Cloud Foundry Routing Architecture
Page last updated:
Warning: Pivotal Cloud Foundry (PCF) v2.3 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.
This topic explains routing flow and architecture in Cloud Foundry. Cloud Foundry’s routing tables must be updated before it can route external client requests to an app.
Because each app can have many instances, one app route can go to multiple containers. As Diego moves and scales app instances, the route emitter on each cell sends messages to NATS or the Routing API to register and de-register routes to the cell’s app instances.
The route emitter periodically emits the routes it discovers from Diego BBS to NATS and the Routing API as registration and unregistration messages every twenty seconds. By default, the Gorouter uses TLS to verify app identity and confirm that its routes are up-to-date. With TLS disabled, the Gorouter prunes any routes that the route emitters have not re-registered within the past two minutes. For more information about how CF maintains route consistency when TLS is or is not enabled, see the Preventing Misrouting section of the HTTP Routing topic.
The following process describes how a router obtains information about routes for an app running on Cloud Foundry:
The Cloud Controller component sends app route information to Diego BBS. For HTTP routing, route information includes the host and path of an external URL, as shown in the format of the
router.registermessage in the Gorouter documentation on GitHub. For TCP routing, route information includes the route port on which the TCP connection was received; for more information, see the Routing API documentation on GitHub.
Diego BBS coordinates the back end IP address and port where each instance of the app runs. When queried by the route emitter, the BBS sends this information along with Cloud Controller’s app route information to the route emitter on the Diego cell where instances of the app are located.
If a route is HTTP, the route emitter on the Diego cells sends app route, IP, and port information to NATS, which then sends it to the Gorouter. If a route is TCP, the route emitter sends that information to the Routing API, which then sends it to the TCP router.
The Gorouter and TCP router use the route, IP, and port information from the route emitter to map incoming app requests to back end app instance locations.
Cloud Controller and Diego BBS have their own databases, while NATS and the Gorouter only store their data in memory. If NATS or the Gorouter are restarted, they lose all of their data and must wait for the route emitter to send data to them again. If Diego BBS is restarted, it can retrieve its data from Cloud Controller.
If Cloud Controller is restarted, you must retrieve its data from a backup.
When Cloud Foundry’s routing tables are updated, Cloud Foundry can process requests from external clients to an app. The following process describes how an external client makes a request to an app running on Cloud Foundry:
The external client sends its request.
Your DNS service sends the request to the HTTP or TCP load balancer based on the prefix of the DNS name in the client request, such as
The load balancer sends the request to the load balancer’s corresponding router.
The router sends the request to the app.
The following summarizes the roles and responsibilities of various components depicted in the Cloud Foundry routing architecture diagrams above. These summaries are limited to the roles and responsibilities these components have pertaining to routing. For more complete descriptions of these components, see Cloud Foundry Concepts, Cloud Foundry Components, and Diego Components and Architecture.
|BOSH manifest||Used to configure route registrar with route(s) for system components such as UAA and Loggregator.|
|Cloud Controller||Contains route metadata, including whether they are HTTP or TCP.|
|Diego BBS||Contains IP and port metadata as well as route metadata from Cloud Controller, which route emitter discovers.|
|Diego cell||Manages app instances and tasks and long-running processes related to them. A route emitter runs on each cell.|
|Gorouter||Routes HTTP traffic coming into Cloud Foundry to the appropriate component. Receives route updates through NATS. Routes that have not been updated in two minutes are pruned from the Gorouter’s database.|
|NATS||Receives routing configuration from route emitter and provides same to Gorouter.|
|Route registrar||Sends routing metadata described in BOSH manifest for system components such as UAA and Loggregator to NATS. This is because the Diego cell does not have information about system components, only about user spaces.|
|Route emitter||Periodically emits route, IP, and port metadata to NATS or Routing API as registration and unregistration messages. Does not know about app instances on Diego cell, but knows what cell it belongs to and learns about what app instances are running on its cell by asking Diego BBS for information about app instances on the same cell.|
|Routing API||Receives routing configuration from route emitter and other internal clients, and provides routing configuration for TCP router.|
|Routing database||Saves some routing data from Routing API. If the Gorouter misses a message about an unmapped route from NATS, it will not get it again, so TCP router and Routing API can consult routing database for current state of routes.|
|TCP router||Routes TCP traffic coming into Cloud Foundry to the appropriate component. Receives route updates through the routing API.|