Failure mode options

The route table failure modes specify how a route table handles misconfigured routes. You can choose between 2 failure mode options. Only one failure mode can be set for a route table at any given time. However, you can have route tables that use different failure modes within the same cluster.

Route replacement

Route replacement (ROUTE_REPLACEMENT) is the default failure mode for handling misconfigured routes in a route table. If you attempt to apply incorrect configuration to a route, the configuration is not applied in the cluster. Instead, the misconfigured route is replaced with a 500 HTTP direct response until the error is resolved. Other, correctly configured routes in the route table continue to route as configured and the route table continues to accept updates to the configuration.

The following diagram shows 3 routes (A, B, and C). Route A is misconfigured, and routes B and C are correctly configured. Because misconfigured routes are automatically replaced with a 500 HTTP direct response, any request to route A results in a 500 HTTP response code. Requests to B and C succeed. The route table continues to accept configuration changes for correctly configured routes, and replaces misconfigured routes with a 500 response until the error is resolved.

Figure: Response and update behavior for route replacement configurations

Example route table configuration that explicitly sets the ROUTE_REPLACEMENT failure mode. Note that because route replacement is the default failure mode for a route table, you can omit this setting.

  apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
  name: example-rt
  namespace: app-namespace
spec:
  hosts:
    - 'example.com'
  failureMode: ROUTE_REPLACEMENT
  ...
  

Freeze configuration

If you want to ensure that your route tables continue to serve traffic for all routes, even if a route is misconfigured, you can change the route table failure mode to FREEZE_CONFIG.

If you attempt to apply incorrect configuration to a route in a route table that is configured to freeze configuration, the configuration is applied to the Gloo route table resource, but the changes are not translated to the underlying Istio routing resources and do not affect routing behavior. In this way, the routes continue to serve the last accepted configuration. Other, correctly configured routes in the route table also continue to serve the last accepted configuration. Updates to both the incorrectly and correctly configured routes are ignored until you resolve the error in the Gloo route table resource.

Keep in mind that if you change the failure mode from ROUTE_REPLACEMENT to FREEZE_CONFIG while a route is in a misconfigured state, any replaced routes maintain their 500 HTTP direct response as that is their behavior in the last accepted configuration.

The following diagram shows 3 routes (A, B, and C). Route A is misconfigured, and route B and C are correctly configured. Because one misconfigured route freezes the configuration for all routes in the route table, requests to all routes continue to return a 200 HTTP response code as they all continue to serve the configuration that was last accepted. However, the route table does not accept configuration changes for correctly and incorrectly configured routes until the error is resolved.

Figure: Response and update behavior for freeze config route tables

Example route table configuration that sets the FREEZE_CONFIG failure mode.

  apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
  name: example-rt
  namespace: app-namespace
spec:
  hosts:
    - 'example.com'
  failureMode: FREEZE_CONFIG
  ...
  

Considerations for route delegation

If you use route delegation, the failure mode that is set on the parent route table is automatically applied to all routes in all child route tables. Failure mode settings on a child route table are not supported.

Note that if you set the failure mode to FREEZE_CONFIG on the parent route table and you misconfigure a route within the delegation chain (parent, child, or grandchild route table), all route tables in the delegation chain freeze their configuration and do not accept configuration updates until the error is resolved.

The following diagram shows a parent and a child route table that each define 3 routes (A, B, and C). The failure mode on the parent route table is set to FREEZE_CONFIG. When using route delegation, the failure mode on the parent route table is automatically applied to all child route tables.

Route A in the parent route table is misconfigured. All other routes in the parent and child route tables are correctly configured. Because the failure mode for all routes is set to FREEZE_CONFIG, all route tables in the delegation chain freeze their configuration and serve the configuration that was last accepted. None of the route tables in the delegation chain accept updates to a route until the error in route A is resolved.

Figure: Response and update behavior in delegated routes