Cloud Blog: Now run your custom code at the edge with the Application Load Balancers

Source URL: https://cloud.google.com/blog/products/networking/service-extensions-plugins-for-application-load-balancers/
Source: Cloud Blog
Title: Now run your custom code at the edge with the Application Load Balancers

Feedly Summary: Application Load Balancers are essential for reliable web application delivery on Google Cloud. But while Google Cloud’s load balancers offer extensive customization, some situations demand even greater programmability. 
We recently announced Service Extensions plugins for Application Load Balancers in Preview. Now you can run your own custom code directly in the request/response path in a fully managed Google environment with optimal latency, so you can customize load balancers to meet your business requirements. All you need to do is provide the code — Google Cloud manages the rest. If you want to manage the compute yourself for more heavyweight operations, you can look to Service Extensions callouts, which are currently GA for Application Load Balancers.
Service Extensions plugins supports the following use cases:

Header addition: Create new headers relevant for your applications or specific customers, or insert new headers for request and response.

Header manipulation: Rewrite existing request and response headers or override client headers on their way to the backend or while responding to a client.

Security: Write advanced security policies like custom token authentication based on client requests or response headers and make enforcement decisions within your plugin.

Custom logging: Log user-defined headers or custom data into Cloud Logging.

Exception handling: Redirect clients to a custom error page for certain response classes.

HTML Rewriting: Rewrite HTML from your origin for Google reCAPTCHA integration or Google Analytics tagging.

aside_block
), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectpath=/products?#networking’), (‘image’, None)])]>

Where you can run your code
Service Extensions run in the request and response path at the edge of Google’s globally distributed network. Service Extensions plugins are now available as part of the existing traffic extension for the global external Application Load Balancer. The traffic extension runs after Cloud CDN and Cloud Armor but before traffic reaches the backend. Cloud CDN support for Service Extensions will come in a future release. Additionally, Service Extensions plugins are supported on the cross-region internal load balancer as part of the route and traffic extensions.

Service Extensions plugins architecture
Service Extensions plugins are designed for lightweight compute operations that run as part of the Application Load Balancer request/response path. Plugins are built on WebAssembly (Wasm), which provides several benefits:

Near-native execution speed, and startup time in the single milliseconds

Support for a variety of programming languages, such as Rust and C++

Cross-platform portability, so you can run the same plugin in various deployments, or locally for testing

Security protections, such as executing plugin logic in a sandboxed environment

Service Extensions plugins leverage Proxy-Wasm, a Google-supported open source project that provides a standard API for Wasm modules to interface with network proxies.
To run Service Extensions plugins, we built a compute platform that is massively multi-tenant (like the load balancers) and yet flexible in scale. Plugins are fully-managed, and provide dynamic sharding and auto-scaling to meet traffic demands. This architecture allows for:

Scalability: We can scale out to many Wasm hosts on demand as traffic patterns fluctuate.

Low latency: There are no additional proxies between the load balancer and Wasm hosts; this proxyless serverless architecture allows for even more latency-optimal paths.

What’s next
To get started with Service Extensions plugins, take a look at our growing samples repository with a local testing toolkit and follow our quickstart guide in the documentation.

AI Summary and Description: Yes

Summary: The text outlines the introduction of Service Extensions plugins for Google Cloud’s Application Load Balancers, which enable enhanced programmability and customization for handling web application requests and responses. This development is particularly relevant for security and infrastructure professionals, as it emphasizes advanced capabilities such as custom security policies and logging within a managed cloud environment.

Detailed Description:
The Service Extensions plugins for Google Cloud’s Application Load Balancers provide a new level of customization and programmability to enhance web application delivery. These plugins allow users to execute custom code directly in the request/response path, thereby addressing specific business requirements effectively. Here are the key features and implications of this functionality:

– **Programmability and Custom Code Execution:**
– Users can run their own code in a fully managed environment, benefitting from optimal latency.
– The platform supports a range of programming languages, including Rust and C++, through a WebAssembly (Wasm) architecture.

– **Use Cases for Service Extensions plugins:**
– **Header Addition:** Create and manipulate headers tailored to applications or specific customers.
– **Header Manipulation:** Rewrite or override request/response headers dynamically.
– **Security Policies:** Implement custom authentication mechanisms based on client requests and response headers—critical for enhancing application security.
– **Custom Logging:** Log user-defined headers and data, integrating seamlessly with Cloud Logging.
– **Exception Handling:** Redirect clients to customized error pages based on specific conditions.
– **HTML Rewriting:** Modify HTML content from the origin for improved analytics and integrations.

– **Architecture Benefits:**
– The plugins are built on a massively multi-tenant architecture, enabling robust scalability and low latency due to a proxyless serverless model.
– They provide near-native execution speeds with minimal startup times, which is advantageous for high-traffic applications.
– The sandboxed execution environment offers security protections, ensuring that the custom logic runs in a controlled manner without impacting overall system stability.

– **Deployment and Scaling:**
– The compute platform can intelligently scale according to traffic demands, which allows for efficient resource utilization.
– Dynamic sharding enables flexible management of compute resources, accommodating fluctuating traffic patterns seamlessly.

This development is crucial for security and infrastructure professionals as it offers them enhanced tools for both managing security policies and optimizing application performance in a rapidly evolving cloud landscape. The introduction of these plugins aligns with best practices for modern infrastructures, providing greater control and flexibility in response handling.