] (-s 'service instance' )*
cf update-route DOMAIN [-n HOST] -s caching -s https-only -s
rate-limiting

Besides, If the MVP does not include support for multiple route
services, route service implementers might be able to experiment with
supporting arbitrary params as a way for users to specify fine grain
options, possibly ordered

cf create-service large-grain-route-service -p '{ "caching": true,
"ssl_only": true, "rate_limit": 3 }'

+1 for Mike's suggestions to allow for some route services to be
implemented in an upfront LB such as no router. This might address the
latency and availability concerns in the initial MVP ("route services to
forward requests back through the LB and GoRouter")

Lastly, it seems important that route services be able to output logs
that end up being associated with the app that receive the associated
traffic (e.g. cache hit or cache miss for a specific incoming request).
With route services being associated to routes (and not being bound to app
instances anymore), I'd like to re-iterate the suggestion I made in the
design document (on Feb 17) to have the gorouter include the app_id in the
headers of the signed request it sends to route service(s). This will allow
for a route service with log_emiter scope to add entries to the proper app
through loggregator/doppler. Of course, this also means that when a route
is associated to multiple apps, the load balancing decision among app is
made prior to sending traffic to route service(s). I'd imagine the app_id
could be propagated in the signed request headers when going through route
services and finally reaching the gorouter before hitting the app (as to
preserve the stateless nature of gorouter).

Guillaume.


On Fri, Jun 26, 2015 at 12:04 AM, Shannon Coen <scoen(a)pivotal.io>
wrote:

This is great. Thank you, Mike.

FWIW, James had the following suggestion update-route could be used to
associate multiple routes, and express their chain order. We're not fixed
on this UX. We'll consider this more carefully when we get closer to the CF
CLI work.

cf update-route DOMAIN [-n HOST] [-s 'list,of,service,instances']

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Thu, Jun 25, 2015 at 12:58 PM, Mike Youngstrom <youngm(a)gmail.com>
wrote:

This is interesting. Could you flesh this out for me? What use cases
do you have in mind for associating a service instance with a route, but
not providing a forwarding address?

I would imagine you could bind a service to a route any time you want
to customize incoming traffic in some way. But that customization wouldn't
necessarily have to be implemented as a proxy.

Here are a few examples:

* A Public facing service as an indicator that a given route should
be made public facing. (Would require a broker to orchestrate stuff
outside of CF DNS, applying DoS security profiles to the route, force ssl
on the front end load balancer, etc.)
* A service to apply web front caching to a route. Could be done as
a proxy but could also be done by changing config in a front end load
balancer that supports caching like an F5 LTM.
* Rate limiting. Could be implemented as a proxy, or could be
implemented by applying some config in a front end load balancer
* A security service to limit client IP addresses allowed to connect
on a route. Again could be implemented as a proxy if you trust
X-Forwarded-For or simply change some config on a front end load balancer
no new proxy needed.

Basically a service applied to a route could trigger and manage all
kinds of functionality not necessarily implemented as proxy orchestrated by
the GoRouter.

It also occurs to me that the only time chain ordering of route
services seems to be an issue is in the case of a proxy url. So, it is
unfortunate that I'd be limited to binding only one route service when I
may want to apply all kinds of functionality to a route not implemented as
a proxy because user defined ordering isn't an issue.

That said I can see how it can be difficult for CF to provide a
generic solution to the kind of functionality applied above and that you
may not want to distract from the basic Route Services MVP to accommodate
these types of use cases. I guess I can only hope that you keep the
concept of applying non proxy functionality to a route in mind as you move
through your MVP.

Mike

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev