You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a connection to a TLS enabled backend fails, Gorouter tries to send a request to another backend of the app before returning a response to the client. In an environment where some backends are TLS enabled and some are not, if the Gorouter first chooses a TLS enabled backend and fails, and if it subsequently chooses a non TLS backend, then it will appropriately use a plain text request. details
Previously if an operator sets router.disable_http: true in the Gorouter manifest, requests for a route bound to a route service running as an app on the platform would return a 502. This has now been fixed, route services will work as expected when router.disable_http: truedetails
Golang version updated from 1.9.1 to 1.9.4 details
Gorouter now supports websocket connections to backend applications for routes registered with tls_ports details
routing-release now enables operators to expose available UAA clients via BOSH links in cf-deployment details
We see a performance degradation in this release, on further investigation we are confident this is not related to routing-release changes or stemcell changes. This strongly suggests it might be due to underlying IaaS performance. We see a 10% decrease in peak latency from 4150 requests/s to 3750 requests/s and an increase in latency at throughput above 2750 requests/s.
The performance report included with this release shows a performance degradation since the last release. This can be attributed to the hypervisor patches on AWS and the BOSH stemcell patch for Meltdown. On our test environment we observed less than a 5% decrease in peak throughput from 4300 requests/s to 4150 requests/s, and latency increased marginally at throughput levels of 3500 requests/s and more.
Gorouter now emits a metric total_dropped_messages that gives the total number of messages dropped by the NATs client details
Gorouter now emits a metric buffered_messages that gives the size of the number of messages in the NATs client buffer details
In 0.168.0 support was added to Gorouter for three configurable behaviors regarding validation of client certificates. In this release the default was changed from none to requestdetails
Gorouter now immediately prunes backends registered with tls_port when TLS handshake fails because backend doesn't support TLS details
Gorouter now supports three configurable behaviors regarding validation of client certificates: validation disabled, validate if present but not required, and client cert required details
Manifest Property Changes
router
0.167.0
0.168.0
Default Value
did not exist
router.client_cert_validation
none. The default will be changed to request in the next version.
Routing Acceptance Tests no longer leak verbose-level output details
Routes registered with tls_port and server_cert_domain_san are only pruned when validation of application identity (using server_cert_domain_san) fails details
Route registrar now supports registration of backends with TLS; this causes Gorouter to initiate TLS sessions with backends details
README updated with documentation explaining log levels details
Operator may now disable writing access logs locally using the router.write_access_logs_locally property details
Gorouter now depends on the bosh logrotate cron job details
Manifest Property Changes
router
0.166.0
0.167.0
Default Value
router.logrotate.freq_min
removed
router.logrotate.rotate
removed
router.logrotate.size
removed
did not exist
router.write_access_logs_locally
true
route-registrar
0.166.0
0.167.0
Default Value
route_registrar.routes
Objects in the routes array now support optional fields tls_port and server_cert_domain_san
Gorouter performance improved with logging optimization details
Routing components now use uaa for DNS host check instead of consul, enabling removal of consul-agent in environments where BOSH DNS is enabled details
Increased availability / TLS with backends (in Progress)
When backends.enable_tls:true Gorouter doesn't prune routes with tls_port when ttl expires details
When backends.enable_tls:true Gorouter prunes routes with tls_port when ttl expires and request fails details
Gorouter now uses server_cert_domain_san field from NATS message field to validate app identity details
