A high-performance and high-availability Service Mesh (ASM) gateway ensures business continuity and improves user experience. This topic describes how to configure an ASM gateway that ensures high performance and high availability for service requests.
Background information
An ASM gateway is a key component of Istio and is used to manage ingress and egress traffic of an ASM instance.
When you create an ASM gateway, an istio-ingressgateway Deployment is created in the istio-system namespace of the Container Service for Kubernetes (ACK) cluster. The istio-ingressgateway Deployment is associated with a Classic Load Balancer (CLB) instance. The pods of the gateway work as the backend servers of the CLB instance.
The preceding figure shows the traffic path for service requests. Each part of the path affects the response time for service requests and the availability of the ASM gateway. The following section describes how to configure the CLB instance and ASM gateway to ensure high performance and high availability for service requests.
High performance
Deploy your business clusters in multiple regions to allow clients to access nearby clusters
ASM can manage ACK clusters in multiple regions to provide nearby access for clients. In addition, ASM supports load balancing among regions. For more information, see Use ASM to implement cross-region disaster recovery and load balancing.
ASM integrates intelligent Domain Name System (DNS) resolution to resolve a domain name to the IP address of the CLB instance that is nearest to a client.
Use CLB instances to access an ASM gateway
In an ACK cluster that uses the Terway Container Network Interface (CNI) plug-in, a CLB instance can directly forward traffic to the pods of an ASM gateway. In an ACK cluster that uses the Flannel CNI plug-in, a CLB instance must first forward traffic to the NodePort Service. Then, the NodePort Service routes the traffic to the pods of an ASM gateway. To improve service performance, we recommend that you use the Terway CNI plug-in. For more information about the comparison between the Terway and Flannel plug-ins, see Terway and Flannel.
If a single CLB instance is insufficient to process the traffic for an ASM gateway, you can associate multiple CLB instances with the ASM gateway. This allows you to use multiple CLB instances to access the ASM gateway. For more information, see Access an ASM gateway by using multiple CLB instances.
Use TLS acceleration
ASM gateways that are created in ASM instances of a commercial edition support Transport Layer Security (TLS) acceleration based on Intel Multi-Buffer. This improves queries per second (QPS) by 80% based on test results. For more information, see Enable Multi-Buffer for TLS acceleration.
High availability
Implement geo-disaster recovery based on multi-region deployment and active geo-redundancy
For more information, see Use ASM to implement cross-region disaster recovery and load balancing.
Use multiple CLB instances to ensure high availability
ASM allows you to associate multiple CLB instances with a single ASM gateway. If one CLB instance fails, another CLB instance can be used. For more information, see Access an ASM gateway by using multiple CLB instances.
Implement node-based high availability for an ASM gateway
You can deploy the pods of an ASM gateway on different nodes or in different zones to ensure high availability of the ASM gateway. For more information, see Improve availability for the ingress gateway service of an ASM instance.
Enable graceful shutdown for services
You can configure a script that is executed before a service is stopped. This allows the pod of the service to be gracefully shut down and prevents request failure or loss. For more information, see Solution 2: Configure the lifecycle of sidecar proxies.
Enable graceful shutdown for the CLB instance of an ASM instance
You can enable graceful shutdown for the CLB instance of an ASM gateway. When the ASM gateway is scaled in or out, the existing connections can be retained for a specific period. This prevents traffic loss. For more information, see Enable graceful shutdown to prevent traffic loss.