You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2018/09/13 17:13:47 UTC

[trafficserver] 01/02: Fixed the example to show YAML syntax. Fixed description to clarify that the HTTP CONNECT is not external. Removed the outbound HTTP CONNECT from the sequence diagram.

This is an automated email from the ASF dual-hosted git repository.

amc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 98e1c086e679e2726049e45449d5dd5298d8aa49
Author: Pushkar Pradhan <pp...@oath.com>
AuthorDate: Fri Aug 31 13:49:44 2018 -0700

    Fixed the example to show YAML syntax.
    Fixed description to clarify that the HTTP CONNECT is not external.
    Removed the outbound HTTP CONNECT from the sequence diagram.
---
 doc/admin-guide/layer-4-routing.en.rst | 34 ++++++++++++++--------------------
 doc/uml/l4-sni-routing-seq.uml         |  2 --
 2 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/doc/admin-guide/layer-4-routing.en.rst b/doc/admin-guide/layer-4-routing.en.rst
index 8739d38..2506cb8 100644
--- a/doc/admin-guide/layer-4-routing.en.rst
+++ b/doc/admin-guide/layer-4-routing.en.rst
@@ -49,10 +49,7 @@ SNI Routing
 ===========
 
 Currently the only directly supported layer 4 routing (as of version 8.0) is SNI based routing. This
-imposes some requirements on the traffic.
-
-*  The inbound connection must be TLS.
-*  The outbound destination must handle the HTTP ``CONNECT`` method.
+imposes the requirement on the traffic that the inbound connection must be TLS.
 
 SNI routing is configured by :file:`ssl_server_name.yaml`.
 
@@ -60,10 +57,11 @@ If SNI Routing is enabled the initial "`CLIENT HELLO
 <https://tools.ietf.org/html/rfc5246#section-7.4.1.2>`__" data of an inbound TLS connection is
 examined to extract the "`SNI <https://tools.ietf.org/html/rfc3546#section-3.1>`__" value. This is
 matched against the configuration data to select an action for the inbound connection. In this case
-the option of interest is ``tunnel_route``. If this is set then |TS| will connect to the specified
-destination and issue an HTTP ``CONNECT`` request using the SNI value as the URL for the request.
-Because the destination and the ``CONNECT`` are the same in general it will be necessary to use
-a plugin to change the URL in the ``CONNECT``.
+the option of interest is ``tunnel_route``. If this is set then |TS| will TCP connect to the
+specified destination and forward the "`CLIENT HELLO
+<https://tools.ietf.org/html/rfc5246#section-7.4.1.2>`__" to it.
+Internally |TS| does this by sending a HTTP ``CONNECT`` to itself with the host and port
+specified in the ``tunnel_route``.
 
 Example
 -------
@@ -100,24 +98,20 @@ service-2.example.com      app-server-56:4443
 
 The :file:`ssl_server_name.yaml` contents would be
 
-.. code-block:: lua
+.. code:: yaml
+
+
+   - tunnel_route: app-server-29:443
+     fqdn: service-1.example.com
 
-   server_config = {
-      {
-         fqdn = 'service-1.example.com'
-         tunnel_route = 'app-server-29:443'
-      },
-      {
-         fqdn = 'service-2.example.com'
-         tunnel_route = 'app-server-56:4443'
-      }
-   }
+   - tunnel_route: app-server-56:4443
+     fqdn: service-2.example.com
 
 In addition to this, in the :file:`records.config` file, edit the following variables:
 
    -  :ts:cv:`proxy.config.http.connect_ports`: ``443 4443`` to allow |TS| to connect
       to the destination port
-   -  :ts:cv:`proxy.config.url_remap.remap_required`: 0 to permit |TS| to process requests
+   -  :ts:cv:`proxy.config.url_remap.remap_required`: ``0`` to permit |TS| to process requests
       for hosts not explicitly configured in the remap rules
 
 The sequence of network activity for a Client connecting to ``service-2`` is
diff --git a/doc/uml/l4-sni-routing-seq.uml b/doc/uml/l4-sni-routing-seq.uml
index 00eb967..78a5156 100644
--- a/doc/uml/l4-sni-routing-seq.uml
+++ b/doc/uml/l4-sni-routing-seq.uml
@@ -15,8 +15,6 @@ Inbound <-[#green]> TS : <font color="green">//TCP//</font> Handshake
 Inbound -[#blue]> TS : <font color="blue">//TLS//</font> Client HELLO\nSNI=service-2.example.com
 note over TS : Examine SNI value\nSelect Outbound
 TS <-[#green]> Outbound : <font color="green">//TCP//</font> Handshake
-TS -> Outbound : <font color="red">//HTTP//</font> ""CONNECT"" app-server-56:4443
-Outbound -> TS : ""200 OK""
 TS -[#blue]> Outbound : <font color="blue">//TLS//</font> Client HELLO\nSNI=service-2.example.com
 note left : Duplicate of Inbound HELLO
 note over TS : Forward bytes\nInbound <&arrow-thick-left> <&arrow-thick-right> Outbound