SlideShare a Scribd company logo

What's a service mesh and why do i need one?

Jeroen Reijn
Jeroen Reijn

You’ve been creating this cloud-native microservice based architecture. Continuous delivery pipelines, cloud-based deployments, and Kubernetes managed Docker containers. You are ready to scale beyond your wildest dreams. Now, while taking a step back, you notice that your services contain more than just the business logic you intended to write. Proper communication is key in a distributed system, but do you really need these extra libraries that increase the size of your microservice? Should the responsibility for reliable communication live within your application or can this be abstracted to a higher level? In this session, we will look at the concept of a Services Mesh and how it helps you put the responsibilities at the right layer. After this presentation you might have an answer to the question if you really need a service mesh.

Engineering
1 of 79
Download to read offline
What’s a Service Mesh and why do I need one? Jeroen Reijn #jfall
About me: • (Java) Programmer and architect • Big fan of the DevOps culture • Enjoys building cloud native solutions • Community member and emeritus committer at Apache Jeroen Reijn @jreijn /jeroenreijn
Monolith? Microservices? Kubernetes? Cloud?
Service mesh, ... istio, … service mesh
Have you heard about a service mesh before? +
So what is a ‘Service Mesh’ and what problem does it solve?
“A service mesh is a dedicated infrastructure layer for handling service-to-service communication”
Why a dedicated layer?
Microservices Distributed systems Network communication
complex Reliable communication is
Evolution networking
The evolution of networking Computer BComputer A Service A Service B Networking Stack Networking Stack Business LogicBusiness Logic
The evolution of networking Computer BComputer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Business Logic Flow control
The evolution of networking Computer BComputer A Networking Stack Service A Service B Networking Stack Business Logic Flow control Business Logic Flow control
The 8 Fallacies of Distributed Computing 1. The network is reliable 2. Latency is zero 3. Bandwidth is infinite 4. The network is secure 5. Topology doesn’t change 6. There is one administrator 7. Transport cost is zero 8. The network is homogeneous Composed by Peter Deutsch and his fellow engineers at Sun Microsystems
Critical functions for microservices Fast, reliable & safe microservices microservice microservice microservice Routing Dynamic discovery Load balancing Resiliency Circuit breaking Retries Rate limiting Observability Metrics Logging Tracing Security Policy Enforcement
Routing - Service discovery Registry client Registry clientRegistry client Registry client Registry clientRegistry client Registry client Registry clientRegistry client RegistryRegistry clientRegistry client Service A Service B Service C Service DService D Service AService A Service CService C Service BService B Service D Registry-aware HTTP client Service Registry
Resilience
Resilience - Cascading failure Service 1 Service 2 Service 3 Service 4
The Circuit Breaker pattern “A service client should invoke a remote service via a ‘proxy’ that functions in a similar fashion to an electrical circuit breaker” https://microservices.io/patterns/reliability/circuit-breaker.html
Circuit breaker Half Open Failure threshold exceeded Set breaker Failure threshold exceeded Set breaker Try reset after timeout Success Reset breaker Open Closed Success Fail (under threshold)
Observability of your services Golden triangle of monitoring Metrics Logs Traces
Security of microservices • OAuth / JWT Tokens • Mutual TLS / certificates
Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control ??? ??? Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control Library Library Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
Libraries resilience4j hystrix
Drawbacks of libraries • Glue linking the libraries: expensive • Limiting tools, runtimes, languages • Versioning hell • Teams should not forget to add them
Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control Library Library Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
Computer B Service B The evolution of networking Computer A Service A Service B Networking Stack Service A Networking Stack Business Logic Flow control Library??? Flow control Library??? Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
Computer B Service B The evolution of networking Computer A Networking Stack Service A Networking Stack Business Logic Flow control ??? Circuit Breaker Service Discovery Logs, metrics, traces Security Proxy Flow control ??? Circuit Breaker Service Discovery Logs, metrics, traces Security Proxy Business Logic
