Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Service Mesh and the future of networking

Service Mesh and the future of networking

In the world of microservices, we have seen this new technology, the Service Mesh, emerge and grow very fast. Projects like Istio, Linkerd or Consul have become very popular and people are starting to adopt them and figuring out the new possibilities these projects bring. But beyond the individual features each of those projects provide, in this talk, we will present the core concepts of a Service Mesh, the novel things this technology brings, and the use cases it is meant to solve.

We will explore how Service Meshes will push networking to the next level, opening the door to a whole new set of possibilities especially designed for this new era of multi-cloud and hybrid architectures, and giving us a mental model with which to explore and evaluate after the talk.

Ignasi Barrera

October 06, 2019
Tweet

More Decks by Ignasi Barrera

Other Decks in Technology

Transcript

  1. But we are dealing with the same kind of problems

    again… at the application layer
  2. Main Features • Separate the network from the applications •

    Consistency across the fleet • Centralized control • Fast to change (apply config to affect change; not redeploy)
  3. Envoy Proxy • L7 proxy built for today’s SOA •

    Deployment agnostic, lightweight • L3/L4 filter’s at core, rich L7 filters • Built-In HTTP/2 support • Protocol extensibility (Mongo, Redis, MySQL, etc) • Programmability (xDS APIs) • Push based model
  4. SPIFFE • A naming scheme to encode workload identities •

    How to encode those names in a X.509 certificate (SVID) • How a peer (client or server) validates the X.509 certificate to authenticate the SPIFFE identity inside of it spiffe://trust-domain/path spiffe://k8s.example.com/ns/staging/sa/default
  5. Identity is not only about mTLS • Finally break the

    L3/L4 dependency • L7 policies • Multi-cloud & cloud-agnostic applications
  6. Traffic routing • Service discovery • Application level overlay network

    • L7 addressing • Canaries • Traffic shifting • Protocol transcoding
  7. Traffic management • (Client-side) Load balancing • Failure detection •

    Circuit breakers • Retries • Deadlines • Rate limiting • Fault injection