Request Journey Visualizer

Trace a request through every infrastructure layer — edge to pod to database and back

Normal Request
CDN Cache Hit
WAF Block
K8s Deep Dive
503 Cascade
Client
🖥️
Browser / App
192.168.1.10 — Port 54321
Initiates TCP+TLS to edge IP. Sends HTTP/2 request with headers, auth token, and optional body.
Edge / CDN
UDP 53
🔍
DNS Resolver
1.1.1.1 — Cloudflare DNS
DNS is the first load balancer — multiple A records or anycast routing means different clients resolve to different edge IPs based on geography. Cloudflare returns the nearest PoP IP. TTL cached in OS — lookup adds ~8ms first time, 0ms cached.
TCP 443
CDN Edge
Cloudflare PoP — London
TLS terminates here. Checks edge cache. If hit → serve from cache. If miss → forward to origin. Adds CF-Ray, X-Forwarded-For headers.
Security
L7
🛡️
WAF + Rate Limiter
Cloudflare WAF / nginx
Inspects request: SQLi, XSS, bad bots, path traversal, rate limit per IP/token. Block → 403/429. Pass → forward. Adds ~0.5ms.
Load Balancing — outermost first
L4 — TCP
L4 Load Balancer
AWS NLB / HAProxy TCP mode
Operates at TCP level — sees only IP and port, never reads HTTP. Blindly forwards raw TCP connections to backend nodes. Extremely fast (~0.1ms). No TLS termination. Used when you need millions of connections/sec or UDP (e.g. DNS, game servers). This comes BEFORE the L7 LB.
L7 — HTTP
⚖️
L7 Load Balancer
AWS ALB / Cloudflare LB
Terminates TLS. Reads full HTTP request — headers, path, cookies. Smart routing decisions: /api → API nodes, /upload → storage nodes, sticky sessions by cookie. Health checks per HTTP path. Comes AFTER L4 LB. This is what most people mean when they say "load balancer".
Reverse Proxy
🔀
Reverse Proxy
nginx / Envoy — closest to app
Finest-grained routing — by path prefix, header value, query param. Rate limiting, auth header validation, gzip, upstream keepalive pools. Sits inside your own infrastructure, closest to app servers. In small setups this collapses with the L7 LB.
Kubernetes Cluster
K8s
🚪
Ingress Controller
nginx-ingress — port 80/443
Reads Ingress resources. Routes by host/path rules to ClusterIP Services. TLS termination option. Backed by nginx or Traefik.
ClusterIP
🎯
K8s Service
user-svc — 10.43.1.50:80
Virtual IP backed by iptables DNAT rules (kube-proxy). Selects healthy pods via endpoint slice. Round-robin across pod IPs.
Pod
📦
App Pod
10.42.0.7:8080 — Go / Node
Your actual application code. Checks Redis cache, queries Postgres, builds response. Envoy sidecar handles mTLS if mesh enabled.
Data Layer
TCP 6379
Redis Cache
10.42.1.10:6379
In-memory cache. Hit → return in <1ms. Miss → query DB, populate cache. TTL-based expiry. Cache key: user:42:profile.
TCP 5432
💾
Postgres
10.42.2.5:5432 — Primary
Connection pool (PgBouncer). Query planning, index scan. Result returned to pod. Write goes to primary, reads can go to replica.
Request Path
🖥️
Client
🔍
DNS
CDN
🛡️
WAF
L4 LB
⚖️
L7 LB
🚪
Ingress
📦
Pod
💾
DB
0ms
Total
DNS
TLS
App
DB
Status
Select a mode and press Send Request to trace the journey
Step 0