OSI Model Level 7 Application: Spring, Vertx, WFSwarm Level 6 Presentation: Json, XML Level 5 Session: Http 1/2, GRPC Level 4 Transport: TCP Level 1-3 Network (IP) / Data link / Physical From here To here
Computer B Service B The evolution of networking Computer A Networking Stack Service A Networking Stack Business Logic Flow control Proxy Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Flow control Proxy Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Business Logic
Responsibility shift Development team(s) Platform team(s)
The evolution of networking
Computer B Service D First generation service mesh Computer A Service A Proxy Proxy Service B Service C
Second generation service mesh - Pods and sidecars • Container platforms • Kubernetes • Mesos Node Pod Pod Container Proxy Container Proxy
Computer B Service B The evolution of networking Computer A Networking Stack Service A Networking Stack Business Logic Flow control Proxy Sidecar Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Flow control Proxy Sidecar Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Business Logic
Complex micro-service architectures 450 + microservices
Controlling the service mesh Computer A Service A Networking Stack Business Logic Flow control Sidecar proxy Computer B Service B Networking Stack Business Logic Flow control Sidecar proxy Control plane
The service mesh control plane Control plane
Proxy based Service meshes
Istio • An open platform to connect, monitor, and secure microservices • Introduced by Google, Lyft, IBM and others • Manages authentication, authorization, and encryption of communication between microservices • Logging, monitoring, and keeping services operational • Traffic management and policy control
Istio - Architecture B
Envoy Proxy • Dynamic service discovery • Load balancing • TLS termination • HTTP/2 and gRPC proxies • Circuit breakers • Health checks • Staged rollouts with %-based traffic split • Fault injection • Rich metrics
Istio - Proxy configuration YAML
Istio - Discovery and Load-balancing
Istio - Tracing • Automatic tracing of request • Asynchronous span reporting • Multiple backends • Zipkin • Jaeger
Istio - Telemetry
Istio - Advanced routing
Istio - Security / Two way TLS
Istio Security - RBAC • Role based access control • Based on rules and for instance HTTP methods • ServiceRole (rule) • ServiceRoleBinding (assign role to set of nodes)
Istio gives you: • Telemetry • Security • Mutual TLS • Role based access control • Resilience • Circuit-breaker • Retry • Advanced routing
Demo
Overhead • Definitely not ‘free’, more parts in the system • Proxies are used for both inbound and outbound requests • A lot of effort going on to reduce overhead
Debugging • Debugging Envoy and Pilot (configuration) • Networking Issues • TLS issues • Envoy bouncing requests • …
Security • Many new parts of the system • Control plane components • Proxies • Envoys are everywhere • Role based access control
Istio • Telemetry • Security • Circuit-breaker • Retry • Advanced routing What you (want to) get What you (don’t want to) get • Overhead • Debugging • Security complexity
But are all service meshes equal? So we saw Istio…
Comparing Service Meshes Source: https://kubedex.com/istio-vs-linkerd-vs-linkerd2-vs-consul/ (Sept 2018)
https://smi-spec.io
Do I really need a service mesh?
Throwing more tech at the problem…
Do you want to configure, install and renew (mutual) TLS certificates across an entire set of applications?
Do you want to intercept and re-route network flows for: A/B testing, traffic shedding or failure tolerance (circuit breaking)?
Do you want tracing / visibility of application request flows within your micro-service network?
Should I just remove libraries from my apps?
Istio - Circuit breaking - DestinationRule
Istio - Circuit breaking - DestinationRule
Spring + Hystrix Circuit breaker fallback Note: Hystrix is deprecated and only used as an example
Spring + Hystrix Circuit breaker fallback Note: Hystrix is deprecated and only used as an example
Tracing
As an engineer you should still thinkabout these concerns
Key take-aways from this talk • A service mesh is a dedicated infra layer for service communication • Understand the why of using a service mesh • Understand the operational complexity, but also the benefits e.g. transparently adds cross-cutting concerns to a microservices architecture • Think about where you want to solve specific problems
“Please rate my talk in the official J-Fall app” #jfall

