Proxies are invisible workers that help keep networks safe, optimise bandwidth, offload processing from backend servers, and ensure the smooth flow of requests. A typical request from your computer across the Internet to a website will pass through many proxy servers. Let’s look at that in more detail.
In computer networks, a proxy acts as an intermediary for requests from clients to servers for resources. An outbound proxy provides both security isolation and performance optimisation for network traffic. Internal clients protected by a firewall do not have direct access out to the Internet. Instead, clients send all requests to a proxy that does have external access that then makes the requests on behalf of the original client. The proxy can optionally cache content locally optimising the use of network bandwidth and providing faster responses to clients.
Servers make use of proxies for handling incoming requests. In this configuration, it is called a reverse proxy; providing security and performance benefits as before along with load balancing. The reverse proxy typically provides access to numerous backend servers protected behind a firewall without the client being aware of their existence. Optional SSL termination, data compression, and content caching provide performance optimisations.
Proxies and Microservices
Reverse proxies are a critical component of microservices applications. They provide an externally reachable endpoint for services along with performance enhancements as mentioned above; in a Kubernetes environment, they are called Ingress Controllers. There are various implementations available including:
In addition to primary request routing, reverse proxies can provide more advanced routing functionality such as load balancing, circuit breakers, rate limiting, A/B deployment and canary testing. Service Meshes, more about these in a later article, utilise the advanced capabilities of proxies to enable their functionality. Some of the proxy implementations additionally offer simple tracing support, producing Zipkin or Jaeger (OpenTracing compliant) spans for the requests they route.
The dynamic nature of microservices applications presents challenges when implementing reverse proxies. Services can come and go as they are revisioned or scaled and will have random IP addresses assigned. The synchronisation of the available services and the configuration of the reverse proxy is essential to ensure error-free operation. One solution is to use a service registry (e.g. etcd) and have each service maintain its registration while it is running. The reverse proxy watches the service registry to keep its configuration up to date. Kubernetes does all of this automatically for you as part of its automation. The Kube DNS process maintains the service registry with an address (A) and service (SRV) record for each service. The Kube Proxy process routes and load balances requests across all instances of the services.
Monitoring Proxies With Instana
With all incoming request traffic for a microservices application typically passing through proxies, it is essential to monitor the performance and health of those proxies. Instana sensors include support for Envoy Monitoring, Nginx Monitoring and Traefik Monitoring, with more proxy technologies coming. Instana can consume both Zipkin and Jaeger trace spans along with those from its sensors. In addition to the traces, the Instana sensors also collect time-series performance metrics providing a comprehensive view of health and performance. Instana’s built-in AI-powered rules engine automatically analyses the trace and time-series metric data, providing proactive alerting on performance issues or errors. Providing operators with precise information on what needs fixing or optimising.
Instana’s automatic monitoring extends across many different technologies providing complete end to end visibility across your microservices application. Automated instrumentation of most language runtimes enables deep visibility into application code and saves time and effort over manual instrumentation.