Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
(Micro)Service Meshes
The Past, Present, and Future
Daniel Bryant
@danielbryantuk
tl;dr – Service Meshes
• A service mesh is a dedicated infrastructure layer for making service-to-
service communication s...
tl;dr – Service Meshes
27/07/2017 @danielbryantuk
@danielbryantuk
• Independent Technical Consultant, CTO at SpectoLabs
• Agile, architecture, CI/CD, DevOps
• Java, JS, mic...
Setting the Scene
27/07/2017 @danielbryantuk
27/07/2017 @danielbryantuk
Simple
(Sense, Categorise, Respond)
Complicated
(Sense, Analyse, Respond)
Complex
(Probe, Sense...
So, from a technology perspective…
• Deploying services/functions to a “platform” is essential
• Abstracts underlying reso...
So, from a technology perspective…
• Deploying services/functions to a “platform” is essential
• Need clear collaboration ...
Service/function platforms
27/07/2017 @danielbryantuk
So, from a technology perspective…
• Deploying services/functions to a “platform” is essential
• Need clear collaboration ...
Collaboration zones for deployment
27/07/2017 @danielbryantuk
So, from a technology perspective…
• Deploying services/functions to a “platform” is essential
• Need clear collaboration ...
The Eight Fallacies of Distributed Computing
1. The network is reliable.
2. Latency is zero.
3. Bandwidth is infinite.
4. ...
So, from a technology perspective…
• Deploying services/functions to a “platform” is essential
• Need clear collaboration ...
But be careful, technology is seductive…
27/07/2017 @danielbryantuk
https://twitter.com/KevinHoffman/status/88763857640983...
Evolution of Service Meshes
Those who do not know history's mistakes are doomed to repeat them.
-- George Santayana (Parap...
Service-to-Service Comms History
• 2000s :: Assembly of course-grained services (SOA)
• SOAP, XML, proprietary binary form...
Trends
• Binary RPC (across polyglot stack)
• Also messaging
• Centralised to decentralised control
• Need to prevent casc...
Let’s go unicorn spotting…
• Netflix
• Karyon + HTTP/JSON or RxNetty RPC + Eureka + Hystrix + …
• Twitter
• Finagle + Thri...
Several companies extracted functionality into “service meshes”
27/07/2017 @danielbryantuk
What is a Service Mesh?
• Good question…
• Agreement on core definition
• Service proxies act as “mesh”
• But, it can get ...
Service Mesh Functionality
27/07/2017 @danielbryantuk
Service mesh features
• Normalises naming and adds logical routing
• user-service -> AWS-us-east-1a/prod/users/v4
• Adds t...
Service mesh features
• Increased security
• Transparent mutual TLS
• Policies (service Access Control Lists - ACL)
• Obse...
Naming and load balancing
27/07/2017 @danielbryantuk
https://buoyant.io/2016/03/16/beyond-round-robin-load-balancing-for-l...
Traffic control
27/07/2017 @danielbryantuk
https://istio.io/docs/concepts/traffic-management/request-routing.html https://...
Per-request routing: shadow, fault inject, debug
