forked from pivotal-cf/docs-ops-guide
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_pcf_sharding.html.md.erb
37 lines (34 loc) · 1.7 KB
/
_pcf_sharding.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
You can configure router sharding for isolation segments depending on your use case:
<table>
<tr>
<th style="width:33%">Use Case</th>
<th style="width:33%">Description</th>
<th>How to Configure</th>
</tr>
<tr>
<td>Securing apps that run in an isolation segment</td>
<td>To provide security guarantees in addition to the firewall rules described above, you can configure sharding of the Gorouter's routing table, resulting in a router dedicated for an isolation segment having knowledge only of routes for applications in the same isolation segment.</td>
<td>
<ol>
<li>
In the <b>Networking</b> configuration pane of the Pivotal Application Service (PAS) tile, select the checkbox labeled <b>Routers reject requests for Isolation Segments</b>.
</li>
<li>
Set the <b>Router Sharding Mode</b> in the isolation segment tile to <b>Isolation Segment Only</b>.
</li>
</ol>
</td>
</tr>
<tr>
<td>
Deploying additional routers for PAS</td>
<td>The flexibility of the configuration also supports deployment of a router that excludes all isolation segments.</td>
<td>
<ol>
<li>In the <b>Networking</b> configuration pane of the PAS tile, select the checkbox labeled <b>Routers reject requests for Isolation Segments</b>.</li>
<li>
Set the <b>Router Sharding Mode</b> in the isolation segment tile to <b>No isolation Segment</b>.</li>
</td>
</tr>
</table>
<p class="note"><strong>Note</strong>: For compute isolation only, you can leave the <b>Routers reject requests for isolation segments</b> checkbox unselected in the PAS <b>Networking</b> pane. This is the default setting, which does not require any additional routers for the Isolation Segment tile. </p>