microservicesazure-service-fabricservice-fabric-on-premises

Service Fabric - How to reserve or protect my hardcoded Port

Landscape:

  1. We have an Application with two micro services.

    Micro Service A is used to expose the application outside the cluster (our web server)

    Micro Service B is our business functionality.

  2. We have an F5 in front of Micro Service A to handle the load balancing over the hard coded Ports(onPrem).

  3. Inside Micro Service A we are hard coding specific ports for the http endpoint in the manifest.

Problem: We witness it is possible that sometimes Micro Service B (Business functionality) will steal the port that Micro Service A is hard coded to use. Then it will never start the service correctly.

We also see that SF seems to use the available ports sequentially. So If we hard coded Micro Service A to use port 001 and the Micro Service B to be random. When A got restarted sometimes B would grab 001.

Possible Solutions:

  1. We could hard code all Micro Services - Don't like it.
  2. We could reserve the higher range for these hard coded ports. For example if Service Fabric uses 1000 ports we can keep 501-1000 for Service A and let Service B grab 001-499. This only delays the issues until you have more than 500 instances. - Not a big fan of this either.
  3. Hard code the port to be a port that is outside of the range of the cluster? For example if we used 20001-20500 as the ApplicationEndpoints range when setting up the cluster, if we hard code MicroService A to user 21000 it seems to work? I"m not sure what unintended consequences that could create?

Please give me a great option 4 :)

Thanks,

Greg

Solution

  • When you have this scale level, the best approach is use node types to handle external access separate from Internal.

    You would create a FrontEnd NodeType to host your APIs or WebServices that expose hard-coded ports(i.e.: 80, 443), and then create BackEnd NodeType to host your services with random ports. With this approach, you don't have to worry about the ports, because the services will run on different nodes according to their roles and only FE will be accessible from outside the cluster.

    If still need to handle this inside the same nodes, you can make use of the node type configuration "Application Start Port" & "Application End Port" that will handle the list of ports your service will be assigned to at started. So you would Hard-code your ports outside these lists, and let the BE services to use list from Application Ports, like you suggested on your 3rd option.

    Make sure that the Hard-Coded ports are configured on your load balancer, otherwise they won't be accessible from outside the cluster.