un — Geometry of Ingress & Egress Separation

un

guest

1 / ?

back to lessons

Inbound & Outbound as Distinct Sets

Bipartite Graphs in Network Architecture

A bipartite graph divides nodes into two sets, with edges allowed only between sets (never within a set).

Network boundaries have natural bipartite structure:

- Ingress side: outside clients on one side, internal services on the other. Edges: external requests entering, internal responses going out.

- Egress side: internal services on one side, external destinations on the other. Edges: internal services initiating outbound calls, external responses coming back.

The asymmetry:

- Ingress: source set is unbounded (anyone on the internet). Destination set is small (a few services). Volume scales with users.

- Egress: source set is small (a few internal services). Destination set is bounded (a few known partners). Volume scales with internal activity.

Single-box design collapses both bipartite halves through one node. That node has fan-in from outside (ingress) AND fan-in from inside (egress's reverse direction). The node's load = sum of both sides.

Split design preserves both bipartite halves at separate nodes. Each node handles one role with its appropriate scaling axis.

Bipartite ingress & egress: separate node sets, separate cut vertices

Draw the bipartite graph for a small SaaS: 5 external customer endpoints (sending requests in), 3 internal services (the backends), & 4 external partner APIs (called outbound). Identify which edges belong to the ingress bipartite half & which belong to the egress bipartite half. Predict what happens to graph connectivity if one of the internal services fails.

Before the Split: A Cut Vertex Everywhere

Single-Box: One Vertex Holds Everything

Before the split, a single proxy box sits between every external/internal pair. In graph terms it is a cut vertex of high order: its removal disconnects all clients from all backends AND all internal services from all external partners.

Connectivity at this node = 1. Anything that disrupts this node (process crash, network glitch, OOM kill) disconnects every dependent path.

After the Split: Cut Vertex Replaced by Two Lighter Nodes

Splitting into ingress + egress creates two graph nodes where there was one. Each node now sits on only one bipartite half:

- Ingress node: cut vertex for the external-clients-to-internal-services bipartite half

- Egress node: cut vertex for the internal-services-to-partners bipartite half

The hairpin loop disappears geometrically: in the single-box graph, an internal service trying to reach an external-facing service via the public address required traversing the same vertex twice (out via the egress role, then in via the ingress role). In the split graph, the traversal hits two different vertices.

Connectivity per side stays at 1, but the two cut vertices can be replaced independently. Adding a second ingress proxy raises ingress-side connectivity to 2 without changing the egress side.

Replication Per Side

Production fleets often run 2+ ingress proxies (HA) AND 2+ egress proxies (HA). Each side reaches connectivity 2 independently. Capacity scales horizontally on each side as needed.

A team currently runs one proxy box (single cut vertex for both directions). They split it into one ingress + one egress, then later add a second ingress (HA pair) but keep a single egress. Walk through how graph connectivity changes at each step, & identify the bipartite half that is still 1-connected after step 3 (which is therefore still the lowest-tolerance failure mode).

Network Partition Tolerance

Synthesis

You can now read network architectures as bipartite graphs, identify cut vertices, & track connectivity per half.

Apply this to network partitions.

A network partition is a graph cut: edges across the partition fail; both sides keep operating but cannot reach each other.

A geographically distributed system has two datacenters connected by a single inter-DC link. Ingress traffic enters via DC1; egress goes through DC1 to external partners; some internal services live in DC2 & call back into DC1 for stateful operations.

Predict what happens if the inter-DC link fails: (1) which bipartite halves remain connected within each DC, (2) which traffic flows continue & which stop, & (3) propose one architectural change that would let the system tolerate this partition with bounded degradation rather than full outage.

Companion Notes

This geometry-of lesson recasts the Ingress & Egress Separation main lesson as a bipartite-graph analysis.

The next companion, geometry_of_failure_modes_and_blast_radius, derives betweenness centrality (identifies bottleneck nodes) & min-cut (bounds blast radius).

Well done.