Today we’ll go over the system architecture that’s used in ~90% of the applications today. If you want a slightly deeper dive, please consider watching this short video that I made.

THE BASICS…

Let’s start with the basics. A typical architecture usually has a Client for the user interface (UI), a Server for the business logic, and a Database to store state.

This is an architecture we still see today, and it was predominant in the early days of the internet. However, it has a major flaw — it lacks mechanisms that improve security and availability.

Since there’s nothing in front of your web server to protect it, your web server is publicly visible and an easy target for all kinds of attacks, most notably distributed denial-of-service (DDoS) attacks.

Another major issue is the lack of availability. What happens, for example, if your single web server goes down? Your clients won’t be happy, and your business might be at risk.

Of course, whether the lack of availability mechanisms is an issue or not depends entirely on the type of application you have. If this is just a simple web app containing your CV, for example, then this is okay. If this is banking software or a medical system, it is not.

Security, on the other hand, should never be a compromise when your system is exposed to the internet. Yes, a hacked banking system is far more damaging than someone hacking your CV website, but even a personal attack can affect you, your finances, and your reputation.

Let’s now fix these issues.

MEET THE REVERSE PROXY

There’s one service that helps mitigate the flaws of the architecture described above. Some call it a reverse proxy, others a load balancer or gateway. And while they are not always the same thing, they usually solve overlapping problems.

That’s it. One service that will improve your security tremendously and help you reach higher availability. But wait a minute, we now have two web servers, instead of one. Yes, that’s because we do want to utilize the load balancing feature of our reverse proxy.

Now, unlike in the first example above, if and when your server goes down, for example Server A, all the traffic will be automatically redirected to Server B. And just like that your business will no longer suffer and thus you’ve improved your overall availability.

And now you have protection from attacks, load balancing, caching, and TLS/SSL termination—features that usually come built in with these services in the cloud.

Internet Routing

And finally, I’m going to spend just a short amount of time on internet routing and try to answer the question of how a request reaches your load balancer in the first place.

Many people think it’s all thanks to the Domain Name System (DNS), and while the DNS is extremely important part, there’s another protocol, without which the internet simply won’t work and that’s the Border Gateway Protocol which basically finds the best route for your request based on latency, cost, geographic location, and others.

What we call “the internet” is a network of many large networks connected together, called autonomous systems. An autonomous system (AS) is a large network—or a group of networks—operated under a single routing policy, and every device connected to the internet ultimately connects through one of these systems.

Each autonomous system uses BGP to announce which IP address ranges it is responsible for and which other autonomous systems it connects to. BGP routers collect this information from ASes around the world and build routing tables that determine how traffic should flow from one AS to another. When a packet arrives, a router consults its routing table to decide which AS the packet should be forwarded to next.

Because there are so many autonomous systems globally, BGP routers constantly update their routing tables. As networks go offline, new networks come online, or ASes change the IP ranges they advertise, these changes are propagated via BGP so routers can continuously adjust their routing decisions.

I simplified the diagram above, but if you’ve read this far, I hope you now have a better idea of what happens when you visit a website—or your own app—and how and why it all happens so fast. I’m definitely going to make a video and a blog post on BGP and how it works, and I’ll write about it here as well, so I’ll keep you posted.

Thank you for reading this.