All Products
Search

This Product

    Microservices Engine:Manage traffic rules

    Document Center

    Microservices Engine:Manage traffic rules

    Last Updated:Apr 22, 2024

    This topic describes how to configure traffic rules for cloud-native gateways. The traffic rules are used to control the encryption type and load balancing when traffic is routed to backend services.

    Manage certificate encryption configurations of backend services

    If you want to use the Transport Layer Security (TLS) protocol to access backend services, you can enable certificate encryption configurations for the backend services.

    1. Log on to the MSE console. In the top navigation bar, select a region.

    2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway.

    3. In the left-side navigation pane, click Routes. On the page that appears, click the Services tab.

    4. On the Services tab, find the service that you want to encrypt, click the 图标.png icon in the Actions column and select Policies. In the Traffic Management section, click Edit to the right of Certificate Encryption Configuration and configure the parameters.

      Parameter

      Description

      TLS Mode

      Default value: Disabled. Valid values:

      • Disabled: indicates that the gateway is not connected to the backend service by using HTTPS.

      • TLS: indicates that the gateway is connected to the backend service by using TLS.

      • mTLS: indicates that the gateway is connected to the server by using the specified client certificate. If you set TLS Mode to mTLS, the client certificate is verified by the server.

      Certificate ID

      The ID of the client certificate. You need to configure this parameter only if you set TLS Mode to mTLS.

      CA Certificate Public Key

      The public key of the CA certificate that is provided by the server. You need to configure this parameter only if you set TLS Mode to mTLS and the server certificate needs to be verified.

      Service Name

      You can configure this parameter only if you set TLS Mode to TLS or mTLS. For more information about the configuration of this parameter, see TLS Extension Definitions.

    5. After the configuration is complete, click OK.

    Manage load balancing policies for backend services

    1. Log on to the MSE console. In the top navigation bar, select a region.

    2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway.

    3. In the left-side navigation pane, click Routes. On the page that appears, click the Services tab.

    4. On the Services tab, find the service for which you want to configure a load balancing policy, click the 图标.png icon in the Actions column and select Policies. In the Traffic Management section, click Edit to the right of Load Balancing Configuration and configure the parameters.

      Parameter

      Description

      Load Balancing Type

      Valid values: Round Robin, Least Connections, Random, and Consistent Hashing.

      Consistent Hashing Method

      This parameter is valid only if you set Load Balancing Type to Consistent Hashing. Valid values: Source IP Address, Request Parameter, Header, and Cookie.

      • Source IP Address: Hash values are obtained based on the source IP address. Traffic is scheduled based on the hash values of the source IP address.

      • Request Parameter: Hash values are calculated based on the query parameters in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing.

        Request Parameter: Enter a query parameter.

      • Header: Hash values are calculated based on the header parameter in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing.

        Request Header: Enter the key value of the parameter in the Request Header field.

      • Cookie: Hash values are calculated based on all cookies in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing.

        • Cookie Name: Enter a name of the cookie. The name must be 1 to 64 characters in length, and can contain letters, digits, underscores (_), and hyphens (-).

        • Cookie Lifecycle: Enter the expiration time of the cookie.

        • Cookie Path: Enter the path of the cookie.

      Prefetch Time

      If you set Load Balancing Type to Round Robin or Least Connections, you need to configure this parameter. Unit: seconds. In the service prefetching period, traffic on the nodes of the newly registered backend services linearly increases.

    5. After the configuration is complete, click OK.

      After the load balancing policy is created and enabled, check whether the policy takes effect based on your business requirements.