2. 2
Organizers
Jitendra Bafna
Senior Solution Architect
Capgemini
About the organizer:
➢ Working as Senior Solution Architect at Capgemini.
➢ Surat and Nashik MuleSoft Meetup Leader and MuleSoft
Ambassador.
➢ 12.5+ Years of Experience in Integrations and API Technologies.
➢ Certified MuleSoft Integration Architect and platform Architect.
3. 3
Organizers
Hemant Nehete
Technical Architect
LTI
About the organizer:
➢ Overall 15+ years IT experience in various phases of Software
development life cycle and Agile Methodology to deliver
varieties of projects and 5+ years of experience as Technical
Architect/Service Delivery Manager for planning, development,
automation, and delivering the solutions end to end.
4. 4
Speakers
Jitendra Bafna
Senior Solution Architect
Capgemini
About the speaker:
➢ Working as Senior Solution Architect at Capgemini.
➢ Surat MuleSoft Meetup Leader and MuleSoft Ambassador.
➢ 12.5+ Years of Experience in Integrations and API Technologies.
➢ Certified MuleSoft Integration Architect and platform Architect.
5. CHEERS..!!
We have prizes to give away!
3 Winners a special prize is ready
5
A SHOW OF HANDS:
New Members With Us.!!
8. CloudHub provides 2 type of load balancers
Shared Load Balancer – Shared Load Balancers is available in all the environments and
provided basic functionality.
Dedicated Load Balancer – Dedicated Load Balancer overcomes the limitation of Shared Load
Balancer and can allows to access the application deployed within Anypoint Virtual Private Cloud.
8
CloudHub Load Balancer
9. • Shared load balancer that is multitenant.
• Shared load balancer provides functionalities like TCP load balancing — but at the same time
it has lower rate limits, and doesn’t allow you to configure custom SSL certificates, and
configure custom DNS.
• If an application exceeds the rate limit for a shared load balancer, the load balancer returns a
429 Service Unavailable response.
• The shared load balancer supports TLS versions 1.1 and TLS 1.2.
9
Shared Load Balancer
10. 1
0
Shared Load Balancer - Domain
Region Sub-Domain
US East (North Virginia) us-e1.cloudhub.io
US East (Ohio) us-e2.cloudhub.io
US West (Oregon) us-w2.cloudhub.io
US West (North California) us-w1.cloudhub.io
Canada (Central) ca-c1.cloudhub.io
Brazil (Sao Paulo) br-s1.cloudhub.io
Europe (Ireland) ir-e1.cloudhub.io
Europe (Frankfurt) de-c1.cloudhub.io
UK (London) uk-e1.cloudhub.io
Asia Pacific (Tokyo) jp-e1.cloudhub.io
Asia Pacific (Sydney) au-s1.cloudhub.io
Asia Pacific (Singapore) sg-s1.cloudhub.io
12. • Dedicated load balancer is an optional component in Anypoint Platform and which accepts the
HTTP/HTTPS requests from the clients and route the request to the application deployed in
Anypoint VPC. It is one of the powerful components in Anypoint Platform ecosystems and
provides more features and control as compared to shared load balancers.
• To create a dedicated load balancer, you must first create an Anypoint VPC that can be
associated with one or more environments. The same dedicated load balancer can be used
with different environments within the same VPC.
• Each dedicated load balancer exposes an external CNAME record lb-
name.lb.anypointdns.net that resolves to the two or more public IP addresses and internal
CNAME internal-lb-name.lb.anypointdns.net.
1
2
Dedicated Load Balancer
14. 1
4
Dedicated Load Balancer – Whitelisted CIDRs
To enable dedicated load balancers, they must be used by a set of IP addresses or single IP
addresses. You will need to add those IP addresses in the form of CIDR notations such as
192.168.1.0/24. By default, all of the public traffic allowed on a DLB is 0.0.0.0/0. If you want to
allow public traffic from a few clients, you can delete the default CIDR and allow only CIDR from
which the dedicated load balancer has to accept traffic.
This is useful when there is a requirement that your dedicated load balancer can be accessed
publicly by the fewer clients. Lets consider allowed CIDR is 192.168.1.0/24, in this case dedicated
load balancer will allow traffic from that CIDR only and it will drop traffic from other IP ranges as
shown in below diagram.
16. 1
6
Dedicated Load Balancer – Certificates
It is mandatory to have at least one certificate associated with a dedicated load balancer. To enable
the SSL endpoint to serve the client, there must be a private and public key configured on your
dedicated load balancer. Dedicated load balancers can have one or more SSL endpoints, each
identified by the Server Certificate Common name.
Certificates are important to enable the SSL handshake between client and dedicated load balancer.