Recommended

Test-Driven Documentation for your REST(ful) service
Test-Driven Documentation for your REST(ful) serviceTest-Driven Documentation for your REST(ful) service
Test-Driven Documentation for your REST(ful) serviceJeroen Reijn
 
Hoe releasen minder pijnlijk werd bij de ANWB Alarmcentrale
Hoe releasen minder pijnlijk werd bij de ANWB AlarmcentraleHoe releasen minder pijnlijk werd bij de ANWB Alarmcentrale
Hoe releasen minder pijnlijk werd bij de ANWB AlarmcentraleJeroen Reijn
 
Continuous Delivery in a content centric world
Continuous Delivery in a content centric worldContinuous Delivery in a content centric world
Continuous Delivery in a content centric worldJeroen Reijn
 
Hippo CMS Integration Patterns
Hippo CMS Integration PatternsHippo CMS Integration Patterns
Hippo CMS Integration PatternsJeroen Reijn
 
Real-time visitor analysis with Couchbase and Elastichsearch
Real-time visitor analysis with Couchbase and ElastichsearchReal-time visitor analysis with Couchbase and Elastichsearch
Real-time visitor analysis with Couchbase and ElastichsearchJeroen Reijn
 
Shootout! Template engines for the JVM
Shootout! Template engines for the JVMShootout! Template engines for the JVM
Shootout! Template engines for the JVMJeroen Reijn
 
Hippo GetTogether: The architecture behind Hippos relevance platform
Hippo GetTogether: The architecture behind Hippos relevance platformHippo GetTogether: The architecture behind Hippos relevance platform
Hippo GetTogether: The architecture behind Hippos relevance platformJeroen Reijn
 
Building a relevance platform with Couchbase and Elasticsearch
Building a relevance platform with Couchbase and ElasticsearchBuilding a relevance platform with Couchbase and Elasticsearch
Building a relevance platform with Couchbase and ElasticsearchJeroen Reijn
 

Recommended

Test-Driven Documentation for your REST(ful) service
Test-Driven Documentation for your REST(ful) serviceTest-Driven Documentation for your REST(ful) service
Test-Driven Documentation for your REST(ful) serviceJeroen Reijn
 
Hoe releasen minder pijnlijk werd bij de ANWB Alarmcentrale
Hoe releasen minder pijnlijk werd bij de ANWB AlarmcentraleHoe releasen minder pijnlijk werd bij de ANWB Alarmcentrale
Hoe releasen minder pijnlijk werd bij de ANWB AlarmcentraleJeroen Reijn
 
Continuous Delivery in a content centric world
Continuous Delivery in a content centric worldContinuous Delivery in a content centric world
Continuous Delivery in a content centric worldJeroen Reijn
 
Hippo CMS Integration Patterns
Hippo CMS Integration PatternsHippo CMS Integration Patterns
Hippo CMS Integration PatternsJeroen Reijn
 
Real-time visitor analysis with Couchbase and Elastichsearch
Real-time visitor analysis with Couchbase and ElastichsearchReal-time visitor analysis with Couchbase and Elastichsearch
Real-time visitor analysis with Couchbase and ElastichsearchJeroen Reijn
 
Shootout! Template engines for the JVM
Shootout! Template engines for the JVMShootout! Template engines for the JVM
Shootout! Template engines for the JVMJeroen Reijn
 
Hippo GetTogether: The architecture behind Hippos relevance platform
Hippo GetTogether: The architecture behind Hippos relevance platformHippo GetTogether: The architecture behind Hippos relevance platform
Hippo GetTogether: The architecture behind Hippos relevance platformJeroen Reijn
 
Building a relevance platform with Couchbase and Elasticsearch
Building a relevance platform with Couchbase and ElasticsearchBuilding a relevance platform with Couchbase and Elasticsearch
Building a relevance platform with Couchbase and ElasticsearchJeroen Reijn
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Industrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptIndustrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptNarmatha D
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfRajuKanojiya4
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
DM Pillar Training Manual.ppt will be useful in deploying TPM in project
DM Pillar Training Manual.ppt will be useful in deploying TPM in projectDM Pillar Training Manual.ppt will be useful in deploying TPM in project
DM Pillar Training Manual.ppt will be useful in deploying TPM in projectssuserb6619e
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 
Ch10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfCh10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfChristianCDAM
 
home automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadhome automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadaditya806802
 
Configuration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentConfiguration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentBharaniDharan195623
 
Risk Management in Engineering Construction Project
Risk Management in Engineering Construction ProjectRisk Management in Engineering Construction Project
Risk Management in Engineering Construction ProjectErbil Polytechnic University
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
Internet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxInternet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxVelmuruganTECE
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the weldingMuhammadUzairLiaqat
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...Erbil Polytechnic University
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Industrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptIndustrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptNarmatha D
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfRajuKanojiya4
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
DM Pillar Training Manual.ppt will be useful in deploying TPM in project
DM Pillar Training Manual.ppt will be useful in deploying TPM in projectDM Pillar Training Manual.ppt will be useful in deploying TPM in project
DM Pillar Training Manual.ppt will be useful in deploying TPM in projectssuserb6619e
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 
Ch10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfCh10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfChristianCDAM
 
home automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadhome automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadaditya806802
 
Configuration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentConfiguration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentBharaniDharan195623
 
Risk Management in Engineering Construction Project
Risk Management in Engineering Construction ProjectRisk Management in Engineering Construction Project
Risk Management in Engineering Construction ProjectErbil Polytechnic University
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
Internet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxInternet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxVelmuruganTECE
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the weldingMuhammadUzairLiaqat
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...Erbil Polytechnic University
 

