On Mon, Oct 3, 2016 at 9:33 AM, Dimuthu Leelarathne <[email protected]> wrote:
> > > On Tue, Sep 27, 2016 at 12:08 PM, Sanjeewa Malalgoda <[email protected]> > wrote: > >> Hi, >> Before we need to take any decision about moving to pub/sub approach we >> need to consider some of the facts. >> >> As of now token revoke responses carrying revoke token as transport >> header and at gateway cache clear handler will remove revoked token from >> cache. Then it will replicate to other nodes through clustering. >> >> If we are planning to have pub/sub solution then either oauth2 >> implementation or cache clear handler at gateway should push this event to >> topic. >> Both cases we need to maintain message broker in gateway or key manager >> while all gateway workers subscribe to topic available there. >> Then we need to think about how high availability works for this >> broker(since we have multiple gateways and key managers in most of the >> deployments). IMHO it will add more complexity to deployment. >> >> My main point is even if we use pub/sub in order to achieve HA we need >> multiple broker instances. Then those need to synchup with each other and >> we need some sort of group communication for that(again clustering comes to >> picture). >> >> May be we can evaluate some solution like kafka for this. We are >> evaluating it for traffic manager update retrieving process(through kafka >> event publisher in CEP and extension to subscribe topics to fetch updates). >> It will not be a first class support but through extensions we may be able >> to do that. Even with that we need to maintain zoo-keeper cluster when we >> have multiple brokers(again this make deployment bit complicate). >> > > What if we add this as an deployment option? We can ship it as a component > that is switched on with configs. > No more deployment options please :D. We're having enough complications with the existing patterns. If we're doing this we should do it and recommend that only. Having too many options complicates the code base and the customer experiences as well. > > >> >> If need we can wait 15 minutes for cache timeout rather adding this kind >> of feature if users do not like to use gateway clustering. >> >> And clustering is required to replicate validation information cache >> across gateway nodes. Otherwise when LB not routing requests without >> session awareness gateways may do same key validation call again and again. >> In this case usually cluster communication is cheaper than another key >> validation call. So if we remove clustering completely then we need to >> think about this as well. >> > > I think the best here is switching on IP hashing at LB. > > Cos think of a case where we have to support a large TPS. Having this > would be so easy. For large TPS (say .. XXXXX TPS range) they wouldn't even > mind having a their own broker in HA. > > thanks, > Dimuthu > > > >> >> Thanks, >> sanjeewa. >> >> >> >> On Tue, Sep 27, 2016 at 11:31 AM, Dimuthu Leelarathne <[email protected]> >> wrote: >> >>> Hi, >>> >>> If we publish OAuth key revocation to a topic (we can do so using by >>> writing an extension to WSO2IS), we can remove clustering in the APIM >>> gateway. Are there better ways for achieving the same? Can we prioratise >>> this for next APIM release? >>> >>> thanks, >>> Dimuthu >>> >>> -- >>> Dimuthu Leelarathne >>> Director, Solutions Architecture >>> >>> WSO2, Inc. (http://wso2.com) >>> email: [email protected] >>> Mobile: +94773661935 >>> Blog: http://muthulee.blogspot.com >>> >>> Lean . Enterprise . Middleware >>> >> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> > > > -- > Dimuthu Leelarathne > Director, Solutions Architecture > > WSO2, Inc. (http://wso2.com) > email: [email protected] > Mobile: +94773661935 > Blog: http://muthulee.blogspot.com > > Lean . Enterprise . Middleware > -- Nuwan Dias Software Architect - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
