Recently involved in the public cloud microservice project, has not been publicly published for some time. Through the practice process of transforming public cloud micro-service project, share the public cloud micro-service network architecture and service deployment scheme. The network architecture diagram of each platform is similar, but the details are different according to the components of its own services. If others’ architectures are not consistent with yours, it is important to understand the responsibilities of each layer of architecture and each service, as well as the interaction logic between services. We migrated based on the architecture of the private cloud, maintaining some of the architecture and complementing the public component parts of the original private cloud deployment. After moving to the public cloud, some common components are built and operated by us. Please see the following figure for an overview of the arrangement:

Network architecture overview diagram

First, the Internet layer

The extranet layer is also the top layer of the network architecture. It refers to the service notification used on the Internet and access services by IP address or domain name. The domain name is resolved to the specified Internet machine by the resolution server. Internet machines are typically built using cloud services.

Second, cloud service platform layer

Cloud computing can be roughly divided into three categories according to service types:

  • Infrastructure as a service Iaas
  • Platform as a service PaaS
  • Software as a service SaaS

Cloud computing can be divided into three categories according to the deployment mode of cloud computing services and the scope of service objects, namely, public cloud, private cloud and hybrid cloud.

  • Public cloud: Operated by cloud service providers, IT provides end users with a variety of IT resources, from applications and software environments to physical infrastructure. In this approach, cloud service providers need to guarantee non-functional requirements such as security and possibility of the resources provided, while end users do not care about who provides the specific resources and how to implement them.
  • Private cloud: IT is a cloud computing center built by enterprises for their own use. Compared with public clouds, private clouds can support dynamic and flexible infrastructure, reduce the complexity of IT architecture, integrate and standardize various IT resources, and more easily meet the needs of enterprise business development. In addition, private cloud users fully own the entire cloud computing center facilities (such as middleware, servers, networks, and storage devices).
  • Hybrid cloud: A combination of “public cloud” and “private cloud”. Users can partly own and partly share with others in a controlled way.

What are cloud services?

Cloud services are the addition and use of Internet-based related services, usually involving dynamic, easily scalable and often virtualized resources of the Internet. Cloud is a metaphor for the network and the Internet. Cloud services refer to services that can be obtained on demand and easily scaled over the network. This service can be IT and software, Internet related, or other services. It means that computing power can also be sold as a commodity over the Internet.

For this layer, we use WAF firewall provided by cloud service to make security protection between the external network and the tenant area. Add a VIP to the WAF firewall to manage the application services in the tenant area.

Iii. Tenant area

In the tenant zone, you can purchase resources such as the ECS server, RDS Mysql, Redis, object storage OSS, SHORT message service, and elastic public IP address through cloud services.

According to the above resources, our services are divided into two categories:

  • Application service
  • Base Component services



    In the figure above, application services are provided on the left, providing business services. On the right are basic component services that provide application services

Application service

The entrance of application service is Nginx, and application service is divided into three layers: unified gateway layer, Web application service layer, atomic service layer.

1. Unified gateway layer

The FIREWALL VIP calls to the application service’s Nginx, and the Nginx proxy to the application gateway. All network traffic passes through the gateway and is forwarded by the unified gateway service. Forwarding can only be forwarded to Web application services, not to mid-platform services. RPC remote call is used to access Web application services and central service or central service. When the application service needs to call the underlying component, according to the extensible scheme, the access needs to go through the VIP. The basic components that application services access are not real machines but Virtual IP addresses (VIPs).

2. Web application services

Business logic is implemented according to business requirements. The combination of central Taiwan services to achieve the goal of business requirements.

In the figure, you can divide your services according to your business. Here are just a few of them as representatives. But it’s not limited to these services

3. Atomized Service (Central Taiwan Service)

In the Internet e-commerce industry, service requirements are constantly changing and stable according to business needs. Different business needs change, resulting in service instability. Then divide into atomized services based on responsibility modules, and divide into systems based on responsibility. In this way, the central service is responsible for basic data and stable business services, while changeable or customizable services are provided by Web application services.

In the figure, you can divide your services according to your business. Here are just a few of them as representatives. But it’s not limited to these services

In a high availability solution, two ECS are allocated to each system to ensure the lowest high availability.

Base Component services

The entry point for the base component is the LVS, and it is mentioned in the application service that a VIP needs to be assigned in the LVS.

Why use VIP?

VIP (virtual IP) is a common use case for the application of High Availability HA of the system. Usually, the system will break down due to routine maintenance or non-family planning in a case outside the system. In order to improve the High Availability of external services of the system, the High Availability is configured in active/standby mode. If host M breaks down, the standby host S continues to provide services. In this case, the IP address used by the system to provide services for the client is a virtual IP address. When host M breaks down, the virtual IP address floats to the standby host and continues to provide services.

In this case, the virtual IP is not with the particular computing host or a particular physical network card, it is a virtual or said is the concept of logic, it can be free to move freely floating, thus both foreign blocked the details of the internal system, and for internal system provides a convenient maintainability and extensibility.

LVS is a layer 4 proxy, which uses TCP protocol in its components.

  • Message service RabbitMQ
  • Cache service Redis because there is HTTP protocol in the component, so you need to use Nginx to do a layer of proxy, using HTTP protocol components by:
  • Registry Eureka
  • Certification Center Passport
  • Scheduling platform xxL-job
  • Image service FastDFS

In addition, basic components include: Configuration center ZooKeeper and search service Solr, which are directly accessed by application services without LVS proxy.

Because each component implementation principle is different, the number of machines used is also different. The highly available backend for each of their services is described in detail separately for each component. Finally, draw the overall network architecture diagram according to the above description:

Therefore, we explain our practice and deployment scheme in these public cloud micro-service projects. The overall network architecture diagram is as follows:

The above is based on personal practice and understanding in this project. If you have a better plan or idea, please follow the wechat public account “Ape code” and express your opinion. Or leave a comment at the bottom suggesting our love of technology

Your concerns will continue to be posted on related topics, and related technologies.

This article is published by OpenWrite!

Thanks again!! You have read the whole article, welcome to pay attention to the wechat public number ape code, your support is my motivation to continue to update the article!