All Products
Search

This Product

    API Gateway:Manage traffic rules

    Document Center

    API Gateway:Manage traffic rules

    Last Updated:Jan 07, 2025

    This topic describes how to configure traffic rules for Cloud-native API Gateway instances. The traffic rules are used to control the encryption type and load balancing when traffic is routed to backend services.

    Manage certificate encryption configurations of backend services

    If you want to use the Transport Layer Security (TLS) protocol to access backend services, you can enable encryption configurations for the backend service certificates.

    1. Log on to the Cloud-native API Gateway console.

    2. In the left-side navigation pane, click Instance. In the top navigation bar, select a region.

    3. On the Instance page, click the name of the gateway instance that you want to manage.

    4. In the left-side navigation tree, click Service. Then, click the Services tab.

    5. On the Services tab, find the service that you want to encrypt, click the 图标.png icon in the Actions column, and select Policy Configuration. On the Configure Policy tab, find the Traffic Management section, click Edit to the right of Certificate Encryption Configuration, and then configure the parameters.

      Parameter

      Description

      TLS Mode

      Default value: Disable. Valid values:

      • Disable: indicates that the Cloud-native API Gateway instance is not connected to the backend service by using HTTPS.

      • TLS: indicates that the Cloud-native API Gateway instance is connected to the backend service by using TLS.

      • mTLS: indicates that the Cloud-native API Gateway instance is connected to the server by using the specified client certificate. If you set TLS Mode to mTLS, the client certificate is verified by the server.

      Certificate ID

      If you set TLS Mode to mTLS, you must specify the ID of the client certificate.

      CA Certificate Public Key

      If you set TLS Mode to mTLS, you must enter the public key of the certificate authority (CA) certificate provided by the server.

      Service Name

      If you set TLS Mode to TLS or mTLS, you need to configure this parameter. For more information about the configuration of this parameter, see TLS Extension Definitions.

    6. Click OK.

    Manage load balancing policies for backend services

    1. Log on to the Cloud-native API Gateway console.

    2. In the left-side navigation pane, click Instance. In the top navigation bar, select a region.

    3. On the Instance page, click the name of the gateway instance that you want to manage.

    4. In the left-side navigation tree, click Service. Then, click the Services tab.

    5. On the Services tab, find the service for which you want to configure a load balancing policy and choose 图标.png > Policy Configuration in the Actions column. On the Configure Policy tab, find the Traffic Management section, click Edit to the right of Load Balancing Configurations, and then configure the parameters.

      Parameter

      Description

      Load Balancing Type

      Valid values: Round-robin, Least Connections, Random, and Consistent Hashing.

      Note

      If you set Load Balancing Type to Least Connections, requests are forwarded to the instance with the fewest requests that are being processed in the backend service.

      In HTTP/1 scenarios where each connection handles only one request, load of other Cloud-native API Gateway instances can also be balanced by forwarding requests to the Cloud-native API Gateway instance with the fewest requests that are being processed. In HTTP/2 scenarios, such as Google Remote Procedure Call (gRPC), where a single connection can handle multiple requests at the same time, loads of Cloud-native API Gateway instances cannot be balanced by forwarding requests to the Cloud-native API Gateway instance with the fewest requests that are being processed.

      Consistent Hashing Method

      This parameter is valid only if you set Load Balancing Type to Consistent Hashing. Valid values: Based on Source IP Address, Request Parameter, Header, and Cookie.

      • Based on Source IP Address: Hash values are obtained based on the source IP address. Traffic is scheduled based on the hash values of the source IP address.

      • Request Parameter: Hash values are calculated based on the query parameters in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing.

        Request Parameter: Enter a query parameter.

      • Header: Hash values are calculated based on the header parameter in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing.

        Request Header: Enter the key value of the parameter in the Request Header field.

      • Cookie: Hash values are calculated based on all cookies in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing.

        • Cookie Name: Enter a name of the cookie. The name can be up to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-).

        • Cookie Lifecycle: Enter the expiration time of the cookie.

        • Cookie Path: Enter the path of the cookie.

      Prefetch Time

      If you set Load Balancing Type to Round-robin or Least Connections, you need to configure this parameter. Unit: seconds. In the service prefetching period, traffic on the nodes of the newly registered backend services linearly increases.

    6. After you complete the configurations, click OK.

      After the load balancing policy is created and enabled, check whether the policy takes effect based on your business requirements.