A dedicated load balancer also supports Mutual Authentication (Two Way SSL).
Certificates must be contained in one unencrypted, PEM file. It can support multiple DNS as well as
wildcard certificates (e.g. *.example.com).
17. 1
7
Dedicated Load Balancer – Inbound HTTP Mode
Inbound HTTP Mode basically defines the behavior of the load balancer when receiving the HTTP
request. This is one of the most important settings in the dedicated load balancer configuration, as it
defines whether dedicated load balancer can accept the request on HTTP or HTTPS protocol and do
dedicated load balancer needs to perform SSL Offloading or SSL Tunneling. Below are the three
options provided:
• Off – Dedicated load balancer will silently drop all HTTP requests. It will only accept traffic on
HTTPS.
• On – Dedicated load balancer will accept the traffic on default SSL endpoints using the HTTP
protocol.
• Redirects – Dedicated load balancer will redirect the traffic to the same url using HTTPS
protocol.
18. 1
8
Dedicated Load Balancer – Mapping Rules
Mapping rules is one of the vital components in the dedicated load balancer as it is responsible for
routing the request to the applications within the CloudHub environment. It is important to
implement the mapping rules and those mapping rules will be associated with the certificates defined
in the dedicated load balancer. Mapping rules may vary depending on the requirements, subdomain,
naming conventions of applications deployed in the CloudHub and the environments.
To add mapping rules, we need to understand a few parameters:
Input Path (inputUri) – It is the Uri that the client requests for example, /{app}/
Target App (appName) – It is the name of the application deployed in CloudHub within the
Anypoint VPC.
Output Path (appUri) – It is the Uri string that passes to the application
Protocol – It is the protocol on which the application is listening for example, http, https, or ws
The values defined within the curly brackets ({ }) are treated as variables and the variables cannot
be used in the output path. Variable names can contain only the characters in lower case a-z and no
other characters.
19. 1
9
Dedicated Load Balancer – Mapping Rules 1
The application name can be passed as the input path and can be directly mapped to the
application in CloudHub.
Examples include:
Map requests the rules https://api-dev.example.com/{app} and redirects them to
http://{app}.region.cloudhub.io/.
Inbound requests https://api-dev.example.com/ecommerce-dev/invoices, redirect
to http://ecommerce-dev.us-e1.cloudhub.io:8091/invoices
The {app} is thereby eCommerce. An example of the dedicated load balancer mapping rules can
be seen below.
21. 2
1
Dedicated Load Balancer – Mapping Rules 2
Another common use case is using wildcard certificates (*.example.com). When using wildcard
certificates, you can use a subdomain variable to map the subdomain.
Subdomain plays a critical role in routing the request to the right applications in a particular
environment within Anypoint VPC. For example, a dedicated load balancer uses wildcard
certificates and externally resolves them by the api-dev.example.com for the dev environment
and the api-test.example.com for the test environment.
Applications deployed on a dev environment will be named appName-api-dev and applications
deployed on a test environment will be named appName-api-test.
22. 2
2
Dedicated Load Balancer – Mapping Rules 2
Let’s consider the below mapping rule which uses the subdomain to route the request to the
right application in a particular environment.
Subdomain is the variable to map:
•Inbound request on https://api-dev.example.com/ecommerce/invoices (DLB)
to http://ecommerce-api-dev.us-e1.cloudhub.io:8091/invoices (CloudHub Dev Environment)
•Inbound request on https://api-test.example.com/ecommerce/invoices (DLB)
to http://ecommerce-api-test.us-e1.cloudhub.io:8091/invoices (CloudHub Test Environment)
24. 2
4
Dedicated Load Balancer – Mapping Rules
Priority
Dedicated load balancer will apply the first matching rule regardless of more exact matching
rules available. A rule defined first, at index 0, has higher priority against other rules defined
after it. The higher the index assigned, the less priority the mapping rule has.
27. Get ready to WIN a Special Gift from MuleSoft Community
Quiz Time
28. Question 1
Can we use Mutual Authentication with Shared Load Balancer?
a. True
b. False
28
29. Question 2
What is subdomain in the url api-stage.example.com?
a. api
b. stage
c. api-stage
d. example
29
30. Question 3
What is default port associated with https.private.port in VPC?
a. 8081
b. 8082
c. 8091
d. 8092
30
31. 31
Share:
○ Tweet your pictures using the hashtag #NashikMuleSoftMeetup
○ Invite your network to join: https://meetups.mulesoft.com/nashik/
Feedback:
○ Fill out the survey feedback and suggest topics for upcoming events
○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program
○ Reach out to either Jitendra Bafna or Hemant Nehete to suggest topics for next Meetup
What’s next?