Recently uploaded (20)

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Industrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptIndustrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.ppt
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdf
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating System
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
DM Pillar Training Manual.ppt will be useful in deploying TPM in project
DM Pillar Training Manual.ppt will be useful in deploying TPM in projectDM Pillar Training Manual.ppt will be useful in deploying TPM in project
DM Pillar Training Manual.ppt will be useful in deploying TPM in project
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdf
 
Ch10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfCh10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdf
 
home automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadhome automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasad
 
Configuration of IoT devices - Systems managament
Configuration of IoT devices - Systems managamentConfiguration of IoT devices - Systems managament
Configuration of IoT devices - Systems managament
 
Risk Management in Engineering Construction Project
Risk Management in Engineering Construction ProjectRisk Management in Engineering Construction Project
Risk Management in Engineering Construction Project
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
Internet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxInternet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptx
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the welding
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

What's a service mesh and why do i need one?

  • 1. What’s a Service Mesh and why do I need one? Jeroen Reijn #jfall
  • 2. About me: • (Java) Programmer and architect • Big fan of the DevOps culture • Enjoys building cloud native solutions • Community member and emeritus committer at Apache Jeroen Reijn @jreijn /jeroenreijn
  • 4. Service mesh, ... istio, … service mesh
  • 5. Have you heard about a service mesh before? +
  • 6.
  • 7.
  • 8. So what is a ‘Service Mesh’ and what problem does it solve?
  • 9. “A service mesh is a dedicated infrastructure layer for handling service-to-service communication”
  • 10. Why a dedicated layer?
  • 12.
  • 15. The evolution of networking Computer BComputer A Service A Service B Networking Stack Networking Stack Business LogicBusiness Logic
  • 16. The evolution of networking Computer BComputer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Business Logic Flow control
  • 17. The evolution of networking Computer BComputer A Networking Stack Service A Service B Networking Stack Business Logic Flow control Business Logic Flow control
  • 18.
  • 19. The 8 Fallacies of Distributed Computing 1. The network is reliable 2. Latency is zero 3. Bandwidth is infinite 4. The network is secure 5. Topology doesn’t change 6. There is one administrator 7. Transport cost is zero 8. The network is homogeneous Composed by Peter Deutsch and his fellow engineers at Sun Microsystems
  • 20. Critical functions for microservices Fast, reliable & safe microservices microservice microservice microservice Routing Dynamic discovery Load balancing Resiliency Circuit breaking Retries Rate limiting Observability Metrics Logging Tracing Security Policy Enforcement
  • 21. Routing - Service discovery Registry client Registry clientRegistry client Registry client Registry clientRegistry client Registry client Registry clientRegistry client RegistryRegistry clientRegistry client Service A Service B Service C Service DService D Service AService A Service CService C Service BService B Service D Registry-aware HTTP client Service Registry
  • 23. Resilience - Cascading failure Service 1 Service 2 Service 3 Service 4
  • 24. The Circuit Breaker pattern “A service client should invoke a remote service via a ‘proxy’ that functions in a similar fashion to an electrical circuit breaker” https://microservices.io/patterns/reliability/circuit-breaker.html
  • 25. Circuit breaker Half Open Failure threshold exceeded Set breaker Failure threshold exceeded Set breaker Try reset after timeout Success Reset breaker Open Closed Success Fail (under threshold)
  • 26. Observability of your services Golden triangle of monitoring Metrics Logs Traces
  • 27. Security of microservices • OAuth / JWT Tokens • Mutual TLS / certificates
  • 28. Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
  • 29. Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control ??? ??? Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
  • 30. Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control Library Library Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
  • 32. Drawbacks of libraries • Glue linking the libraries: expensive • Limiting tools, runtimes, languages • Versioning hell • Teams should not forget to add them
  • 33. Computer B The evolution of networking Computer A Service A Service B Networking Stack Networking Stack Business Logic Flow control Flow control Library Library Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
