github.com/voedger/voedger@v0.0.0-20240520144910-273e84102129/design/archive/20211001/bus.md

github.com/voedger/voedger@v0.0.0-20240520144910-273e84102129/design/archive/20211001/bus.md (about)

     1  # Bus
     2  
     3  Bus connects federation components
     4  
     5  # Routing
     6  
     7  ## Selecting Cluster
     8  
     9  - Request comes to `Federation Entry Point` using technology like `Amazon Geolocation routing policy`
    10  - If destination cluster is not current one request is followed to destination cluster
    11  - Otherwise application routing is started
    12  
    13  ## Selecting Role
    14  
    15  - Request is sent to application Main role
    16  - Main role can return `Redirect` answer
    17    - Request is sent to role defined by Redirect
    18    - Role can also return `Redirect` answer
    19    - Number of hops is limited to 4
    20    
    21  ## Selecting Partition
    22  
    23  - By default partition from request is used
    24  - If partition is not available `Emergency Partition` is used
    25  - If `Emergency Partition` is not defined yet it is selected on random basis
    26  
    27  # Bus Components
    28  
    29  - Each cluster has few `Routers` (number is fixed so far)
    30  - Each router has `Internal` and `External` addresses
    31    - `Internal Address` is used for task-router connections
    32    - `External Address` is used for router-router connections
    33  - Each `task` is connected to all routers by websocket
    34  - Each router keeps a connection with other clusters and forward requests if needed
    35  
    36  # DNS
    37  
    38  - `Federation Entry Point`: heeus.cloud
    39    - Resolved by `Amazon Geolocation routing policy`
    40  - `Master Cluster`: master.master.heeus.cloud
    41  - `Worker Clusters`
    42    - `<cluster>.<region>.<federation-entry-point>`
    43      - spb1.ru.heeus.cloud
    44      - spb2.ru.heeus.cloud
    45  
    46  # Request
    47  
    48  - `<federation-entry-point>/<region>/<cluster>/<user>/<app>/<service>/<wsid>/<module>/<function>`
    49    - `spb1.ru.heeus.cloud/api/ru/spb1/<user>/<app>/<service>/<wsid>/<module>/<function>`
    50  
    51  # Authentication
    52  
    53  # Authenticating Service Task
    54  
    55  - When Service `Task` starts it gets Service Token signed by `Cluster Key`
    56  - Task connects to `Router` and sends Service Token
    57  - Router also gets (part of) `Cluster Key` and uses it to authenticate task
    58  
    59  # Authorizing Client
    60  
    61  - Each application has `Auth Service`
    62  - Client sends request to `Auth Service`
    63  - `Auth Service` signs JWT token using `Application Secret`
    64    - JWT token content includes version of the secret
    65  - Client sends JWT signed by application
    66  
    67  # Links
    68  
    69  - [Amazon Route 53 — Routing Policies](https://medium.com/tensult/amazon-route-53-routing-policies-cbe356b851d3)