How Many Data Flow Options are There?
What
When we talk about the data flow from client to Cloud Foundry app, we often draw it like this:
+----+ +----------+ +-------+ +-----+
| LB +--->+ Gorouter +-------->+ Envoy +---->+ App |
+----+ +----------+ +-------+ +-----+
But that diagram is very general. Often that is okay because the details donβt always matter. But sometimes the details do matter (like with HTTP/2).
In this story we will look at some more specific data flow diagrams for Cloud Foundry.
How
First we need to understand what L4 (TCP) LBs and L7 (HTTPS) LBs are.
- π Read this medium article about βTCP vs HTTP(S) Load Balancing.β
- π Read these cloudfoundry docs on TLS Termination Options for HTTP Routing.
β Questions
Look at the following diagrams and think about the following questions for each:
- What connections (the arrows between boxes) are encrypted?
- Which are not?
With a L4 LB in front
+-------+ +----------+ +-------+ +-----+
| L4 LB +--->+ Gorouter +-------->+ Envoy +---->+ App |
+-------+ +----------+ +-------+ +-----+
With a L7 LB in front
+-------+ +----------+ +-------+ +-----+
| L7 LB +--->+ Gorouter +-------->+ Envoy +---->+ App |
+-------+ +----------+ +-------+ +-----+
With an HAProxy in front
+----------+ +----------+ +-------+ +-----+
| HA Proxy +--->+ Gorouter +-------->+ Envoy +---->+ App |
+----------+ +----------+ +-------+ +-----+
With an L4 LB and an HAProxy in front
+-------+ +----------+ +----------+ +-------+ +-----+
| L4 LB +--->| HA Proxy +--->+ Gorouter +-------->+ Envoy +---->+ App |
+-------+ +----------+ +----------+ +-------+ +-----+
With an L7 LB and an HAProxy in front
+-------+ +----------+ +----------+ +-------+ +-----+
| L7 LB +--->| HA Proxy +--->+ Gorouter +-------->+ Envoy +---->+ App |
+-------+ +----------+ +----------+ +-------+ +-----+