Jaime Piña, @variadico, Software Engineer at Apcera
Microservice issues are networking issues. Fixing code in your app is easy, but the hard part of using microservices is the networking. How do you actually know if you're sending what you think you are? Why does this request fail in my app, but not when I use curl? Is this service very slow or is it up at all?
This talk will help demystify some common problems you might experience while building out your collection of microservices. Once you can find the issue, it becomes way easier to fix.
2. Who is this guy?
● Jaime Piña
● Software engineer at Apcera
● Apcera platform deploys apps to hybrid cloud with policy
● Work on Apcera Setup, gateways, and other things
(Hai-meh)
16. Client side check with nmap
$ nmap scanme.nmap.org
Not shown: 971 closed ports
PORT STATE SERVICE
22/tcp open ssh
5269/tcp filtered xmpp-server
6007/tcp filtered X11:7
17. nmap vocabulary
● open state
○ Port accessible, app listening
● closed state
○ Port accessible, no app listening
● filtered state
○ IDK? ¯_(ツ)_/¯
18. Client side check with nmap
$ nmap scanme.nmap.org
Not shown: 971 closed ports
PORT STATE SERVICE
22/tcp open ssh
5269/tcp filtered xmpp-server
6007/tcp filtered X11:7
21. We can reach the server
debug2: resolving "foo.com" port 22
debug1: Connecting to ejemplo.com [1.2.3.4] port 22.
debug1: Connection established.
22. Trying to read my public key
debug1: key_load_public: No such file or directory
debug1: identity file /home/jaime/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jaime/.ssh/id_ed25519 type -1
23. Trying to use key auth
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jaime/.ssh/id_rsa
debug3: no such identity: /home/jaime/.ssh/id_rsa: No such file
or directory
debug1: Trying private key: /home/jaime/.ssh/id_ed25519
debug3: no such identity: /home/jaime/.ssh/id_ed25519: No such
file or directory
24. Trying to use password auth
debug1: Next authentication method: password
jaime@foo.com's password:
42. DNS vocabulary
● nameserver
○ Server who has DNS info about a domain
● A record
○ Contains IP address for a domain
● NS record
○ Contains nameservers for a domain
43. drill example
$ drill www.google.com @8.8.8.8 A
;; QUESTION SECTION:
;; www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 297 IN A 172.217.6.36
48. Berkeley Packet Filter
● host foo.com
○ src/dst host is foo.com
● tcp port 22
○ TCP traffic coming/going to port 22
● dst port 53
○ Traffic going to port 53
49. tcpdump example
# tcpdump -i wlp58s0 'tcp port 80'
192.168.0.109.37370 > 107.170.18.175.http: Flags [S], length 0
107.170.18.175.http > 192.168.0.109.37370: Flags [S.], length 0
192.168.0.109.37370 > 107.170.18.175.http: Flags [.], length 0
Flags:
S = SYN . = ACK
Me -SYN-> server
Me <-SYN ACK- server
Me -ACK-> server
52. tcpdump flag Flag name Description
S SYN Signal start of connection
. ACK Acknowledge packet
P PSH Sending data
F FIN Signal end of connection
R RST Connection killed
Common packet flags
56. How to debug (some) network issues
● Is your app running?
● Is there a firewall?
● Does the DNS work?
● Are you sending and receiving what you think you
are?