fix(pgw): review docs (scaleway#3943)

RoRoJ · Laure-di · commit 15649773a824 · 2025-02-27T11:14:31.000+01:00
diff --git a/network/load-balancer/reference-content/acls.mdx b/network/load-balancer/reference-content/acls.mdx
@@ -7,7 +7,7 @@ content:
   paragraph: Learn more about Access Control Lists (ACLs) for your Load Balancer
 tags: load-balancer, acl, acls, access-control-list, access, control, HTTP-header, filter, allow, reject, redirect, HTTPS, redirection, HTTP
 dates:
-  validation: 2024-04-29
+  validation: 2024-11-05
 categories: 
   - load-balancer
   - network
@@ -29,11 +29,11 @@ Each ACL in the list has a number to show its  **priority**. All traffic arrivin
 
 Each ACL has an **action**: `Allow`, `Deny` or `Redirect`, which it applies **conditionally** or **unconditionally**. A conditional ACL only applies its action to traffic it encounters which matches the configured condition. An unconditional ACL applies its action to all traffic it encounters. For more information on conditions, see [the next section of this document](/#what-conditions-can-be-set-for-acls).
 
-Once an ACL applies its action - either because it is unconditional or because the traffic matched the condition - that action is carried out immediately. That is to say, the traffic is allowed to pass to the backend, or definitively denied access to the backend, or redirected. **That traffic is not filtered by any ACLs further down the list of priority**. It is therefore important to construct a list of ACLs carefully, placing conditional ACLs before unconditional ones in the list of priority and constructing conditions with attention.
+Once an ACL applies its action - either because it is unconditional or because the traffic matched the condition - that action is carried out immediately. That is to say, the traffic is allowed to pass to the backend, or definitively denied access to the backend, or redirected. **That traffic is not filtered by any ACLs further down the list of priority**. It is therefore important to construct a list of ACLs carefully, placing conditional ACLs before unconditional ones in the list of priority, and constructing conditions with attention.
 
 Note that constructing an ACL with a conditional `Allow` action does not mean that same ACL will therefore carry out a `Deny` action on traffic which does not meet its conditions. **The unmatched traffic will simply pass to the next ACL in the list**.
 
-If traffic reaches the end of the list of ACLs without any actions being applied to it, it is allowed to pass to the backend. If you want to avoid this, create an unconditional `Deny`  ACL and place it at the end of your list of conditional `Allow` ACLs.
+If traffic reaches the end of the list of ACLs without any actions being applied to it, it is allowed to pass to the backend. If you want to avoid this, create an unconditional `Deny` ACL and place it at the end of your list of conditional `Allow` ACLs.
 
 ## What conditions can be set for ACLs?
 
diff --git a/network/load-balancer/reference-content/http2-http3.mdx b/network/load-balancer/reference-content/http2-http3.mdx
@@ -7,7 +7,7 @@ content:
   paragraph: Learn how to set up your Load Balancer for HTTP/2 or HTTP/3
 tags: load-balancer http-2 http-3 http2 http3 protocol frontend backend
 dates:
-  validation: 2024-04-29
+  validation: 2024-11-05
 categories: 
   - load-balancer
   - network
diff --git a/network/load-balancer/reference-content/kubernetes-load-balancer.mdx b/network/load-balancer/reference-content/kubernetes-load-balancer.mdx
@@ -7,7 +7,7 @@ content:
   paragraph: Learn how to create and configure a Load Balancer for your Kubernetes Kapsule
 tags: load-balancer kubernetes kapsule loadbalancer service managed-kubernetes
 dates:
-  validation: 2024-04-29
+  validation: 2024-11-05
 categories: 
   - load-balancer
   - network
diff --git a/network/load-balancer/reference-content/sni-route-deprecation.mdx b/network/load-balancer/reference-content/sni-route-deprecation.mdx
@@ -13,31 +13,19 @@ categories:
   - network
 ---
 
-## What is being deprecated
+This page documents the deprecation of SNI routes with HTTP backends on Scaleway Load Balancers
 
-We are removing the ability to create SNI based [routes](/network/load-balancer/how-to/create-manage-routes/) to HTTP backends in Scaleway Load Balancer:
+We removed the ability to create SNI based [routes](/network/load-balancer/how-to/create-manage-routes/) to HTTP backends in Scaleway Load Balancer. This feature was deprecated on March 1st 2023, and removed on June 1st 2023.
 
