Service Extensions enables the users of Google Cloud edge applications, such as Media CDN and Cloud Load Balancing, to provide programmability and extensibility at the edge and on load balancing data paths. This page provides a high-level overview about Service Extensions.
Types of Service Extensions extensions
The data path in edge networking products such as Media CDN and Cloud Load Balancing can be visualized as a pipeline of data processing stages. Service Extensions lets you inject custom logic into one or more of these stages.
Service Extensions offers two types of extensions:
Plugin extensions: extensions that let you insert custom code inline in the networking data path. You build these plugins by using WebAssembly (Wasm) and Proxy-Wasm ABI. Plugin extensions run as Wasm modules on a Google-managed sandbox infrastructure similar to a serverless infrastructure.
Media CDN supports plugin extensions.
Callout extensions: extensions that let you use Cloud Load Balancing to make gRPC calls to user-managed services during data processing. You write callout extensions against Envoy's external processing gRPC API. Callout extensions run as general-purpose gRPC servers on user-managed compute VMs and Google Kubernetes Engine Pods on Google Cloud, multicloud, or on-premises environments.
Cloud Load Balancing Application Load Balancers support callout extensions.
Media CDN extensions
Media CDN provides many built-in core capabilities to address the most common use cases for content delivery networks (CDNs). You might have requirements beyond these capabilities. For example, you might need to normalize headers to improve caching, use a custom URL signing algorithm, or port legacy behavior from an existing CDN to Media CDN. Service Extensions helps you add custom code in request and response processing paths by using plugin extensions.
As Figure 1 shows, with Service Extensions, you can use plugin extensions to place custom code that implements specific actions at the edge, in front of the cache in the Media CDN processing path.
You run plugin extensions after route matching and security but before caching policies.
Plugin extensions run on Google-managed compute. They have restricted capability and have strict runtime requirements. They run close to the data plane, and latency optimization is managed.
Plugin extensions are intended for lightweight compute use cases. They can access and manipulate HTTP request and response headers and then serve synthetic responses. Plugin extensions can also perform additional actions such as HTTP redirects and URL rewrites.
Some key use cases where you can use plugin extensions with Media CDN follow:
- Rewrite request URLs.
- Normalize header values to improve cache performance.
Security and logging
- During live events, block users with pirated tokens.
- Support custom user authentication and authorization.
- Translate and implement custom URL signing.
- Customize cache keys, application-specific headers, or device types.
- Log custom variables to Cloud Logging.
Targeting and monetization
- Improve conversions through A-B testing.
- Implement custom ad targeting.
- Offer trial usage models at no extra charge.
- Implement video watermarking.
- Optimize videos and images.
For more information, see Media CDN extensions overview.
To request access to Media CDN plugins, contact your Google Cloud sales representative or your account team.
Application Load Balancer extensions
Service Extensions lets supported Application Load Balancers send a callout from the data processing path to extension backend services managed by the user. This helps Application Load Balancers use custom logic in the processing path. Figure 2 shows this flow.
Callout extensions run on user-managed compute. They have no runtime restrictions and can reuse existing software, as required. With callout extensions, you can get the benefits of fully managed Application Load Balancers that are also customizable to meet the unique needs of specific workloads. You need only to ensure the scalability and availability of your callouts.
Callouts require careful attention to latency overhead management in terms of the round trip between the data plane and the callout server. See Recommended optimizations for callouts.
Use callout extensions for the following:
- When the amount of compute or storage is arbitrary
- When you want to maintain state
- When you want to use external services, such as BigQuery or third-party applications hosted anywhere
Callout extensions are highly flexible and support a variety of customizations. Some examples of everyday use cases follow:
Custom routing and traffic management
- Perform HTTP or URL redirects.
- Modify request attributes, such as headers or URLs, based on application-specific logic to force the URL map to choose a different backend service than originally targeted by the request.
- Add, remove, or modify headers or rewrite URLs based on complex application-specific logic before forwarding traffic to the backend service.
- Implement custom session affinity or stickiness based on the specific attributes of a request.
Security and logging
- Log custom information from payloads or custom headers to Logging or a custom-made logging solution.
- Using security tools or services, including custom user authentication and authorization support.
- Validate arbitrary headers and query parameters such as device IDs.
- Log requests and responses to third-party logging solutions.
- Implement custom user authentication and authorization.
- Integrate security products, such as API Gateway security, BOT management, or Web Application Firewall (WAF).
For more information, see Cloud Load Balancing extensions overview.