SlideShare a Scribd company logo

Comparison of Current Service Mesh Architectures

Mirantis
Mirantis

Learn the differences between Envoy, Istio, Conduit, Linkerd and other service meshes and their components. Watch the recording including demo at: https://info.mirantis.com/service-mesh-webinar

Technology
1 of 46
Download to read offline
2 Introduction Bruce Basil Mathews Sr. Solutions Architect at Mirantis Bruce has been a Senior Solutions Architect in the computer industry for 40+ years, working at multiple technology companies including Mirantis, HP, Oracle, Sun Microsystems and others. View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar
3 ● What is service mesh, its capabilities and benefits? ● Types of service mesh architectures ● Service meshes comparisons: features, visualization, performance ○ Open source ○ Commercial ● Service mesh pros and cons ● Demo ● Q&A Agenda
4 A service mesh is: ● A configurable infrastructure layer for a microservices application ● Makes communication between service instances flexible, reliable, and fast ● Provides a whole bunch of capabilities to relieve the developer from having to provide them each time uniquely. What is a Service Mesh?
5 ● Service Discovery - Allows the different services to “discover” each other when needed. The Kubernetes framework keeps a list of instances that are healthy and ready to receive requests. ● Load Balancing - Places the least busy instances at the top of the stack, so that busier instances can get the most service without starving the least busy instances’ needs. ● Encryption - Instead of having each of the services provide their own encryption/decryption, the service mesh can encrypt and decrypt requests and responses instead. ● Authentication and authorization. The service mesh can validate requests BEFORE they are sent to the service instances. ● Support for the circuit breaker pattern. The service mesh can support the circuit breaker pattern, which can stop requests from ever being sent to an unhealthy instance. We will discuss this specific feature later. What Capabilities Does a Service Mesh Provide?
6 The combined use of the features and capabilities listed on the previous slide provides the means for traffic shaping or QoS: ● Traffic shaping, (a.k.a. packet shaping), is a type of network bandwidth management for the manipulation and prioritization of network traffic to reduce the impact of heavy use cases from affecting other users. ● QoS provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices while capturing the telemetry of the traffic flow for prioritizing network traffic. Key Benefits of a Service Mesh
7 Circuit-breaking helps to guard against partial or total cascading network communication failures of application service instances by maintaining a status of the health and viability of each service instance: ● The Service Mesh’s circuit-breaker feature determines whether traffic should continue to be routed to a given service instance. NOTE: The application developer must determine what to do as a design consideration when the service instance has been marked as not accepting requests. Enterprises can create application features using modular software development across disparate teams of developers. ● Faster development, testing and deployment of applications. Key Benefits of a Service Mesh
8 Library ● Needed services are sitting in a Library that your microservices applications import and use. Node Agent ● The services are provided by a Node Agent or daemon. The daemon services all of the containers on a particular node/machine. Sidecar ● The services are provided in a Sidecar container that runs alongside your application container. Service Mesh Architectures
9 The Types of Service Mesh Architectures SMESH-ARCHS!
10 The Library Architecture Examples: Twitter Finagle Netflix Hystrix Netflix Ribbon Each of the microservices carries a copy of the library that contains all of the desired Service Mesh functions. The Library architectural approach was: ● The first architecture to be adopted ● Simplest method to implement ● Has some drawbacks in performance ● More difficult to maintain Separate copies are distributed with every microservice, which results in: ● Potential for version control issues in multi-cluster implementations ● Conflicting demand and performance is harder to determine and resolve quickly.
11 The Node Agent Architecture Examples: Linkerd/Conduit Consul The Node Agent architecture is easier to manage and maintain than the Library architecture: ● It distributes one copy of the configuration to each node, rather than one copy of the configuration to each pod on each node. In the Node Agent service mesh architecture, a separate agent is running on every worker node of a cluster: ● Node Agent, usually running in user process space, services the heterogeneous mix of workloads hosted on that worker node. ● This architectural model emphasizes work resource sharing. This method can provide a great deal more efficiency than the Library model, but leaves a door open for resource abuse. ● Resource requests for memory and other components can be demanded and fulfilled immediately, starving other microservices. It is left up to the application developer to play nicely with others.
12 The Sidecar Architecture Examples: Istio Aspen Mesh Sidecar is the latest method developed for service meshing: ● The Sidecar service mesh deploys one adjacent container for every application container. ● The sidecar container handles all the network traffic in and out of the application container. ● To eliminate the potential for a network based attack, the sidecar has the same privileges as the application to which it is attached. ● Most Sidecar implementations, founded on security best-practices, limit the scope of the authorities necessary to complete the required intercommunication and then end their own process. ● The Sidecar acts in closely secured proximity to the application, almost like a function call from a Library rather than having to traverse the network to an external Node Agent for each intercommunication.
