HTTP Router: On-Call Survival Guide

This guide helps EOC (engineer-on-call) respond to incidents related to HTTP Router.

What is HTTP Router

HTTP Router is the entry point for all HTTP requests under gitlab.com/*. It sits between Cloudflare’s edge network and GitLab’s backend infrastructure, determining which Cell should handle each incoming request. Currently, by default it proxies requests to our legacy cell.

HTTP Router is built on Cloudflare Workers and deployed via http-router-deployer. It enables the Cells architecture by presenting all Cells under a single gitlab.com domain.

Design Documentation: HTTP Routing Service Architecture

What HTTP Router Does

• Routes requests to the correct Cell based on path, headers, or cached classification.
  • Currently, it proxies most requests to our legacy cell. This will change once path-based routing is enabled.
• Queries Topology Service to identify which cell to proxy requests to (classify).

What HTTP Router Does NOT Do

• Does not buffer request bodies (memory-constrained)
• Does not handle Git SSH traffic (separate SSH routing)
• Does not perform authentication or authorization (it may extract routing keys from tokens, but validation happens in the backend GitLab application)
• Does not make routing classification decisions itself (core classification logic lives in Topology Service)

How HTTP Router Communicates with Topology Service

HTTP Router authenticates to Topology Service using Cloudflare Zero Trust Service Tokens. These tokens are:

• Injected via Worker environment variables
• Automatically rotated using a dual-token strategy (Token A rotates 90 days before expiry, Token B rotates 180 days before expiry) to ensure zero downtime
• Managed through config-mgmt

If there is an issue with service token authentication, you will see high error rates from the Classify service as a symptom. In this case:

1. Check Sentry for authentication-related exceptions
2. Check Topology Service metrics for incoming request failures
3. Review Cloudflare Access Audit Logs for blocked requests

For more details, see security.md.

Critical Information

Metric	Value
Traffic Volume	~40k+ requests/second
Deployment	Cloudflare Workers (edge)
Dependencies	Topology Service, Worker Environment Variables

Quick Links

Resource	Link
Repository	gitlab-org/cells/http-router
Deployer	http-router-deployer
Pipelines	Deployment Pipelines
Grafana	HTTP Router Overview
Sentry	http-router
Alerts	HTTP Router Alerts

Escalation

• Slack: #g_cells_infrastructure
• Team: Cells Infrastructure (Tenant Scale)

Troubleshooting Steps

1. Check Sentry for Exceptions

Sentry Project captures all exceptions across environments (gprd, gstg).

2. Check Cloudflare Worker Logs

Environment	Live Logs	Historical Logs
Production	Live	Historical
Staging	Live	Historical

For detailed logging, see logging.md.

3. Check Cloudflare Metrics

If Grafana shows missing metrics, check Cloudflare Dashboard directly.

See missing-metrics.md for troubleshooting.

4. Check Recent Deployments

Review successful deployment pipelines to identify if a recent change caused the issue.

Identifying the Currently Deployed Version

flowchart TD
    A[Find latest successful pipeline on main] --> B{Was rollback job triggered?}
    B -->|No| C[Current version = latest pipeline commit]
    B -->|Yes| D[Current version = previous pipeline commit]
    D --> E[Revert the MR that caused the rollback]

Steps:

1. Go to Deployment Pipelines
2. Find the latest successful pipeline
3. Check if the rollback job was triggered on that pipeline
   • If no rollback: the commit from this pipeline is what’s currently deployed
   • If rollback was triggered: the commit from the previous pipeline is what’s deployed, and you should revert the MR that caused the rollback

Note

While immediate rollback via the UI is acceptable during incidents, always follow up by reverting the problematic MR to keep the main branch aligned with production.

5. Check Topology Service Health

HTTP Router depends on Topology Service for request classification. If TS is unhealthy, you’ll see classify failures in HTTP Router.

• Grafana: Topology Service (REST) Dashboard
• Quick check: Are there an increase in 404s across gitlab.com ? If yes, start with TS troubleshooting.

For detailed TS troubleshooting, see the Topology Service Runbook.

Common Failure Modes

Symptom	Likely Cause	Action
502 on large uploads	ReadableStream.tee() buffer limit exceeded	Check Sentry; review recent MRs for body handling changes
Intermittent 502s	Worker memory limits	Check Cloudflare logs for buffer/memory errors
High latency	CPU time exceeded	Check CPU metrics in Cloudflare dashboard
Missing Grafana metrics	Cloudflare processing delay	Verify via GraphQL API (missing-metrics.md)
High error rate on classify requests	Topology Service connectivity or auth issues	Check Sentry for auth exceptions; check Topology Service health

Note

There is a known issue on increased error rate caused by /api/v4/jobs/request endpoint, the team is working on updating our observability stack to fix the errors coming from here. This will change post https://gitlab.com/gitlab-com/gl-infra/tenant-scale/cells-infrastructure/team/-/work_items/632 is closed.

Rollback Procedures

Quick Rollback

1. Go to Deployment Pipelines
2. Find the last known good deployment
3. Run the rollback job

Details: Rollback Documentation

Emergency: Disable HTTP Router

Important

Assess the impact before disabling.

With HTTP Router disabled, all requests fall back directly to the Legacy Cell (current gitlab.com installation). This is acceptable when no production Cells exist. Once production Cells are active, disabling HTTP Router means:

• Users/groups on the Legacy Cell: No impact
• Users/groups on production Cells: Will receive 404 errors (requests won’t be routed to their Cell)

Evaluate whether the incident impact is worse than the impact of disabling routing to production Cells.

Use only if HTTP Router is causing critical issues and must be bypassed entirely:

1. Remove or disable routes in cloudflare-workers.tf
2. Create MR, get approval, apply with atlantis apply

Details: disable-http-router.md

Deployment Flow

HTTP Router deploys separately from GitLab application:

1. Changes merged to http-router
2. The project on gitlab.com is mirrored to http-router-deployer on ops.gitlab.net which runs the deployment pipeline.
3. Progression: staging → production

To read more in detail about deployment, see: https://gitlab.com/gitlab-org/cells/http-router/-/blob/main/docs/deployment.md?ref_type=heads

References

• HTTP Routing Service Design Doc
• Cells Architecture
• Cloudflare Workers Docs
• Worker Logs Docs
• HTTP Router Security