Dec 8, 2019

gRPC Load balancing, and Ingress Gateway

---firstPublishedAt: 1575821975524latestPublishedAt: 1575834118542slug: grpc-load-balancing-and-ingress-gatewaytitle: gRPC Load balancing, and Ingress Gateway---# **Load balancer**1. Increase capacity of application server by distribute traffic to multiple instances1. Reliability of applications1. Generally grouped into 2 categories: Layer 4 and Layer 71. Layer 4 is transport layer LB include protocols like TCP, IP, UDP, FTP1. Layer 7 is application layer LB include protocol like HTTP/s1. **Server side LB** like HAProxy, Nginx offer centralized load balancer where these server act like reverse proxy and LB traffic to destination application server.1. **Client side LB** like Ribbon offer load balancing from client end itself with help of service discovery tools (Zookeeper, Etcd, consul etc.)1. Both type of LB their own pros and con.1. In Nuclei we are using Layer 7 LB for gRPC with Envoy proxy. It is also act like client side load balancer. In Kubernetes, application and envoy proxy container reside into same pod and intercept all incoming and outgoing requests.1. Why Envoy proxy? It is providing out of the box solution e.g. security, load balancing and traffic management, observability. Hence, application code need not to worry about all these thing.![Envoy proxy load balancing. Proxy to Proxy while running in same pod as application service](https://cdn-images-1.medium.com/max/4236/1*UbctdOidyz30x5tF7g7JBg.png)# **Ingress Gateway**In micro service architecture there are three type of communication happening.1. **Ingress:** Traffic coming to cluster referred as Ingress. In case of Nuclei, Android/iOS call to server1. **Service-to-service: **one service call other service. In case of Nuclei, Recharge service calling to Checkout services (Cart, Order, Payment, Coupons etc.)1. **Egress: **Traffic going outside to cluster referred as Egress. (In case of Nuclei, services used to call third-party vendor/services (ClearTrip, Redbus etc.)It is important to protect all services from outside world, and expose only those services which will be called from Android/iOS client rest service should be blocked by default. We are using Istio service mesh, having concept of VirtualService which help us to expose limited set of service to outside world.Configuring ingress gateway for gRPC is little tricky. Lets see some example:

1. Package in proto file is important in above service package name is _com.gonuclei.grpc_1. Create a Ingress Gateway, and assign VirtualService1. In virtual service, we are allowing package prefix to call from outside cluster.1. It will be block other requests, only allow services having package com.gonuclei.grpc

RELATED ARTICLES

No items found.
Written by
Full Name
Published on
22 January 2021

Get a free consultation on Segmentation strategy and
Ecosystem practices

Drop us a line.
Thank you! We'll be in touch soon.
Oops! Something went wrong while submitting the form.
Schedule a demo
Let’s Connect
We’ve received your request. We’ll be in touch soon.
Oops! Something went wrong while submitting the form.
Thank you! You can download the PDF now.
Download PDF
Oops! Something went wrong while submitting the form.