27/07/2017 @danielbryantuk
https://buoyant.io/2017/01/06/a-service-mesh-f...
Timeouts / deadlines
27/07/2017 @danielbryantuk
William Morgan Introduction to Linkerd: https://www.youtube.com/watch?v=0x...
Circuit breaking (out of process, not Hystrix)
27/07/2017 @danielbryantuk
Mutual TLS (transparent protocol upgrade)
27/07/2017 @danielbryantuk
https://istio.io/blog/istio-auth-for-microservices.ht...
Communication policies
27/07/2017 @danielbryantuk
https://istio.io/docs/concepts/policy-and-control/mixer-config.html#aspe...
Visibility
27/07/2017 @danielbryantuk
Service Mesh Implementations
27/07/2017 @danielbryantuk
27/07/2017 @danielbryantuk
27/07/2017 @danielbryantuk
https://github.com/fabiolb/fabiohttps://verizon.github.io/nelson/
Control Plane / Data Plane (Istio example)
27/07/2017 @danielbryantuk
https://istio.io/docs/concepts/what-is-istio/overvie...
Istio control plane: Pilot and Mixer
27/07/2017 @danielbryantuk
Precondition checking
Quota management
Telemetry reporting
Linkerd and NGINX control plane
27/07/2017 @danielbryantuk
Control Plane / Data Plane (Istio example)
27/07/2017 @danielbryantuk
https://istio.io/docs/concepts/what-is-istio/overvie...
Service Mesh data plane (proxy) comparison
27/07/2017 @danielbryantuk
Putting it all together: Istio
• “Istio” is an open platform
• Connect, manage, secure services
• Proxies are the data pla...
Getting started
• Articles:
• Linkerd + Kubernetes:
• https://buoyant.io/2016/10/04/a-service-mesh-for-kubernetes-part-i-t...
Common Questions
“But what about…"
27/07/2017 @danielbryantuk
How does SM relate to (Edge/API) Gateways?
• Gateways primarily sit on the edge of your network
• Perform ingress cross-cu...
Isn’t this just ESB 2.0 or “web scale” ESB
• No
• At least not yet…
• ESB development was vendor-driven
• Overly centralis...
Aren’t SMs adding more network hops?
• Maybe… It depends on your network config
• …but good (infrastructure) architecture ...
Shouldn’t SM be part of the “platform”?
• Yep…
• And it probably will be in the near future
• But expect much innovation (...
Who owns the Service Mesh? Dev, SREs, Ops?
• Yes…
• As mentioned earlier
• We work with a sociotechnical system when deliv...
So, Service Mesh all-the-things… right?
• No…
• It’s all about context and trade-offs
• Service meshes are great for point...
Look for Problems, Not Solutions
27/07/2017 @danielbryantuk
Use cases for Service Meshes
• Real-time (operator) configuration and observability
• The evolution from complicated to co...
Wrapping Up
27/07/2017 @danielbryantuk
In conclusion…
• Deploying services/functions to a “platform” is essential
• Service meshes are responsible for platform c...
Massive thanks to everyone who has helped!
• William Morgan @ Buoyant
• Owen Garrett @ NGINX
• Christian Posta @ Red Hat
•...
Thanks for listening…
Thanks to O’Reilly for organising and NGINX for sponsoring!
Twitter: @danielbryantuk
Email: daniel.b...
Upcoming SlideShare
Loading in …5
×

