Route Propagation Part 4 - GoRouter

Assumptions

• You have a CF deployed
• You have one proxy app pushed and called appA
• You have one route mapped to appA called APP_A_ROUTE
• You have completed the previous stories in this track

Recorded values from previous stories

APP_A_ROUTE=<value>
APP_A_GUID=<value>
DIEGO_CELL_IP=<value>
CONTAINER_APP_PORT=<value>
DIEGO_CELL_APP_PORT=<value>
CONTAINER_ENVOY_PORT=<value>
DIEGO_CELL_ENVOY_PORT=<value>
OVERLAY_IP=<value>

What

So the Route Emitter emits routes via the NATS message Bus. GoRouter subscribes to those messages and keeps a route table that is uses to route network traffic bound for CF apps and CF components.

Let’s take a look at that route table.

How

📝 look at route table

1. Bosh ssh onto the router vm and become root.
2. Get the username and password for the routing api

   head /var/vcap/jobs/gorouter/config/gorouter.yml
   

3. Get the routes table

   /var/vcap/jobs/gorouter/bin/retrieve-local-routes | jq .
   

4. Scroll through and look at the routes. ❓How does this differ from the route information you saw in Cloud Controller? For example, you should see routes for CF components, like UAA and doppler. This because the GoRouter is in charge of routing traffic to CF apps AND to CF components.
5. Find APP_A_ROUTE in the list of routes. Let’s dissect the most important bits.

   "proxy.meow.cloche.c2c.cf-app.com": [   <------ The name of the route!
                                                   This should match APP_A_ROUTE
       {
         "address": "10.0.1.12:61014",     <------ This is where GoRouter will send
                                                   traffic for this route. This should
                                                   match DIEGO_CELL_IP:DIEGO_CELL_ENVOY_PORT
         "tls": true                       <------ This means Route Integrity is turned on,
                                                   so the GoRouter will send traffic to
                                                   this app over TLS
       }
     ]
   

   See how the traffic is being sent to 10.0.1.12:61014 or DIEGO_CELL_IP:DIEGO_CELL_ENVOY_PORT? This means all traffic is being sent to the sidecar envoy via TLS, this is because route integrity is enabled.

❓ Question

• What port do you think would be listed here if route integrity was not enabled?

Expected Result

See that route has now been propagated all the way to the Gorouter! In the next stories we will learn what happens when somone uses that route.

Resource

• GoRouter routing table docs