 - SNI routes are still available and supported for TCP backends.
-- For HTTP backends, SNI routes are replaced with the new **HTTP Host header**-based routes.
+- SNI routes with HTTP backends are no longer be available.
+- SNI routes to an HTTP backend were automatically converted to new **HTTP Host header**-based routes.
 
-## Deprecation planning
-
-SNI routes with HTTP backends are **deprecated** from March 1st 2023. This means:
-
-- The feature will no longer be available via the Scaleway console: it will be impossible to create an SNI route to an HTTP backend.
-- The feature will still be available via the Scaleway API, CLI and Terraform interfaces. This is to avoid breaking changes with configuration automation tools.
-- The feature is still supported.
-
-SNI routes with HTTP backends are **removed** on June 1st 2023. This means:
-
-- The feature will no longer be available via the Scaleway console, nor from the API, CLI or Terraform interfaces.
-- Any existing and remaining SNI routes to an HTTP backend will be automatically converted to HTTP Host header routes.
-
-## Why are we deprecating this feature?
+## Why did we deprecate this feature?
 
 SNI routes were originally introduced to enable routing with TCP backends when connections were encrypted with TLS. This enabled the forwarding of traffic to different backend server pools based on the "host" the client wanted to connect to.
 
-Since HTTPS relies on TLS, this feature also worked with HTTP backends, providing the SNI closely matched the HTTP Host header value. The problem came when clients started establishing long-living connections and connection reuse, which frequently happened with newer HTTP versions such as HTTP/2. SNI is only sent when initiating the TCP connection to the host (in our case, the Load Balancer). This is the moment when we identify the backend we need to forward the traffic to. As long as the TCP connection to the Load Balancer remains open, the SNI is not sent again and all subsequent requests will then follow the route that was established when the connection was initiated. 
+Since HTTPS relies on TLS, this feature also worked with HTTP backends, providing the SNI closely matched the HTTP Host header value. But with newer HTTP versions such as HTTP/2, clients started establishing long-living connections and connection reuse, which frequently happened with newer HTTP versions such as HTTP/2. SNI is only sent when initiating the TCP connection to the host (in our case, the Load Balancer). This is the moment when we identify the backend we need to forward the traffic to. As long as the TCP connection to the Load Balancer remains open, the SNI is not sent again and all subsequent requests will then follow the route that was established when the connection was initiated. 
 
 While this proves to be efficient since it avoids all the overhead related to TCP and TLS handshakes, it can be a problem when a client reuses the connection to send requests to a different host resolving to the same IP address. With the Load Balancer being a reverse proxy, this happens frequently. In such cases, the SNI (for the new host) is not sent again since the connection to the Load Balancer is already established, and the request gets forwarded to the original host based on the original SNI. This results in a request which arrives at a backend server that doesn't know how to process it.
 
@@ -55,30 +43,13 @@ See the console screenshots below as examples:
 
 <Lightbox src="scaleway-http-route.webp" alt="" />
 
-## What is the impact?
+## What was the impact?
 
