Building useful services across our collection of existing applications, microservices, and now functions, we see a common theme: services must be able to communicate with each other, and solve problems like data mediation, routing, policy enforcement, security, and others. Service mesh is a technology that has emerged in container-based environments to help solve some of these problems; however, not all of them can be solved by pushing the problems to a different abstraction. Understanding the role and responsibility of service mesh and application-integration frameworks can help you successfully build useful business services on a cloud native platform. This talk will help you understand those roles and responsibilities and how service mesh and application integration co-exist to build cloud native applications.
8. @christianposta
The end-to-end principle:
http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf
The function in question can completely and correctly be implemented only with the
knowledge and help of the application standing at the end points of the communication system.
Therefore, providing that questioned function as a feature of the communication system
itself is not possible. (Sometimes an incomplete version of the function provided by the
communication system may be useful as a performance enhancement.)
27. • Require specific language to bring in new services
• A single language doesn’t fit for all use cases
• How do you patch/upgrade/manage lifecycle?
• Need strict control over application library choices
• Inconsistent implementations
• Incorrect implementations
Some drawbacks to this approach?
@christianposta
32. Envoy is…
• service proxy
• written in C++, highly parallel, non-blocking
• L3/4 network filter
• out of the box L7 filters
• HTTP 2, including gRPC
• baked in service discovery/health checking
• advanced load balancing
• stats, metrics, tracing
• dynamic configuration through xDS
33. Envoy implements
• zone aware, least request load balancing
• circuit breaking
• outlier detection
• retries, retry policies
• timeout (including budgets)
• traffic shadowing
• rate limiting
• access logging, statistics collection
• Many other features!
39. Service mesh technologies typically provide:
• Service discovery / Load balancing
• Secure service-to-service communication
• Traffic control / shaping / shifting
• Policy / Intention based access control
• Traffic metric collection
• Service resilience
@christianposta
54. Istio and service mesh don’t allow
you to offload responsibility to the
infrastructure; they just add some level
of reliability and optimize for operability
@christianposta