Cloud Foundry Load Balancing with Avi Vantage and Per HTTP Application Metrics

Overview

A cloud foundry deployment has multiple levels of load balancing (proxy functions). The first level function is natively performed by HAProxy. HAProxy is used to provide high availability for the second level of load balancing; the Gorouter and the TCP Router. The Gorouter performs the L7 load balancing function in addition to several functions for health monitoring, scaling, etc while the TCP router performs L4 load balancing functions.

This article focuses on replacing HAProxy with Avi Vantage to get three main benefits:

  1. Full featured application delivery - load balancing, application security including SSL offload, application acceleration
  2. Autoscaling the first layer horizontally while ensuring control, configuration, and monitoring are centralized to allow for easier management and automation
  3. Real-time analytics on HTTP application performance, network performance, and end-user experience - without having to replace the Gorouter.

Cloud Foundry Architecture

To replace the HAProxy functionality we’ll need to create an HTTPS Virtual Service using the Gorouters as the pool servers and a TCP Virtual Service with the TCP Routers as the pool servers.

HTTPS Virtual Service

Provide per application metrics, utilize Parent/Child virtual service configurations. Refer to the following articles to know more:

Create a Custom Health Monitor for the Gorouters

Create a custom health monitor with the following configurations:

GET /health HTTP/1.0</td> </tbody> </table> The Gorouter health monitor is as shown below: Goroute Health Monitor ### Create an HTTP Profile to be used Enabling X-Forwarded-For and X-Forwarded-Proto CF Profile XFFCF Profile XFProto ### Create Gorouter pool Modify the configuration of the custom health monitor as below: * Default Server port: 80 * Servers: Gorouter IPs ### Create Parent HTTPs Virtual Service The parent configuration is needed for clients that don’t support SNI.
Type HTTP
Health Monitor Port 8080
Client Request Data
Response Code 2xx
Server Response Data ok
Service Ports 443
Application Profile Custom wildcard certificate for the app domain
Pool Gorouter pool
### Create Child HTTPs Virtual Service for Each Application
Virtual Hosting Parent Parent virtual service
Domain Name Application FQDN
Application Profile Custom HTTP profile that was created
Client Certificate Application specific certificate
Pool Gorouter Pool
## TCP Virtual Service ### Create a custom health monitor for the TCP Routers
Type HTTP
Health Monitor Port 80
Client Request Data GET /health HTTP/1.0
Response Code 2xx
Server Response Data 200 OK
TCP Router Health Monitor ### Create TCP Router pool
Health Monitor The custom health monitor that was created
Default Server Port Starting from 80
Servers TCP Router IPS
Advanced Disable Port Translation
Port translation is disabled because the TCP Routers assign a unique port to each application. The incoming service port on Avi needs to be forwarded the TCP Router so traffic can reach the correct backend app instances.
TCP Router Pool Figure 6. TCP Router Pool
### Create L4 TCP Virtual Service utilizing the TCP Router pool. Service Port: 1024-65535 Pool: TCP router pool The default TCP port range configured in Cloud Foundry is 1024-65535