All geek questions in one place

Why should I use a Service Fabric reverse proxy instead of an Azure application gateway to talk to SF Cluster?

This is a long question, and there are compromises, I am sure. Documentation in this area :

It does not give me enough to confidently answer this question.

So they say: "Azure Application Gateway (AG) is trying to resolve the service address again and retry the request when the service cannot be reached."

I know how a Service Fabric (RP) reverse proxy does this by encapsulating a solution loop. Does AG have such an opportunity? AG is also a reverse proxy for all accounts.

So, what is important for external traffic in the SF cluster, why should I use one over the other (I know that RP allows intra-cluster commits too, and that works well).

+5
source share
2 answers

Well, for external traffic to the cluster, you get the Azure load balancing / reverse proxy combination out of the box. But is there another question enough? We made the same decision, we ended up using the application gateway.

The differences between the load balancer and the application gateway are described in this document.

Some takeaway:

  • The Azure Download Browser works at the transport level (level 4 in the OSI network link stack). It provides network-level traffic distribution through application instances running in the same Azure data center.
  • Application Gateway operates at the application level (level 7 in the OSI network link stack). It acts as a reverse proxy service, terminating the client connection and forwarding requests to endpoints.

So, Application Gateway additionally supports SSL termination , end-to-end SSL , and URL-based routing , making it a good candidate for Service Fabric applications that have external clients.

+4
source

I can tell you why you might not want to use a reverse proxy.

When setting up the reverse proxy port in the Load Balancer, all microservices in the cluster that expose the HTTP endpoint are addressed from outside the cluster.

If you have any services that you do not want to expose to the outside world, you probably will not want to use a reverse proxy.

0
source

Source: https://habr.com/ru/post/1270094/

More articles:


All Articles