13 Service Meshes to Compare SMESH-COMPS!
14 Open Source Offerings ● Envoy ● Istio ● Linkerd ● Linkerd2/Conduit Service Mesh Offerings for Kubernetes and Mesos Commercial Offerings ● Consul ● Aspen Mesh ● Kong Enterprise Mesh ● AWS App Mesh
15 Open Source Service Meshes OPS-SMESH!
16 Envoy’s Sidecar Architecture Envoy is a high performance C++ distributed proxy designed for single services and applications: ● Originally designed by Lyft ● Proxy architecture provides two key pieces missing in most stacks transitioning from legacy systems to a more Software Oriented Architecture (SOA.) ● Envoy’s two features: ○ Robust observability ○ Easy debugging ● Envoy uses gRPC bridge to unlock Python gevent clients But the primary focus of Envoy is raw PERFORMANCE! To do this, Envoy broke its threading model down into three categories: ● MAIN: The main thread coordinates all the most critical process functionality ● WORKER: Each worker thread spawned processes all IO for the connection’s it accepts for the lifetime of the connection ● FILE FLUSHER: Worker writes to files are buffered to memory and then physically written by the file flush process thread.
17 Istio’s Sidecar Architecture and Integration with Envoy Istio provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices in a multi-cluster scenario: ● Originally developed by Netflix, ● includes the capability of circuit-breaking to the app development process. ● Guards against partial or total cascading network communication failures by maintaining a status of the health and viability of all service instances ● Envoy is integrated as the backend proxy for Istio The Istio components and their functions are listed below: Control plane: ● Istio-Manager: provides routing rules & service discovery information to the Envoy proxies. ● Mixer: collects telemetry from each Envoy proxy and enforces access control policies. ● Istio-Auth: provides “service to service” and “user to service” authentication. This component also converts unencrypted traffic to TLS based traffic between services, as needed. Data plane: ● Envoy: a feature rich proxy managed by control plane components. Envoy intercepts traffic to and from the service, applying routing and access policies following the rules set in the control plane.
18 Linkerd 1.0 Node Agent/Sidecar Architecture In the per-host deployment model for Linkerd, one Linkerd instance is deployed per host (whether physical or virtual): ● Originally developed by Buoyant. ● All app service instances on that host route traffic through the single instance. ● This model is useful for deployments that are primarily host-based. ● Each service instance on the host can address its corresponding Linkerd instance at a fixed location (typically, localhost:4140) ● Eliminates the need for any significant client-side logic. ● Since this model requires high concurrency of Linkerd instances, a larger resource profile is usually appropriate. ● In this model, the loss of an individual Linkerd instance is equivalent to losing the host itself. Note: Could be implemented as either, but the weight of the Java engine was so heavy, it made it more resource effective as a node agent deployment.
19 Linkerd2 / Conduit Sidecar Architecture Linkerd 2 transitioned to deploying a sidecar methodology that eliminates the single point of failure per host. Linkerd 2 has three basic components: ● User Interface ● Control Plane ● Data Plane The control plane is made up of four components: ● Controller - In multiple containers ● Web - Dashboard for telemetry data display ● Prometheus - Telemetry data storage ● Grafana - Used to display the Dashboard The data plane consists of the sidecar Proxy processes injected into each Pod The Dashboard UI provides telemetry and QoS data for each service
20 Commercial Service Meshes COMMS-SMESH!
21 Consul Node Agent Architecture Consul is an ideal service to support control plane service mesh activities, whether you employ a “dumb pipe” or a “smart network”: ● Originally developed by Hashicorp ● The Consul architecture ensures it is highly available, and extends beyond a single data center. ● Consul provides service discovery for both Dumb Pipe and Smart Network scenarios. ● Applications can use Consul’s key-value store to store retries, timeouts and circuit breaking settings and request them when needed. ● The Consul K/V store can be used for persistent state storage such as network policies as well.
22 Aspen Mesh Sidecar Architecture & Integration with Istio Aspen Mesh is built on Istio and includes all the features you get with Istio plus: ● Intuitive UI ● Multi Cluster and Hybrid Cloud ● Analytics and Alerting ● Pre-configured Canary Testing ● Advanced Policy Management ● Isolated Management Platform with SLA ● A fully tested and hardened version ● Enterprise-level Support
23 Kong Enterprise Monolith, Microservice, Service Mesh, & Serverless Architecture kong Mesh Sidecar Architecture and Integration with Istio Kong Ingress Controller is a dynamic and highly available Ingress Controller which configures Kong using Ingress resources created in your Kubernetes cluster: ● Kong can configure plugins, load balancing, health checking on your services running in Kubernetes. ● Kong Ingress Controller is a Go application that listens to events from the API-server of your Kubernetes cluster ● The Ingress Controller sets up Kong to handle your configuration accordingly. You never have to configure Kong manually. ● The controller can configure any Kong cluster via a Kong node running either in a control-plane mode or running both, control and data planes. ● Kong's state is stored in Postgres or Cassandra. ○ The database should be deployed as a StatefulSet. ○ All Kong nodes in your Kubernetes cluster should be able to connect to it. ● If Kong is deployed in Control-plane and Data-plane mode, then Kong proxy can be scaled
24 AWS APP MESH Sidecar Architecture & Integration with Envoy AWS App Mesh is a service mesh based on the Envoy proxy that makes it easy to monitor and control microservices: ● App Mesh standardizes how your microservices communicate: End-to-end visibility ● Helps to ensure high-availability ● App Mesh is made up of the following components: ○ Service mesh ○ Virtual services ○ Virtual nodes ○ Envoy proxy ○ Virtual routers ○ Routes To use App Mesh, you must have an existing application running on AWS Fargate, Amazon ECS, Amazon EKS, Kubernetes on AWS, or Amazon EC2.
