Ports for the Apigee Routers sitting behind the load balancer

Not applicable

We have a 5 node cluster deployment for our non-prod. And the routers will be sitting behind the load balancer.

Does the Load balancer just point to the URLs for the Router instances? Should our LBs point to any specific ports?

1 7 948
7 REPLIES 7

Not applicable

in our environments we create load balancing pool consisting of host header addressed servers by port. Lets say that we have 2 servers that are listening by ip on port 9008:

the pool would look like this:

10.10.10.1:9008

10.10.10.2:9008

Our VIP (the target for all calls) would then load balance over this load balancing pool.

Note: i dont know how this works in AWS or ACE - only in F5.

Note: you might want to consider where your SSL certificates live as well and save yourself a bit of trouble.

@Benjamin Goldman

Apologize for layman question.

Kindly let me know which is the "9008" port you have specified here. I could not find any default port 9008 in docs.

We are planning to use f5 too in production.

you can specify the port that the environment listens on. 9008 could be 9003 if you want.

the point is - you have a choice to make i guess....

we chose this as it gives us a lot of control.

Not applicable

Hi @Sandeep Murusupalli , your loadbalancer should be able to check the request path and route it to the appropriate Virtual host (port and host alias if you have any)

+

8081 management API calls to have healthcheck enabled to take off a router from rotation is there are any issues with that .

Not applicable

Hi @Sandeep Murusupalli, You will need to configure you loadbalancer listeners in such a way that they hit the ports specified in virtualhost that's being used by your api. You can serve the SSL certs either from loadbalancer or at router (by tcp forwarding).

And yeah routers have healthcheck url's /v1/servers/self/reachable which you can control either by iptables or mgmt api calls with payload 'reachable=true/false'

Can you clarify this:

"And yeah routers have healthcheck url's /v1/servers/self/reachable which you can control either by iptables or mgmt api calls with payload 'reachable=true/false'"

If you make this call on a apigee router server http://<router>:8080/v1/servers/self/reachable it will return true if the service is up. you can use this as healthcheck url on loadbalancers. you can set it to false using management api when you are taking it out of service

curl http://<management-ip>:8080/v1/servers/{uuid} -d 'reachable=false' -X POST

Now the router service will respond with non 200 response.

You can also set iptable rule as follows for healthcheck url to not respond.

iptables -I INPUT -p tcp --dport 8080 -m string --algo bm --string /v1/servers/self/reachable -j REJECT