Traffic Director Overview

Traffic Director Overview

View Slide

2
About me
@lainra (GitHub)
Twitter / @la1nra
Please follow me :)
フォローしてね！:)
SRE at Mercari microservices
platform team
I love that bridge!!!

View Slide

3
Table of contents
・Service Mesh Overview
・Istio in GCP
・Traffic Director Overview
・What’s next?

View Slide

4
What is a service mesh?
A service mesh is a network communication infrastructure which
allows decoupling and offloading most of the application network
functions from the application code.
Service Mesh Overview

View Slide

5
Decoupling the network features
With Virtual Machines
VM
App
Sidecar
proxy
VM
App
Sidecar
proxy
VM
App
Sidecar
proxy
VM
App
Sidecar
proxy
Pod
App
Sidecar
proxy
Pod
App
Sidecar
proxy
Pod
App
Sidecar
proxy
Pod
App
Sidecar
proxy
Data plane
(proxy mesh)
Control plane
(controls,
configures
proxies)
Controller
With Kubernetes Pods
Service mesh

View Slide

6
Service Mesh Key Capabilities
- Telemetry: Examine everything between services with little to no
instrumentation
- Security: Secure access and communications between some or all
services
- Traffic Control: Manage the flow of traffic into, out of, and within
your complex deployments

View Slide

7
Envoy, the universal data plane
Based on open configuration & control plane called
xDS (Discovery Service, actually v2)
- LDS,RDS,CDS,EDS,ADS,SDS,LRS,HDS (too
much!!!)
- proto3 Protocol Buffers canonical definition
- Streaming gRPC, REST long poll based
- Eventually & sequentially consistent
A modern extensible lightweight L4/L7 high performance proxy built as a
platform.
- Network filter
- HTTP filter
- Listener filter
- Health checker
- Transport sockets
- Address resolver
- Clustering
- Retry policy

View Slide

8
Istio, the
industry-standard
service mesh
control plane

View Slide

9
Istio Addon for GKE(Google Kubernetes Engine)
+ The simplest way to install Istio in your GKE cluster
+ Deployment managed by GCP, automatic upgrades and patches
+ Underlying Istio complexity (partially) removed from the customer
Istio in GCP
- Still in Beta
- Fast evolving product in GCP, hard to evaluate the product’s roadmap
- Cannot modify or tailor the control plane (Pilot) to your needs
- Hard to separate/disable some Istio components/features you don’t need

View Slide

10
But… I only have VMs, what can I do???
Istio in GCP

View Slide

11
Here comes in Traffic Director (Beta)
Traffic Director is a GCP-managed configuration & traffic control plane for any xDS
compliant proxy (less formally, GCP-managed Pilot for Istio)
- Can be used both by GCP VMs and Kubernetes Pods (self-managed K8s, GKE)
- Sidecar proxy management -> Offload it from your responsibility
- Communicates with sidecar proxies with open xDS APIs -> Prevent technology
lock-in
- Integrates with Global Load Balancing (GLB) -> Leverage GLB cross-region
capabilities
- Centralized Health Checking
- Traffic-driven autoscaling
- Traffic control capabilities (based on Envoy features) in Alpha

View Slide

12
I’m a bit biased :) (But I don’t work for Google!)

View Slide

13
Source: https://cloud.google.com/traffic-director/docs/setting-up-traffic-director
- Uses the same data
model as GLB
- Need to inject Envoys
by yourself
- Need to create
NEG/MIG
- (NEG requires
enabling Alias IP in
your VPC)
- Configuration through
GCP API only
(support for Istio API
in the future)

View Slide

14
Traffic Director features
Routing Rules : define how requests
should be served in the service mesh
- Traffic splitting
- Traffic steering
- Timeouts and Retries
- Fault Injection
- Mirroring
Traffic Policies : define routing policies for
a service
- Load balancing
- Outlier detection
- Circuit breaker
- Timeouts

View Slide

15
Main use cases (non exhaustive)
- I want to try the Service Mesh but am too afraid/lacking resources to invest in Istio
- I have an existing Envoy mesh but no control plane (unlikely)
- I have an existing Envoy mesh and an internally-made control plane (more likely)
- I wish to use a managed service to pilot my Envoy mesh
- I want to bring my VMs / both VMs and pods to the service mesh
- I want to expose my services globally using GLB and Envoy mesh
- I want HTTP/2 native load-balancing (not supported yet, on roadmap)

View Slide

16
Who is it not for? (also non exhaustive!)
- People who already use Istio AND are satisfied with it
- People who wants to expose their services through an API
Gateway/API Management component
- People who don’t want to use GCP APIs to control their service
mesh (until Istio API support)
- People who think it will magically solve all their
network/microservices issues

View Slide

17
Traffic Director Roadmap
- Hybrid/Multi-cloud support
- Better integration with Anthos
- Service meshes control plane federation
- Security integration (Adding more Istio features such as mTLS, RBAC)
- Observability integration (Adding Istio Mixer features with Stackdriver)
- and other secrets yet untold…
Ultimately, Traffic Director could be the standard way to Istio in GCP
What’s next?

View Slide

18
- Traffic Director official documentation
- Cloud NEXT 19’ Traffic Director session recording
- Istio official documentation
- Envoy official documentation
Resources

View Slide

Thank you for coming!
(We’re hiring!!!)

View Slide

Traffic Director Overview

Traffic Director Overview

Raphael Fraysse

More Decks by Raphael Fraysse

Other Decks in Technology

Featured

Transcript