Traffic Director Overview 

2 About me @lainra (GitHub) Twitter / @la1nra Please follow me :) フォローしてね！:) SRE at Mercari microservices platform team I love that bridge!!! 

3 Table of contents ・Service Mesh Overview ・Istio in GCP ・Traffic Director Overview ・What’s next? 

4 What is a service mesh? A service mesh is a network communication infrastructure which allows decoupling and offloading most of the application network functions from the application code. Service Mesh Overview 

5 Decoupling the network features With Virtual Machines Service Mesh Overview VM App Sidecar proxy VM App Sidecar proxy VM App Sidecar proxy VM App Sidecar proxy Pod App Sidecar proxy Pod App Sidecar proxy Pod App Sidecar proxy Pod App Sidecar proxy Data plane (proxy mesh) Control plane (controls, configures proxies) Controller With Kubernetes Pods Service mesh 

6 Service Mesh Key Capabilities - Telemetry: Examine everything between services with little to no instrumentation - Security: Secure access and communications between some or all services - Traffic Control: Manage the flow of traffic into, out of, and within your complex deployments Service Mesh Overview 

7 Envoy, the universal data plane Service Mesh Overview Based on open configuration & control plane called xDS (Discovery Service, actually v2) - LDS,RDS,CDS,EDS,ADS,SDS,LRS,HDS (too much!!!) - proto3 Protocol Buffers canonical definition - Streaming gRPC, REST long poll based - Eventually & sequentially consistent A modern extensible lightweight L4/L7 high performance proxy built as a platform. - Network filter - HTTP filter - Listener filter - Health checker - Transport sockets - Address resolver - Clustering - Retry policy 

8 Istio, the industry-standard service mesh control plane Service Mesh Overview 

9 Istio Addon for GKE(Google Kubernetes Engine) + The simplest way to install Istio in your GKE cluster + Deployment managed by GCP, automatic upgrades and patches + Underlying Istio complexity (partially) removed from the customer Istio in GCP - Still in Beta - Fast evolving product in GCP, hard to evaluate the product’s roadmap - Cannot modify or tailor the control plane (Pilot) to your needs - Hard to separate/disable some Istio components/features you don’t need 

10 But… I only have VMs, what can I do??? Istio in GCP 

11 Here comes in Traffic Director (Beta) Traffic Director is a GCP-managed configuration & traffic control plane for any xDS compliant proxy (less formally, GCP-managed Pilot for Istio) - Can be used both by GCP VMs and Kubernetes Pods (self-managed K8s, GKE) - Sidecar proxy management -> Offload it from your responsibility - Communicates with sidecar proxies with open xDS APIs -> Prevent technology lock-in - Integrates with Global Load Balancing (GLB) -> Leverage GLB cross-region capabilities - Centralized Health Checking - Traffic-driven autoscaling - Traffic control capabilities (based on Envoy features) in Alpha Traffic Director Overview 

12 I’m a bit biased :) (But I don’t work for Google!) Traffic Director Overview 

13 Source: https://cloud.google.com/traffic-director/docs/setting-up-traffic-director Traffic Director Overview - Uses the same data model as GLB - Need to inject Envoys by yourself - Need to create NEG/MIG - (NEG requires enabling Alias IP in your VPC) - Configuration through GCP API only (support for Istio API in the future) 

14 Traffic Director features Routing Rules : define how requests should be served in the service mesh - Traffic splitting - Traffic steering - Timeouts and Retries - Fault Injection - Mirroring Traffic Director Overview Traffic Policies : define routing policies for a service - Load balancing - Outlier detection - Circuit breaker - Timeouts 

15 Main use cases (non exhaustive) - I want to try the Service Mesh but am too afraid/lacking resources to invest in Istio - I have an existing Envoy mesh but no control plane (unlikely) - I have an existing Envoy mesh and an internally-made control plane (more likely) - I wish to use a managed service to pilot my Envoy mesh - I want to bring my VMs / both VMs and pods to the service mesh - I want to expose my services globally using GLB and Envoy mesh - I want HTTP/2 native load-balancing (not supported yet, on roadmap) Traffic Director Overview 

16 Who is it not for? (also non exhaustive!) - People who already use Istio AND are satisfied with it - People who wants to expose their services through an API Gateway/API Management component - People who don’t want to use GCP APIs to control their service mesh (until Istio API support) - People who think it will magically solve all their network/microservices issues Traffic Director Overview 

17 Traffic Director Roadmap - Hybrid/Multi-cloud support - Better integration with Anthos - Service meshes control plane federation - Security integration (Adding more Istio features such as mTLS, RBAC) - Observability integration (Adding Istio Mixer features with Stackdriver) - and other secrets yet untold… Ultimately, Traffic Director could be the standard way to Istio in GCP What’s next? 

18 - Traffic Director official documentation - Cloud NEXT 19’ Traffic Director session recording - Istio official documentation - Envoy official documentation Resources 

Thank you for coming! (We’re hiring!!!)