Relay Routing

Warning

this feature is EXPERIMENTAL and might not work as expected.
If you encounter any bugs, please fill an issue, it will help us a lot :)

Relay routing is the capability to forward traffic between otoroshi leader nodes based on network location of the target. Let say we have an otoroshi cluster split accross 3 network zones. Each zone has

  • one or more datastore instances
  • one or more otoroshi leader instances
  • one or more otoroshi worker instances

the datastores are replicated accross network zones in an active-active fashion. Each network zone also have applications, apis, etc deployed. Sometimes the same application is deployed in multiple zones, sometimes not.

it can quickly become a nightmare when you want to access an application deployed in one network zone from another network zone. You’ll have to publicly expose this application to be able to access it from the other zone. This pattern is fine, but sometimes it’s not enough. With relay routing, you will be able to flag your routes as being deployed in one zone or another, and let otoroshi handle all the heavy lifting to route the traffic to the right network zone for you.

Warning

this feature may introduce additional latency as the call passes through relay nodes

Otoroshi instance setup

first of all, for every otoroshi instance deployed, you have to flag where the instance is deployed and, for leaders, how this instance can be contacted from other zones (this is a MAJOR requirement, without that, you won’t be able to make relay routing work). Also, you’ll have to enable the new proxy engine.

In the otoroshi configuration file, for each instance, enable relay routing and configure where the instance is located and how the leader can be contacted

otoroshi {
  ...
  cluster {
    mode = "leader" # or "worker" dependending on the instance kind
    ...
    relay {
      enabled = true # enable relay routing
      leaderOnly = true # use leaders as the only kind of relay node
      location { # you can use all those parameters at the same time. There is no actual network concepts bound here, just some kind of tagging system, so you can use it as you wish
        provider = ${?OTOROSHI_CLUSTER_RELAY_LOCATION_PROVIDER}
        zone = "zone-1"
        region = ${?OTOROSHI_CLUSTER_RELAY_LOCATION_REGION}
        datacenter = ${?OTOROSHI_CLUSTER_RELAY_LOCATION_DATACENTER}
        rack = ${?OTOROSHI_CLUSTER_RELAY_LOCATION_RACK}
      }
      exposition {
        urls = ["https://otoroshi-api-zone-1.my.domain:443"]
        hostname = "otoroshi-api-zone-1.my.domain"
        clientId = "apkid_relay-routing-apikey"
      }
    }
  }
}

also, to make your leaders exposed by zone, do not hesitate to add domain names to the otoroshi-admin-api service and setup your DNS to bind those domains to the right place

Route setup for an application deployed in only one zone

Now, for any route/service deployed in only one zone, you will be able to flag it using its metadata as being deployed in one zone or another. The possible metadata keys are the following

  • otoroshi-deployment-providers
  • otoroshi-deployment-regions
  • otoroshi-deployment-zones
  • otoroshi-deployment-dcs
  • otoroshi-deployment-racks

let say we set otoroshi-deployment-zones=zone-1 on a route, if we call this route from an otoroshi instance where otoroshi.cluster.relay.location.zone is not zone-1, otoroshi will automatically forward the requests to an otoroshi leader node where otoroshi.cluster.relay.location.zone is zone-1

Route setup for an application deployed in multiple zones at the same time

Now, for any route/service deployed in multiple zones zones at the same time, you will be able to flag it using its metadata as being deployed in some zones. The possible metadata keys are the following

  • otoroshi-deployment-providers
  • otoroshi-deployment-regions
  • otoroshi-deployment-zones
  • otoroshi-deployment-dcs
  • otoroshi-deployment-racks

let say we set otoroshi-deployment-zones=zone-1, zone-2 on a route, if we call this route from an otoroshi instance where otoroshi.cluster.relay.location.zone is not zone-1 or zone-2, otoroshi will automatically forward the requests to an otoroshi leader node where otoroshi.cluster.relay.location.zone is zone-1 or zone-2 and load balance between them.

also, you will have to setup your targets to avoid trying to contact targets that are not actually in the current zone. To do that, you’ll have to set the target predicate to NetworkLocationMatch and fill the possible locations according to the actual location of your target

Demo

you can find a demo of this setup here. This is a docker-compose setup with multiple network to simulate network zones. You also have an otoroshi export to understand how to setup your routes/services