Service-Gateway Access for RabbitMQ for Tanzu Application Service

Service-gateway access enables a VMware Tanzu RabbitMQ for Tanzu Application Service on-demand service instance to connect to external components that are not on the same foundation as the service instance. These components could be on another foundation or hosted outside of the foundation.

For related procedures, see:

Note Service-gateway access is no longer in the beta stage. It works with Advanced Message Queuing Protocol (AMQP), MQ Telemetry Transport (MQTT), Simple (or Streaming) Text Orientated Messaging Protocol (STOMP), STOMP over a WebSocket connection (Web STOMP), and AMQP 1.0.

Overview

There are multiple use cases for service-gateway access. For example:

Accessing RabbitMQ from apps deployed to VMware Tanzu Application Service for VMs (TAS for VMs) in a different foundation
Replicating messages between RabbitMQ clusters in different foundations, for example, to set up federation for disaster recovery
Enabling apps running outside the foundation to communicate, through RabbitMQ, with TAS for VMs-deployed apps
Using RabbitMQ as a service for apps that are not deployed to TAS for VMs

Architecture

Service-gateway access to Tanzu RabbitMQ for Tanzu Application Service instances leverages the TCP router in TAS for VMs.

Any RabbitMQ requests that an app makes are forwarded through DNS to a load balancer that can route traffic from outside to inside the foundation. This load balancer opens a range of ports that are reserved for RabbitMQ traffic. When an app developer creates a service instance on a plan with service-gateway access enabled, a port from the range is provisioned for that service instance. The load balancer then forwards the requests for this Tanzu RabbitMQ for Tanzu Application Service service instance to the TCP router. The TCP router internally load balances between the Tanzu RabbitMQ for Tanzu Application Service service instance nodes.

The following diagram shows how the traffic is routed from apps to the RabbitMQ nodes in this case. All apps using this Tanzu RabbitMQ for Tanzu Application Service service instance follow the same route, irrespective of whether they are hosted on the foundation or are hosted outside of the foundation.

Diagram showing an app that is external to the foundation sending traffic to the external load balancer.
The load balancer sends the traffic to a RabbitMQ tile port in the TCP router.
The TCP router is inside the foundation.
The TCP router balances the load among the RabbitMQ nodes in the RabbitMQ service instance.

In the diagram, the TAS for VMs Tile Ports are a range of ports to facilitate TCP traffic to apps in TAS for VMs. The RabbitMQ Tile Ports are a range of ports used by RabbitMQ service instances.