O'Reilly 2017: "Introduction to Service Meshes"

3,577 views

Published on

While service meshes may be the next "big thing" in microservices, the concept isn't new. Classical SOA attempted to implement similar technology for abstracting and managing all aspects of service-to-service communication, and this was often realized as the much-maligned Enterprise Service Bus (ESB). Several years ago similar technology emerged from the microservice innovators, including Airbnb (SmartStack for service discovery), Netflix (Prana integration sidecars), and Twitter (Finagle for extensible RPC), and these technologies have now converged into the service meshes we are currently seeing being deployed.

In this webcast, Daniel Bryant shows you what service meshes are, why they're well-suited for microservice deployments, and how best to use a service mesh when you're deploying microservices. This webcast begins with a brief history of the development of service meshes. From there, you'll learn about some of the currently available implementations that are targeting microservice deployments, such as Istio (Envoy), Linkerd, NGINX Plus, and Traefik. Attendees will walk away with a high-level overview of the concept, tools for deciding when best to use a service mesh, and a getting started guide if they decide this technology is the right fit for their organization.

Published in: Technology

O'Reilly 2017: "Introduction to Service Meshes"

  1. 1. (Micro)Service Meshes The Past, Present, and Future Daniel Bryant @danielbryantuk
  2. 2. tl;dr – Service Meshes • A service mesh is a dedicated infrastructure layer for making service-to- service communication safe, fast, reliable, and (operator) configurable • Consists of a control plane and data plane (service proxies) • Some confusion on where the “service mesh” begins and ends • Essential as we move from deployment of complicated monoliths/services to orchestration of complex cloud native microservices and functions 27/07/2017 @danielbryantuk
  3. 3. tl;dr – Service Meshes 27/07/2017 @danielbryantuk
  4. 4. @danielbryantuk • Independent Technical Consultant, CTO at SpectoLabs • Agile, architecture, CI/CD, DevOps • Java, JS, microservices, cloud, containers • Leading change through technology and teams 27/07/2017 @danielbryantuk http://bit.ly/2jWDSF7
  5. 5. Setting the Scene 27/07/2017 @danielbryantuk
  6. 6. 27/07/2017 @danielbryantuk Simple (Sense, Categorise, Respond) Complicated (Sense, Analyse, Respond) Complex (Probe, Sense, Respond) 1990s Monoliths Single language In-house hardware (servers, SAN, networks) Manual config and scripting Optimise for Stability (MTBF) Specialist staff/departments 2010s Microservices, functions, SaaS-all-the-things Polyglot languages Cloud and containers (Datacenter as a Computer) Software-Defined Everything Optimise for innovation (and MTTR) Business teams (“FinDev”, SRE and Platform Team) 2000s Monoliths, Coarse-grained SOA, SaaS Frontend/backend language “Co-lo” or private datacenters Configuration management Optimise for Recovery (MTTR) Generalist teams (Full Stack and “DevOps”)
  7. 7. So, from a technology perspective… • Deploying services/functions to a “platform” is essential • Abstracts underlying resources and provides runtime foundations • Need clear collaboration zones for dev/ops/platform • Must also cultivate “mechanical sympathy” • Managing lots of out-of-process communication going “over the wire” • We must not treat local and remote calls the same 27/07/2017 @danielbryantuk
  8. 8. So, from a technology perspective… • Deploying services/functions to a “platform” is essential • Need clear collaboration zones for dev/ops/platform • Managing lots of out-of-process communication going “over the wire” 27/07/2017 @danielbryantuk
  9. 9. Service/function platforms 27/07/2017 @danielbryantuk
  10. 10. So, from a technology perspective… • Deploying services/functions to a “platform” is essential • Need clear collaboration zones for dev/ops/platform • Managing lots of out-of-process communication going “over the wire” 27/07/2017 @danielbryantuk
  11. 11. Collaboration zones for deployment 27/07/2017 @danielbryantuk
  12. 12. So, from a technology perspective… • Deploying services/functions to a “platform” is essential • Need clear collaboration zones for dev/ops/platform • Managing lots of out-of-process communication going “over the wire” 27/07/2017 @danielbryantuk
  13. 13. The Eight Fallacies of Distributed Computing 1. The network is reliable. 2. Latency is zero. 3. Bandwidth is infinite. 4. The network is secure. 5. Topology doesn't change. 6. There is one administrator. 7. Transport cost is zero. 8. The network is homogeneous. 27/07/2017 @danielbryantuk https://www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods/ (~ 2013) OR
