DocsICP FilingConsole
官方文档
首页

Manage service traffic rules

更新时间:
复制 MD 格式
产品详情
我的收藏

Configure traffic rules for Cloud-native API Gateway to control encryption and load balancing for traffic routed to backend services.

Configure certificate encryption for backend services

To secure traffic to backend services with TLS, enable certificate encryption.

  1. Log on to the API Gateway console.

  2. In the left-side navigation pane, click Cloud-native API Gateway > Instance. In the top navigation bar, select a region.

  3. On the Instance page, click the target instance ID.

  4. In the left-side navigation pane, click Service. Then, click the Services tab.

  5. In the Actions column of the service that you want to configure, click the icon icon and choose Configure Policy. On the Configure Policy tab, in the Traffic Management section, click Edit to the right of Certificate Encryption Configuration.

    Parameter

    Description

    TLS Mode

    The default value is Close.

    • Close: The gateway connects to the backend service over HTTP.

    • TLS: The gateway connects to the backend service over TLS.

    • mTLS: The gateway presents a client certificate to the server, which verifies it if mTLS is enabled.

    Certificate ID

    Required when mTLS is set to mTLS. The client certificate ID.

    CA Certificate Public Key

    Required when mTLS is set to mTLS. The CA certificate public key for verifying the server certificate.

    Service Name

    Optional when TLS is set to TLS or mTLS. Maps to the TLS Server Name Indication (SNI) extension defined in TLS Extension Definitions.

  6. After you configure the parameters, click OK.

Configure load balancing for backend services

  1. Log on to the API Gateway console.

  2. In the left-side navigation pane, click Cloud-native API Gateway > Instance. In the top navigation bar, select a region.

  3. On the Instance page, click the target instance ID.

  4. In the left-side navigation pane, click Service. Then, click the Services tab.

  5. In the Actions column of the service that you want to configure, click the icon icon and choose Configure Policy. On the Configure Policy tab, in the Traffic Management section, click Edit to the right of Load Balancing Configurations.

    Parameter

    Description

    Load Balancing Type

    Available options include Round-robin, Least Connections, Random, and Consistent Hashing.

    Note

    With Least Connections, requests go to the backend instance handling the fewest active requests.

    This works well with HTTP/1, where each connection handles one request. In HTTP/2 or gRPC scenarios, where a single connection multiplexes multiple requests, this method cannot effectively balance load across gateway instances.

    Consistent Hashing Method

    Required when Consistent Hashing is set to Consistent Hashing. Supported hash keys: source IP address, header, cookie, or query parameter.

    • Based on Source IP Address: Routes traffic by a hash of the source IP address.

    • Request Parameter: Routes requests by a query parameter hash. Requests with the same hash value go to the same instance.

      Request Parameter: The query parameter name.

    • Header: Routes requests by a header hash. Requests with the same hash value go to the same instance.

      Request Header: The header name.

    • Cookie: Routes requests by a cookie hash. Requests with the same hash value go to the same instance.

      • Cookie Name: The cookie name. Up to 64 characters: letters, digits, underscores (_), and hyphens (-).

      • Cookie Lifecycle: The cookie expiration time.

      • Cookie Path: The cookie path.

    Prefetch Time

    Required when Round-robin is set to Round-robin or Least Connections. Unit: seconds. Traffic to newly registered backend instances ramps up linearly to full weight during this period.

  6. After you configure the parameters, click OK.

    Verify that the load balancing policy takes effect based on your business requirements.

Previous:Manage servicesNext:Configure service health checks