Recently participated in 公有云微服务项目, it has been for some time unpublished. By this transformation practice public cloud service micro-projects, share public cloud micro-service network infrastructure, and service deployment.
Each platform network architecture is similar, but the details have yet not the same components, architecture take over someone else's inconsistent for your architecture according to its own services, it must first understand each structure and responsibilities of each service, and the service interaction logic between the service. We migrated according to a private cloud infrastructure over to keep some of the architecture, complementing the original component parts in public private cloud deployments. After moving to the public cloud, build some public assemblies and by our own operation and maintenance. Finishing the overview map see below:
Network architecture overview map
First, the Internet layer
Outer plexiform layer is the top layer network architecture, it refers to the use of the service report exposed on the Internet, by way of IP or domain name to access the service. Accessed through the domain name resolution server, the Internet resolves to the designated machine.
Internet machines generally use cloud services building.
Second, cloud services platform layer
Cloud types of services can be roughly divided into three categories:
- The infrastructure as a service Iaas
- The PaaS platform as a service
- Software as a service SaaS
According to the scope of deployment and service objects cloud computing services cloud computing can be divided into three categories, namely public cloud, private cloud and hybrid cloud.
- Public cloud: the cloud service provider is operating, provided from the application to the end user, the software operating environment, physical infrastructure, a wide variety of IT resources. In this way, the cloud service providers need to ensure that non-functional requirements such as security and the possibility of the provided resources, and end users who do not care about the specific resources provided, how and so on.
- Private cloud: self use by the enterprise cloud computing center, with respect to the public cloud, private cloud can support dynamic and flexible infrastructure, reduce the complexity of IT infrastructure, IT resources can make all kinds of integration, standardization, easier to meet the business business development needs, while private cloud user is fully owned facilities (such as middleware, servers, networks and storage devices, etc.) the entire cloud computing center.
- Hybrid Cloud: is the way the "public cloud" and "private cloud" together. Users can partially owned by a controlled manner, partially shared with others.
What is a cloud service?
Cloud service is based on the increase and the use of Internet-related services, usually involving the Internet dynamically scalable and often virtualized resources. Cloud is a network, an Internet metaphor.
Cloud services through a network refers to demand, and scalable way to obtain the desired service. This service can be IT and software, Internet-related, but also other services. It means that computing power can also be used as a commodity circulation via the Internet.
This layer we use cloud services provided WAF防火墙for in doing a security zone between the external network and the tenants. WAF firewall 增加一个vipto manage application service tenant area.
Third, the tenant area
Tenant cloud service area is through the purchase of ECS服务器, 云数据库RDS Mysql版, 云数据库Redis版, 对象存储OSS, 云通信-短信服务, 弹性公网IPand other resources.
Based on the above resources according to our services into two categories:
- Application Services
- Basic component services
above figure did make separate: the left side for the application services, providing business services. Based on the right of assembly services, application service provider services
Application Services
Entrance application services is Nginx, application service is divided into three layers: 统一网关层, Web应用服务层, 原子化服务层.
1, unified gateway layer
VIP hit by a firewall application services Nginxabove, Nginx proxy to 应用网关all network traffic through the gateway, the gateway forwards the unified service. Forwarded only be forwarded to Web应用服务, not forward to the desk. Access between the use of Web services and applications in service stations or service stations RPC远程调用.
When the application service need to call the base component according to a scalable solution, need access through the VIP. The basic components of the application service access is not a real machine, but VIP (Virtual IP Address).
2, Web application services
It is based on business needs and achieve business logic. Combination desk services, achieve the goal to achieve business needs.
In the figure is divided according to their own service business, here is a look at a few simple list as a service representative. But not limited to these service
3, atomic services (the service stations)
Internet electricity supplier industry, according to ever-changing business requirements, service requirements continue to stabilize. Different business needs change, caused by the instability of the service. The module then functions divided into a plurality of services atoms, and divided according to the respective system functions. So as to achieve the service is responsible for the basic data sets and stable business service, varied or customized services provided by the Web application services.
In the figure is divided according to their own service business, here is a look at a few simple list as a service representative. But not limited to these service
In high availability solutions in order to ensure minimum availability of each system is assigned two ECS, to ensure high availability.
Basic Component Services
Entrance base component is LVS, LVS services mentioned in the application needs to allocate VIP.
Why use VIP?
VIP (Virtual IP) is the more common use case is the application of the system high availability (High Availability HA) area, usually a tie situation outside the planning and development system because of routine maintenance or non-planning downtime, in order to improve the system of foreign service high availability, standby mode will be used for high-availability configuration. When the master M down to provide services, the service will be switched to the standby host S to continue to provide services. And all this is imperceptible to the user, in which case the IP address of the system to provide services to the client will be a virtual IP, when the host M is down, the virtual IP will float to the backup machine, continue to provide services .
In this case, the virtual IP is not correspond to a specific host or a specific calculation of a physical network card, but rather a kind of virtual or that the concepts of logic, it is free to move freely floating, so that both the external details screen inside the system, and provides a convenient expandability and maintainability within the system.
LVS agent belonging to four, using the TCP protocol in the component by:
- RabbitMQ messaging service
- Redis caching service
because the components as well as the HTTP protocol, you do need to use Nginx layer proxy, HTTP protocol adopted by the assembly: - Registry Eureka
- Passport authentication center
- Scheduling platform XXL-JOB
- Picture Service FastDFS
In addition, the base assembly further comprising: a 配置中心 zookeeper, 搜索服务 Solrthese two services without LVS agent directly accessed by applications.
Due to the realization of the principle of each component is not the same, the number of machines used are not the same. They backstage availability of each service separately for each component is described in detail.
Finally, the above description of the overall network architecture shown in FIG:
Of this, we explain the practice and public cloud deployments these micro-services, the overall network architecture diagram is as follows:
These are based on individual practice and understanding in this project, if you have a better plan or idea may be concerned about 微信公众号"猿码", give your opinion. Or leave a message at the bottom of the article to suggest that we love technology ~ ~ ~ ~
Your attention will continue to publish relevant topics, and related technologies.
Thank you again have to read the full text, welcome attention to micro-channel public number 猿码, your attention will continue to update my article!