Re: Increasing Routing availability in the event of failure with route registration


Mike Youngstrom
 

This sounds like a great solution to a very old nagging problem. I'm
excited to see this issue moving forward. I assume that if the mTLS
handshake fails then the router will try the next instance in the table as
if the TCP connection had failed?

Mike

On Tue, Jul 18, 2017 at 5:25 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

After weeks of exploration by the Routing, Networking, and Diego teams, we
have a solution in mind and will begin implementation shortly.

TL;DR
We plan to install a proxy in every container to terminate mTLS for
requests
from Gorouter, enabling validation of application identity and optimization
for availability over consistency. The solution will be transparent to
application developers.

Our proposal has been updated with details on this solution, and we welcome
your comments:
https://docs.google.com/document/d/1zkPVGNnBX18rWdOpinIEtRxte3kwp
VhIyS9_WM3ITqM/edit?usp=sharing





--
View this message in context: http://cf-dev.70369.x6.nabble.
com/cf-dev-Increasing-Routing-availability-in-the-event-of-
failure-with-route-registration-tp6703p7220.html
Sent from the CF Dev mailing list archive at Nabble.com.

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.