forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
_networking-cloudform.html.md.erb
62 lines (49 loc) · 3.64 KB
/
_networking-cloudform.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
1. Select **Networking**.
1. Leave the **Router IPs**, **SSH Proxy IPs**, **HAProxy IPs**, and
**TCP Router IPs** fields blank. You do not need to complete these fields
when deploying PCF to AWS with Elastic Load Balancers (ELBs).
<p class="note"><strong>Note</strong>: You specify load balancers in the
<strong>Resource Config</strong> section of Elastic Runtime later in the
installation process. See the <a href="#config-elb">Configure Router to Elastic Load Balancer</a>
section of this topic for more information.</p>
1. <%= partial 'haproxy_router_cert_config' %>
1. <%= partial 'min_tls_version' %>
1. <%= partial 'tls_cipher_suites_router' %>
1. <%= partial 'tls_cipher_suites_haproxy' %>
1. <%= partial 'haproxy_router_tls_forward' %>
1. <%= partial 'ssl_verification' %>
1. <%= partial 'http_disable' %>
1. <%= partial 'insecure_cookies' %>
1. <%= partial 'zipkin_enable' %>
1. By default, the Elastic Runtime routers handle traffic for applications deployed to an isolation segment created by the PCF Isolation Segment tile. To configure the Elastic Runtime routers to reject requests for applications within isolation segments, select the **Routers reject requests for Isolation Segments** checkbox.
<%= image_tag 'isolate-network.png' %>
Do not enable this option without deploying routers for each isolation segment. See the following topics for more information:
* [Installing PCF Isolation Segment](../customizing/installing-pcf-is.html)
* [Sharding Routers for Isolation Segments](../adminguide/routing-is.html#sharding-routers-isolation-segment)
1. <%= partial 'xforwarded_client_cert_xfcc' %>
1. <%= partial 'route_services' %>
1. <%= partial 'max_connections_backend' %>
1. Enter a value for **Router Max Idle Keepalive Connections**. See [Considerations for Configuring max\_idle\_connections](../adminguide/routing-keepalive.html#considerations).
<%= image_tag 'images/keepalive.png' %>
1. <%= partial 'router_timeout_backend' %>
1. <%= partial 'frontend_idle_timeout' %>
1. <%= partial 'lb_unhealthy_threshold' %>
1. <%= partial 'lb_healthy_threshold' %>
<%= image_tag 'images/router_lb_thresholds.png' %>
1. <%= partial 'http_headers_to_log' %>
![Http Headers to Log](images/headers_to_log.png)
1. <%= partial 'haproxy_request_max_buffer' %>
1. <%= partial 'protected_domains' %>
1. <%= partial 'app_mtu' %>
1. For Loggregator Port, you must enter `4443`. In AWS deployments, port 4443 forwards SSL traffic that supports WebSockets from the ELB. Do not use the default port of `443`.
1. <%= partial 'c2c-overlay' %>
1. <%= partial 'c2c-vxlan' %>
1. <%= partial 'log-app-traffic-enable' %>
1. TCP Routing is disabled by default. To enable this feature, perform the following steps:
1. Select **Enable TCP Routing**.
1. In **TCP Routing Ports**, enter a range of ports to be allocated for TCP Routes. If you [configured AWS for PCF manually](./pcf-aws-manual-config.html), enter `1024-1123`, which corresponds to the rules you created for `pcf-tcp-elb`. <br/>
Configuration of this field is only applied on the first deploy, and update updates to the port range are made using the cf CLI. For details about modifying the port range, see the [Router Groups](../adminguide/enabling-tcp-routing.html#router-groups) topic.
<%= image_tag 'images/ert_tcp_routing_enable.png' %>
1. For AWS, you also need to specify the name of a TCP ELB in the **LOAD BALANCER** column of TCP Router job of the <b>Resource Config</b> screen. You configure this later on in Elastic Runtime. For more information, see the <a href="#config-elb">Configure Router to Elastic Load Balancer</a> topic.</p>
1. <%= partial 'tcp_routing_disable' %>
1. Click **Save**.