Sketech #2 Routes, Tokens and Services: A Visual Journey
Breaking Down Software Concepts, One Sketech at a Time.
New edition of Sketech – Visual Thinking for Software Engineers.
This week’s visuals: How JWT Works, DNS Routing Explained and Understanding Kubernetes Service Types. Let's get started!
How JWT Works
A quick breakdown of the key components and how JWTs secure data transmission.
What is JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information as a JSON object. It consists of three parts: Header, Payload, and Signature.
Components of JWT
Header: Contains metadata about the token, typically the type and the signing algorithm.
{
"alg": "HS256",
"typ": "JWT"
}
Payload (Claims): Holds the actual data, which can include registered claims (like
iss
,exp
,sub
), public claims, or private claims.
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
Signature: Ensures the integrity of the token. It's created by encoding the header and payload, then signing with a secret key.
How JWT Works
Token Creation: The server generates a JWT when the user logs in.
Token Transmission: The JWT is sent to the client (e.g., a browser).
Token Usage: For subsequent requests, the client sends the JWT, which the server verifies before granting access.
Advantages of JWT
Stateless. No server-side storage needed for sessions.
Scalability. Ideal for distributed systems and microservices.
Flexibility. Can be used across various domains.
Security Considerations
Signing vs Encryption. JWTs are signed, not encrypted. Use JWE (JSON Web Encryption) for full end-to-end encryption.
Token Expiry. Always set an expiration time to limit token lifespan.
Secure Transmission. Always use HTTPS to prevent interception.
Implementing JWT
Backend: Use libraries like jsonwebtoken
for Node.js or PyJWT
for Python.
Frontend: Store tokens in HTTP-only cookies or local storage (with caution).
Check out the post on LinkedIn
DNS Routing Explained
Discover the key DNS routing methods that keep web traffic flowing efficiently. Here’s how each approach works:
Simple Routing
Directs all traffic to a single endpoint. Ideal for straightforward setups without the need for load balancing or redundancy.Best for: Small-scale applications with predictable traffic.
Failover
Ensures reliability by routing traffic to a primary server, automatically switching to a secondary server if the primary fails.Key feature: Automatic failover for high availability.
Geolocation Routing
Connects users to the nearest endpoint based on their physical location, reducing latency and enhancing user experience.Benefit: Fast, localized responses by routing to the closest server.
Latency-Based Routing
Chooses the server with the lowest latency relative to the user's location, optimizing response times for global users.Why use it: Maximizes speed by selecting the fastest server.
Multivalue Answer
Provides multiple IP addresses in response to a query, offering redundancy and fault tolerance. This method is a lightweight alternative to traditional load balancing.Advantages: Increased reliability without complex load balancers.
Weighted Routing
Distributes traffic across multiple endpoints according to assigned weights, allowing for proportional allocation based on server capacity or specific requirements.Use case: Fine-tune traffic distribution to optimize server performance.
Join the conversation on LinkedIn to explore the full post!
Understanding Kubernetes Service Types
Kubernetes offers powerful tools to manage traffic within and outside the cluster. Let's break down the key service types.
1. ClusterIP
The default service type.
Assigns an internal IP address accessible only within the cluster.
Best for internal communication between pods.
No external access.
2. NodePort
Exposes the service on each node's IP.
Accessible externally via
<NodeIP>:<NodePort>
.Direct mapping to the node’s port—simpler but less secure.
3. LoadBalancer
Integrates with cloud provider load balancers.
Automatically distributes external traffic across pods.
Ideal for auto-scaling and ensuring high availability.
4. ExternalName
Maps services to external DNS names.
Routes traffic outside the cluster.
Doesn’t manage internal Kubernetes traffic.
→ By understanding these service types, you can optimize your Kubernetes deployments for any environment, from internal-only communications to scaling across multiple pods.
Take a look at the post on LinkedIn
That’s all for this week. Thanks for reading and making it to the end. I’ll be back next time with more valuable insights. See you in the next edition!
Nina