One of the pieces of feedback that I received today was around the infrastructure layout. One of my architectural goals is to not only break apart the backend services, but to also create some level of isolation within the front-end web applications. The question that was raised was around who is responsible for routing an incoming request to the right application on whatever server it lives.
This question can be answered in quite a few number of ways. Before I begin, let me set the stage. Since we are an online retailer, maintaining the urls that are in the wild are critical. We put a great deal of effort into ensuring that we do not terminate an experience in a 404 page. We also have a second to none SEO department that often ranks our products above the manufacturer in the search results. Given that we have thousands of redirect and rewrite rules to preserve the links. They update these links everyday, so the dynamic nature of our routing creates a quite a challenge.
The first thought that came to mind a couple of weeks ago was to create a series rules within our load balancer. But I was concerned about adding the routing logic through custom rules given how dynamic they are. I think any way that we chose to make it work would have been a hack, so that idea fell by the wayside.
Knowing that these rules are dynamic and their execution had to be as fast as possible, I floated the idea of a simple proxy like nginx or squid. I met with our senior engineers and that was the pattern that we settled on and to use nginx. This would require us to create a module that we would wire up to our data, but that seems to be a better way than using the iRules in the load balancer. It seems to fit our needs.
During today’s feedback session there was another idea floated. They brought up the idea that instead of using a dedicated proxy, leverage the policy magic of the API gateway. To be fair, the gateway was already planned to be used for routing and load balancing of the APIs. While the gateway can certainly facilitate the routing, something stinks and I can’t figure out exactly what.
Anyways, here is the diagram for what I think meets the needs of the architecture.
One of the benefits that we get from using nginx is that it can go in the DMZ as the only server that is exposed. To me that seems like a very compelling reason to go this route (no pun intended). We are going to get back together tomorrow after we have marinated overnight. We will see how thinks look then.