-We do not expect this change to have an impact on your applications or services using Scaleway Load Balancer, since HTTP Host header routes will provide more accurate routing than SNI with HTTP backends.
-
-## Migration
-
-You can expect the following in terms of migration:
-
-### Before June 1st 2023
-  - No change to your Load Balancers and how they work, if you do not interact with them or change their configuration
-  - If you are creating new routes from the Scaleway console, you will not be able to create SNI routes with HTTP backend
-  - If you are editing a pre-existing SNI route to an HTTP backend from the console, the console will automatically convert it to an HTTP Host header route. You will not be able to change it back to an SNI route any more.
-  - If you are creating or editing routes from the API, the CLI or the Terraform interface, you will still be able to create SNI routes to HTTP backends along with HTTP host header routes. There will not be any breaking change
-
-### From June 1st 2023
-  - Scaleway will automatically convert all SNI routes to HTTP backends into HTTP Host header routes to these backends, with the same value for the HTTP Host header as the SNI. This will be applied to your Load Balancer the next time you interact with its configuration.
-  - You will not see any SNI routes on HTTP backends in the Scaleway console anymore. All such routes will be converted automatically on June 1st.
-  - You will only be able to create HTTP Host header routes (not SNI) to HTTP backends in the console.
-  - You will only be able to create HTTP Host header routes (not SNI) to HTTP backends via the API, the CLI or the Terraform interface.
-  - If your configuration automation system uses the API, the CLI or the Terraform provider to send configurations containing SNI routes to HTTP backends, it will receive an error from the Load Balancer and the configuration will not be applied.
+There was no impact on your applications or services using Scaleway Load Balancer, since HTTP Host header routes provided more accurate routing than SNI with HTTP backends.
 
 ## Sample configurations
 
-Find below some sample configurations for HTTP Host header routes to HTTP backends. These should be used as a replacement for any old old SNI routes:
+Find below some sample configurations for HTTP Host header routes to HTTP backends. These can be used to guide you in creating HTTP Host header routes if you were previously used to SNI routes:
 
 <Tabs id="sample-route-config">
   <TabsTab label="API">
@@ -144,7 +115,7 @@ Find below some sample configurations for HTTP Host header routes to HTTP backen
       scw lb route create frontend-id=<your-frontend-id> backend-id=<your-http-backend-id> match.sni="www.company.com" zone=<your-lb-zone>
       ```
 
-      ...you should now replace that command with the following one:
+      ...you should replace that command with the following one:
 
       ```bash
       scw lb route create frontend-id=<your-frontend-id> backend-id=<your-http-backend-id> match.host-header="www.company.com" zone=<your-lb-zone>
@@ -158,7 +129,7 @@ Find below some sample configurations for HTTP Host header routes to HTTP backen
       scw lb route update route-id=<your-route-id> match.sni="www.company.com" zone=<your-lb-zone>
       ```
 
-      ...you should now replace that command with the following one:
+      ...you should replace that command with the following one:
 
       ```bash
       scw lb route update route-id=<your-route-id> match.host-header="www.company.com" zone=<your-lb-zone>
@@ -176,7 +147,7 @@ Find below some sample configurations for HTTP Host header routes to HTTP backen
         }
         ```
 
-      ...you should now declare your resource in the following way:
+      ...you should declare your resource in the following way:
 
       ```bash
       resource "scaleway_lb_route" "rt01" {
@@ -186,8 +157,4 @@ Find below some sample configurations for HTTP Host header routes to HTTP backen
       }
       ```
   </TabsTab>
-</Tabs>
-
-<Message type="tip">
-If you experience any problems, do not hesitate to [open a support ticket](/console/account/how-to/open-a-support-ticket/) or speak to us on the `#load-balancer` channel of our [Slack Community](/tutorials/scaleway-slack-community/).
-</Message>
+</Tabs>
diff --git a/network/load-balancer/reference-content/ssl-bridging-offloading-passthrough.mdx b/network/load-balancer/reference-content/ssl-bridging-offloading-passthrough.mdx
@@ -7,7 +7,7 @@ content:
   paragraph: Learn how to configure your Load Balancer for SSL bridging, offloading or passthrough
 tags: load-balancer ssl bridging offloading termination passthrough
 dates:
-  validation: 2024-04-29
+  validation: 2024-11-05
 categories: 
   - load-balancer
   - network
diff --git a/network/public-gateways/concepts.mdx b/network/public-gateways/concepts.mdx
@@ -7,7 +7,7 @@ content:
   paragraph: This page explains all the concepts related to Public Gateways
 tags: network availability-zone dns flexible-ip nat private-ip ssh-bastion egress ipam legacy ipam_config
 dates:
-  validation: 2024-04-29
+  validation: 2024-11-05
 categories:
   - network
 ---
