Cloud Foundry Load Balancing with Avi Vantage and Per HTTP Application Metrics
Overview
A cloud foundry deployment has multiple levels of load balancing (proxy functions). The first level function is natively performed by HAProxy. HAProxy is used to provide high availability for the second level of load balancing; the Gorouter and the TCP Router. The Gorouter performs the L7 load balancing function in addition to several functions for health monitoring, scaling, etc while the TCP router performs L4 load balancing functions.
This article focuses on replacing HAProxy with Avi Vantage to get three main benefits:
Full featured application delivery - load balancing, application security including SSL offload, application acceleration
Autoscaling the first layer horizontally while ensuring control, configuration, and monitoring are centralized to allow for easier management and automation
Real-time analytics on HTTP application performance, network performance, and end-user experience - without having to replace the Gorouter.
To replace the HAProxy functionality we’ll need to create an HTTPS Virtual Service using the Gorouters as the pool servers and a TCP Virtual Service with the TCP Routers as the pool servers.
HTTPS Virtual Service
Provide per application metrics, utilize Parent/Child virtual service configurations. Refer to the following articles to know more:
Create a custom health monitor with the following configurations:
Type
HTTP
Health Monitor Port
8080
Client Request Data
GET /health HTTP/1.0</td>
Response Code
2xx
Server Response Data
ok
</tbody>
</table>
The Gorouter health monitor is as shown below:
### Create an HTTP Profile to be used Enabling X-Forwarded-For and X-Forwarded-Proto
### Create Gorouter pool
Modify the configuration of the custom health monitor as below:
* Default Server port: 80
* Servers: Gorouter IPs
### Create Parent HTTPs Virtual Service
The parent configuration is needed for clients that don’t support SNI.
Service Ports
443
Application Profile
Custom wildcard certificate for the app domain
Pool
Gorouter pool
### Create Child HTTPs Virtual Service for Each Application
Virtual Hosting Parent
Parent virtual service
Domain Name
Application FQDN
Application Profile
Custom HTTP profile that was created
Client Certificate
Application specific certificate
Pool
Gorouter Pool
## TCP Virtual Service
### Create a custom health monitor for the TCP Routers
Type
HTTP
Health Monitor Port
80
Client Request Data
GET /health HTTP/1.0
Response Code
2xx
Server Response Data
200 OK
### Create TCP Router pool
Health Monitor
The custom health monitor that was created
Default Server Port
Starting from 80
Servers
TCP Router IPS
Advanced
Disable Port Translation
Port translation is disabled because the TCP Routers assign a unique port to each application. The incoming service port on Avi needs to be forwarded the TCP Router so traffic can reach the correct backend app instances.
### Create L4 TCP Virtual Service utilizing the TCP Router pool.
Service Port: 1024-65535
Pool: TCP router pool
The default TCP port range configured in Cloud Foundry is 1024-65535