Configure traffic rules to control traffic from the gateway to backend services-Microservices Engine(MSE)-阿里云帮助中心

This topic describes how to configure traffic rules for cloud-native gateways. The traffic rules are used to control the encryption type and load balancing when traffic is routed to backend services.

Manage certificate encryption configurations of backend services

To encrypt traffic to backend services with TLS, enable certificate encryption.

Log on to the MSE console. In the top navigation bar, select a region.
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
In the left-side navigation pane, click Routes. Then, click the Services tab.

In the Actions column for the target service, click the 图标.png icon and choose Policies. In the Traffic Management section, click Edit to the right of Certificate Encryption Configuration.

Parameter	Description
TLS Mode	Default value: Disabled. Valid values: Disabled: indicates that the gateway is not connected to the backend service by using HTTPS. TLS: indicates that the gateway is connected to the backend service by using TLS. mTLS: indicates that the gateway is connected to the server by using the specified client certificate. If you set TLS Mode to mTLS, the client certificate is verified by the server.
Certificate ID	The ID of the client certificate. You need to configure this parameter only if you set TLS Mode to mTLS.
CA Certificate Public Key	The public key of the CA certificate that is provided by the server. You need to configure this parameter only if you set TLS Mode to mTLS and the server certificate needs to be verified.
Service Name	You can configure this parameter only if you set TLS Mode to TLS or mTLS. For more information about the configuration of this parameter, see TLS Extension Definitions.

After the configuration is complete, click OK.

Manage load balancing policies for backend services

Log on to the MSE console. In the top navigation bar, select a region.
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
In the left-side navigation pane, click Routes. Then, click the Services tab.

In the Actions column for the target service, click the 图标.png icon and choose Policies. In the Traffic Management section, click Edit to the right of Load Balancing Configuration.

Parameter	Description
Load Balancing Type	Valid values: Round Robin, Least Connections, Random, and Consistent Hashing. Note The least connections algorithm directs traffic to the backend instance with the fewest active requests. Unlike traditional least-connections algorithms for HTTP/1 (which count connections), this method counts individual requests. This provides more accurate load balancing for multiplexed protocols like HTTP/2 and gRPC.
Consistent Hashing Method	This is used only when you use Consistent Hashing. It supports source address hashing, header hashing, cookie hashing, and request parameter hashing. Source IP Address: Hash values are obtained based on the source IP address. Traffic is scheduled based on the hash values of the source IP address. Request Parameter: Hash values are calculated based on the query parameters in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing. Request Parameter: Enter a query parameter. Header: Hash values are calculated based on the header parameter in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing. Request Header: Enter the key value of the parameter in the Request Header field. Cookie: Hash values are calculated based on all cookies in the HTTP request. Requests that have the same hash value are forwarded to the same instance for processing. Cookie Name: Enter a name of the cookie. The name must be 1 to 64 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). Cookie Lifecycle: Enter the expiration time of the cookie. Cookie Path: Enter the path of the cookie.
Prefetch Time	This parameter is required when the load balancing type is set to round robin or Least Connections. The unit is seconds. During the warm-up time, traffic to a newly registered backend service node increases linearly.

After the configuration is complete, click OK.
After the load balancing policy is created and enabled, check whether the policy takes effect based on your business requirements.