  14. 14. So, from a technology perspective… • Deploying services/functions to a “platform” is essential • Need clear collaboration zones for dev/ops/platform • Managing lots of out-of-process communication going “over the wire” 27/07/2017 @danielbryantuk
  15. 15. But be careful, technology is seductive… 27/07/2017 @danielbryantuk https://twitter.com/KevinHoffman/status/887638576409837569 • Service meshes are an emerging and rapidly evolving space • Only one part of microservice platform • For big picture and people aspects: • “Microservices: Org and People Impact” • “Seven Deadly Sins of Microservices”
  16. 16. Evolution of Service Meshes Those who do not know history's mistakes are doomed to repeat them. -- George Santayana (Paraphrased) 27/07/2017 @danielbryantuk
  17. 17. Service-to-Service Comms History • 2000s :: Assembly of course-grained services (SOA) • SOAP, XML, proprietary binary format • Heavyweight MQ • Classic ESBs • 2010s :: Orchestration of small services (microservices) • HTTP/JSON/REST, open source binary IDL • Lightweight MQ, distributed txn logs • ESB 2.0? 27/07/2017 @danielbryantuk
  18. 18. Trends • Binary RPC (across polyglot stack) • Also messaging • Centralised to decentralised control • Need to prevent cascade failure • Lots of small services involved in response • Sidecar pattern • ”Platform” service proxies 27/07/2017 @danielbryantuk http://restlet.github.io/web-api-style/ https://speakerdeck.com/garethr/waves-of-centralising-and-decentralising
  19. 19. Let’s go unicorn spotting… • Netflix • Karyon + HTTP/JSON or RxNetty RPC + Eureka + Hystrix + … • Twitter • Finagle + Thrift + ZooKeeper + Zipkin • AirBnB • HTTP/JSON + SmartStack + ZooKeeper + Charon/Dyno • Google • Stubby + GSLB + GFE + Dapper 27/07/2017 @danielbryantuk
  20. 20. Several companies extracted functionality into “service meshes” 27/07/2017 @danielbryantuk
  21. 21. What is a Service Mesh? • Good question… • Agreement on core definition • Service proxies act as “mesh” • But, it can get hazy after this • Control plane vs data plane… 27/07/2017 @danielbryantuk
  22. 22. Service Mesh Functionality 27/07/2017 @danielbryantuk
  23. 23. Service mesh features • Normalises naming and adds logical routing • user-service -> AWS-us-east-1a/prod/users/v4 • Adds traffic shaping and traffic shifting • Load balancing • Deploy control • Per-request routing (shadowing, fault injection, debug) • Adds baseline reliability • Health checks, timeouts/deadlines, circuit breaking, and retry (budgets) 27/07/2017 @danielbryantuk
  24. 24. Service mesh features • Increased security • Transparent mutual TLS • Policies (service Access Control Lists - ACL) • Observability • Top-line metrics like request volume, success rates and latencies • Distributed tracing • Sane defaults (to protect the system) • Options to tune 27/07/2017 @danielbryantuk
  25. 25. Naming and load balancing 27/07/2017 @danielbryantuk https://buoyant.io/2016/03/16/beyond-round-robin-load-balancing-for-latency/
  26. 26. Traffic control 27/07/2017 @danielbryantuk https://istio.io/docs/concepts/traffic-management/request-routing.html https://www.youtube.com/watch?v=s4qasWn_mFc
  27. 27. Per-request routing: shadow, fault inject, debug 27/07/2017 @danielbryantuk https://buoyant.io/2017/01/06/a-service-mesh-for-kubernetes-part-vi-staging-microservices-without-the-tears/
  28. 28. Timeouts / deadlines 27/07/2017 @danielbryantuk William Morgan Introduction to Linkerd: https://www.youtube.com/watch?v=0xYSy6OmjUM
  29. 29. Circuit breaking (out of process, not Hystrix) 27/07/2017 @danielbryantuk
  30. 30. Mutual TLS (transparent protocol upgrade) 27/07/2017 @danielbryantuk https://istio.io/blog/istio-auth-for-microservices.html
  31. 31. Communication policies 27/07/2017 @danielbryantuk https://istio.io/docs/concepts/policy-and-control/mixer-config.html#aspects https://www.projectcalico.org/network-policy-and-istio-deep-dive/
  32. 32. Visibility 27/07/2017 @danielbryantuk
  33. 33. Service Mesh Implementations 27/07/2017 @danielbryantuk
  34. 34. 27/07/2017 @danielbryantuk
  35. 35. 27/07/2017 @danielbryantuk https://github.com/fabiolb/fabiohttps://verizon.github.io/nelson/
  36. 36. Control Plane / Data Plane (Istio example) 27/07/2017 @danielbryantuk https://istio.io/docs/concepts/what-is-istio/overview.html Control plane Data plane
  37. 37. Istio control plane: Pilot and Mixer 27/07/2017 @danielbryantuk Precondition checking Quota management Telemetry reporting
  38. 38. Linkerd and NGINX control plane 27/07/2017 @danielbryantuk
  39. 39. Control Plane / Data Plane (Istio example) 27/07/2017 @danielbryantuk https://istio.io/docs/concepts/what-is-istio/overview.html Control plane Data plane
  40. 40. Service Mesh data plane (proxy) comparison 27/07/2017 @danielbryantuk
