CloudNative Days Tokyo 2019: Understanding Envoy

Taiki Ono
Cloud Native Days Tokyo 2019
Understanding Envoy

View Slide

Agenda
● What is Envoy
● Envoy use cases
2

View Slide

State of microservice networking in industry
● Languages and frameworks.
● Protocols (HTTP/1, HTTP/2, gRPC, databases, caching, etc.).
● Infrastructures (IaaS, CaaS, on premise, etc.).
● Intermediate load balancers (AWS ELB, F5, etc.).
● Per language libraries for service calls.
○ Inconsistent observability output (stats, tracing, and logging).
○ Implementations (often partial) of retry, circuit breaking, rate limiting, timeouts,
and other distributed systems best practices.
○ Authentication and Authorization.
● Libraries are incredibly painful to upgrade (Think CVEs).
3

View Slide

What is Envoy
The network should be transparent to applications.
When network and application problems do occur it should be easy to
determine the source of the problem.
4

View Slide

Envoy design goals
● Out of process architecture
● High performance / low latency code base
● L3/L4 filter architecture
● HTTP L7 filter architecture
● HTTP/2 first
● Service discovery and active/passive health checking
● Advanced load balancing
● Best in class observability (stats, logging, and tracing)
● AuthN/AuthZ
● Edge proxy
5

View Slide

Envoy config management via xDS APIs
● Envoy is a universal data plane
● xDS == * Discovery Service (various configuration APIs). E.g.,:
○ LDS == Listener Discovery Service, CDS == Cluster Discovery Service
● Both gRPC streaming and JSON/YAML REST via proto3!
● Central management system can control a fleet of Envoys avoiding
per-proxy config file hell
● Global bootstrap config for every Envoy, rest taken care of by the
management server
● Envoys + xDS + management system == fleet wide traffic management
distributed system
6

View Slide

Why Envoy
● Quality + velocity
● Extensibility
○ L4/L7 ﬁlters, Access loggers, Tracers, Health checkers, Transport sockets, Retry
policy, Resource monitors, Stats sink
○ See /source/extensions directory
● Eventually consistent conﬁguration API
● No “open core”/paid premium version. It’s all there.
● Community, community, community
7

View Slide

Who is Envoy (2018)
8

View Slide

Envoy Architecture
9

View Slide

Envoy use cases 1:
Extending SmartStack

View Slide

EnvoyCon 2018 / How to DDOS yourself with Envoy: https://sched.co/HDbQ

View Slide

Envoy use cases 2:
Replacing HW LBs

View Slide

EnvoyCon 2018 / Running Envoy as an Edge Proxy: https://sched.co/HDRr

View Slide

Envoy use cases 3:
Containers/VMs hybrid workload

View Slide

EnvoyCon 2018 / Building + Operating Service Mesh: https://sched.co/HDdu

View Slide

Envoy on VMs
● 公式に Debian, RPM パッケージ等は存在しないがサードパーティが提供して
いるものがある
○ https://getenvoy.io/
○ カスタムフィルターが存在する場合は今のところ自分たちでビルドする必要がある(公式のビ
ルド用 Docker image は使える)
● Hot restart だけ公式リポジトリにあるスクリプトを参考に作る必要がある
○ 以前はバージョン間の hot restart 非互換があったが、hot restart の設計が変わって安定し
たっぽい
● VM ベースの構成からコンテナベースの構成へマイグレーションする時とか
にも利用できる
○ あるいは on-prems から public cloud へのマイグレーション
21

View Slide

まとめ Q&A
● 少数の機能の実現でよければ Envoy 単体を使ってサービスメッシュを構築す
るのは意外と少ないコストでできマイグレーションもしやすい
○ Observability だけ、gRPC トラフィックの管理だけ、等スコープを絞る
○ 一方、各製品・マネージドサービスも進化・新しく登場しているので比較検証するのがよい
● どこを conﬁg ソースにするかが決まれば xDS API を通じて Envoy に伝播さ
せるのみ
○ GH: envoyproxy/go-control-plane, envoyproxy/java-control-plane
● VM ベースのワークロードでも Envoy は活用できる
Q&A: @taiki45 でも対応

View Slide

CloudNative Days Tokyo 2019: Understanding Envoy

CloudNative Days Tokyo 2019: Understanding Envoy

taiki45

More Decks by taiki45

Other Decks in Technology

Featured

Transcript