  • 34. Computer B Service B The evolution of networking Computer A Service A Service B Networking Stack Service A Networking Stack Business Logic Flow control Library??? Flow control Library??? Circuit Breaker Service Discovery Business Logic Circuit Breaker Service Discovery Logs, metrics, traces Security Logs, metrics, traces Security
  • 35. Computer B Service B The evolution of networking Computer A Networking Stack Service A Networking Stack Business Logic Flow control ??? Circuit Breaker Service Discovery Logs, metrics, traces Security Proxy Flow control ??? Circuit Breaker Service Discovery Logs, metrics, traces Security Proxy Business Logic
  • 36. OSI Model Level 7 Application: Spring, Vertx, WFSwarm Level 6 Presentation: Json, XML Level 5 Session: Http 1/2, GRPC Level 4 Transport: TCP Level 1-3 Network (IP) / Data link / Physical From here To here
  • 37. Computer B Service B The evolution of networking Computer A Networking Stack Service A Networking Stack Business Logic Flow control Proxy Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Flow control Proxy Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Business Logic
  • 39. The evolution of networking
  • 40. Computer B Service D First generation service mesh Computer A Service A Proxy Proxy Service B Service C
  • 41. Second generation service mesh - Pods and sidecars • Container platforms • Kubernetes • Mesos Node Pod Pod Container Proxy Container Proxy
  • 42. Computer B Service B The evolution of networking Computer A Networking Stack Service A Networking Stack Business Logic Flow control Proxy Sidecar Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Flow control Proxy Sidecar Proxy Circuit Breaker Service Discovery Logs, metrics, traces Security Business Logic
  • 44. Controlling the service mesh Computer A Service A Networking Stack Business Logic Flow control Sidecar proxy Computer B Service B Networking Stack Business Logic Flow control Sidecar proxy Control plane
  • 45. The service mesh control plane Control plane
  • 47. Istio • An open platform to connect, monitor, and secure microservices • Introduced by Google, Lyft, IBM and others • Manages authentication, authorization, and encryption of communication between microservices • Logging, monitoring, and keeping services operational • Traffic management and policy control
  • 49. Envoy Proxy • Dynamic service discovery • Load balancing • TLS termination • HTTP/2 and gRPC proxies • Circuit breakers • Health checks • Staged rollouts with %-based traffic split • Fault injection • Rich metrics
  • 50. Istio - Proxy configuration YAML
  • 51. Istio - Discovery and Load-balancing
  • 52. Istio - Tracing • Automatic tracing of request • Asynchronous span reporting • Multiple backends • Zipkin • Jaeger
  • 54. Istio - Advanced routing
  • 55. Istio - Security / Two way TLS
  • 56. Istio Security - RBAC • Role based access control • Based on rules and for instance HTTP methods • ServiceRole (rule) • ServiceRoleBinding (assign role to set of nodes)
  • 57. Istio gives you: • Telemetry • Security • Mutual TLS • Role based access control • Resilience • Circuit-breaker • Retry • Advanced routing
  • 58. Demo
  • 59. Overhead • Definitely not ‘free’, more parts in the system • Proxies are used for both inbound and outbound requests • A lot of effort going on to reduce overhead
  • 60. Debugging • Debugging Envoy and Pilot (configuration) • Networking Issues • TLS issues • Envoy bouncing requests • …
  • 61. Security • Many new parts of the system • Control plane components • Proxies • Envoys are everywhere • Role based access control
  • 62. Istio • Telemetry • Security • Circuit-breaker • Retry • Advanced routing What you (want to) get What you (don’t want to) get • Overhead • Debugging • Security complexity
  • 63. But are all service meshes equal? So we saw Istio…
  • 64. Comparing Service Meshes Source: https://kubedex.com/istio-vs-linkerd-vs-linkerd2-vs-consul/ (Sept 2018)
  • 66. Do I really need a service mesh?
  • 67. Throwing more tech at the problem…
  • 68. Do you want to configure, install and renew (mutual) TLS certificates across an entire set of applications?
  • 69. Do you want to intercept and re-route network flows for: A/B testing, traffic shedding or failure tolerance (circuit breaking)?
  • 70. Do you want tracing / visibility of application request flows within your micro-service network?
  • 71. Should I just remove libraries from my apps?
  • 72. Istio - Circuit breaking - DestinationRule
  • 73. Istio - Circuit breaking - DestinationRule
  • 74. Spring + Hystrix Circuit breaker fallback Note: Hystrix is deprecated and only used as an example
  • 75. Spring + Hystrix Circuit breaker fallback Note: Hystrix is deprecated and only used as an example
  • 77. As an engineer you should still thinkabout these concerns
  • 78. Key take-aways from this talk • A service mesh is a dedicated infra layer for service communication • Understand the why of using a service mesh • Understand the operational complexity, but also the benefits e.g. transparently adds cross-cutting concerns to a microservices architecture • Think about where you want to solve specific problems
  • 79. “Please rate my talk in the official J-Fall app” #jfall