  41. 41. Putting it all together: Istio • “Istio” is an open platform • Connect, manage, secure services • Proxies are the data plane / mesh • Proxies are (in theory) swappable • But in reality there are different feature sets, security, performance 27/07/2017 @danielbryantuk
  42. 42. Getting started • Articles: • Linkerd + Kubernetes: • https://buoyant.io/2016/10/04/a-service-mesh-for-kubernetes-part-i-top-line-service-metrics/ • Installing Istio: • https://istio.io/docs/tasks/installing-istio.html • Tim Perrett: Envoy with Nomad and Consul • http://timperrett.com/2017/05/13/nomad-with-envoy-and-consul • NGINX Fabric Model: • https://www.nginx.com/blog/microservices-reference-architecture-nginx-fabric-model/ • Videos: • William Morgan - Linkerd: • https://www.youtube.com/watch?v=0xYSy6OmjUM • Christian Posta – Envoy/Istio: • http://blog.christianposta.com/microservices/00-microservices-patterns-with-envoy-proxy-series/ • Matt Klein – Envoy: • https://www.youtube.com/watch?v=RVZX4CwKhGE • Kelsey Hightower - Istio: • https://www.youtube.com/watch?v=s4qasWn_mFc 27/07/2017 @danielbryantuk https://www.katacoda.com/courses/istio/deploy-istio-on-kubernetes
  43. 43. Common Questions “But what about…" 27/07/2017 @danielbryantuk
  44. 44. How does SM relate to (Edge/API) Gateways? • Gateways primarily sit on the edge of your network • Perform ingress cross-cutting concerns (authn/z, rate limiting, logging etc) • My experience • NGINX • Cloud implementations • Traefik and Datawire’s Ambassador (based on Envoy) • Some are vying to act as the communication backbone too • Kong API • Mulesoft • NGINX 27/07/2017 @danielbryantuk
  45. 45. Isn’t this just ESB 2.0 or “web scale” ESB • No • At least not yet… • ESB development was vendor-driven • Overly centralised/coupled/conflated • Process choreography • Document transformation • Tight integration with vendor products 27/07/2017 @danielbryantuk https://en.wikipedia.org/wiki/Enterprise_service_bus#/media/File:ESB_Component_Hive.png
  46. 46. Aren’t SMs adding more network hops? • Maybe… It depends on your network config • …but good (infrastructure) architecture is all about • Choosing the right abstraction • Making trade-offs • Separation of concerns • Make an educated choice with your platform, and make it explicitly 27/07/2017 @danielbryantuk
  47. 47. Shouldn’t SM be part of the “platform”? • Yep… • And it probably will be in the near future • But expect much innovation (and change) over the next 6-12 months • Assess if it will be beneficial for your organisation to leverage this now 27/07/2017 @danielbryantuk
  48. 48. Who owns the Service Mesh? Dev, SREs, Ops? • Yes… • As mentioned earlier • We work with a sociotechnical system when delivering value/software • Everything is context dependent (on your organisation) • But deployment descriptor and service mesh config can provide good dev/ops collaboration zones as part of the “platform” • Make a decision, communicate it, and regularly retrospect 27/07/2017 @danielbryantuk
  49. 49. So, Service Mesh all-the-things… right? • No… • It’s all about context and trade-offs • Service meshes are great for point-to-point RPC • Messaging is useful to decouple services in space and time • Async work queues, pub/sub, topics e.g. RabbitMQ • Distributed txn logs and stream processing e.g. Kafka 27/07/2017 @danielbryantuk
  50. 50. Look for Problems, Not Solutions 27/07/2017 @danielbryantuk
  51. 51. Use cases for Service Meshes • Real-time (operator) configuration and observability • The evolution from complicated to complex systems • Monolith-to-service migration • All components can use the same communication fabric • Multi-platform / hybrid cloud etc • Routing (shadow traffic, A/B, canarying etc) 27/07/2017 @danielbryantuk
  52. 52. Wrapping Up 27/07/2017 @danielbryantuk
  53. 53. In conclusion… • Deploying services/functions to a “platform” is essential • Service meshes are responsible for platform comms e.g routing, traffic shifting • Need clear collaboration zones for dev/ops/platform • Service meshes can provide collaboration zone for run-time config of comms • Managing lots of out-of-process communication going “over the wire” • Service meshes can provide observability, reliability and fault tolerance 27/07/2017 @danielbryantuk
  54. 54. Massive thanks to everyone who has helped! • William Morgan @ Buoyant • Owen Garrett @ NGINX • Christian Posta @ Red Hat • Matt Klein @ Lyft • Shriram Rajagopalan (Istio-users) • Louis Ryan (Istio-users) • Varun Talwar @ Google • Many more from the community 27/07/2017 @danielbryantuk
  55. 55. Thanks for listening… Thanks to O’Reilly for organising and NGINX for sponsoring! Twitter: @danielbryantuk Email: daniel.bryant@specto.io Writing: https://www.infoq.com/profile/Daniel-Bryant Talks: https://www.youtube.com/playlist?list=PLoVYf_0qOYNeBmrpjuBOOAqJnQb3QAEtM 27/07/2017 @danielbryantuk

×