25 Comparing Service Mesh Features COMPS-SMESH!
26 ● Envoy ○ Low p99 tail latencies at scale when running under load, ○ Acts as a L3/L4 filter at its core with many L7 filters provided out of the box, ○ Support for gRPC, and HTTP/2 (upstream/downstream), ○ API-driven, dynamic configuration, hot reloads, ○ Strong focus on metric collection, tracing, and overall observability. ● Istio ○ Security features including identity, key management, and RBAC, ○ Fault injection, ○ Support for gRPC, HTTP/2, HTTP/1.x, WebSockets, and all TCP traffic, ○ Sophisticated policy, quota, and rate limiting, ○ Multi-platform, hybrid deployment. Some Service Mesh Feature Comparative Data
27 Linkerd was rewritten from Java to Rust - Data Plane / Go - Control plane about 1 ½ years ago. They are striving to reach feature parity between the two versions and are currently very close: Linkerd and Linkerd2/Conduit Features ○ Support for multiple platforms (Docker, Kubernetes, DC/OS, Amazon ECS, or any stand-alone machine), ○ Built-in service discovery abstractions to unite multiple systems, ○ Support for gRPC, HTTP/2, and HTTP/1.x requests + all TCP traffic. Some Service Mesh Feature Comparative Data (Continued) Note: Linkerd 2 is much faster than Linkerd as the Data Plane Proxy was rewritten in Rust. Conduit was folded into the Linkerd Project to form the basis for Linkerd 2! Conduit’s lightning-fast Rust proxies are ~10mb per instance, have sub-millisecond p99 latencies, and support HTTP/1.x, HTTP/2, and gRPC.
28 Linkerd 1 and Linkerd 2/Conduit Feature Comparison Linkerd 1.x (latest: 1.6.2.1) Linkerd 2.x (latest: 2.3) Theme Powerful, highly configurable, “industrial strength” Lightweight, minimalist, zero config Observability Automatic, non-aggregated Automatic, aggregated, live, per-path Reliability Load balancing, retries, circuit breaking Load balancing, retries, circuit breaking*, rate limiting* Security TLS, cert validation TLS, cert validation, cert management, policy enforcement* Protocol support HTTP/1.x, HTTP/2, gRPC, Thrift HTTP/1.x, HTTP/2, gRPC Installation Cluster-wide Per service, per namespace or cluster-wide (incremental) Resource footprint 100--150mb per proxy <10mb per proxy Latency introduced <5ms p99 <1ms p99 License, building blocks CNCF, Apache v2, Finagle, Netty, Scala CNCF, Apache v2, Rust, Go Supported platforms Kubernetes, DC/OS, Mesos, bare metal, ECS, ... Just Kubernetes… for now! (*roadmap)
29 ● Consul ○ Consul is a single binary providing both server and client capabilities ○ includes all functionality for service catalog ○ Includes configuration capabilities, TLS certificates, Authorization ○ Consul optionally supports external systems such as Vault to augment behavior ○ No additional systems are required to deploy Consul ● Aspen Mesh ○ Provides an intuitive UI that brings the most important information to the forefront ○ Easy-to-understand real-time status information ○ Allows for the display of multiple clusters in a single pane of glass ○ Helps the user to monitor their entire architecture in one place ○ Allows the user to sort, search and drill into individual services details Some Service Mesh Feature Comparative Data (Continued)
30 ● Kong Enterprise 1.0 ○ Engineers can make a change in a centralised location that will be reflected across multiple Kong clusters ○ Includes an implementation of the Plugin Development Kit (PDK) ○ All Kong plugins require a standard set of functionality, which the PDK provides out of the box ○ PDK based on the ngx_lua API ○ A Kong cluster deployment requires the installation of a Cassandra of PostgreSQL to act as the datastore ● AWS App Mesh ○ App Mesh separates the logic for monitoring and controlling communications into a proxy that manages all network traffic for each service ○ App Mesh uses the open source Envoy proxy to manage all traffic into and out of a service’s containers ○ Integrated with Amazon CloudWatch – monitoring & logging service for complete visibility of resources and applications. ○ Developers configure services to connect directly to each other instead of requiring code within the application or using a load balancer ○ App Mesh works with services managed by Amazon ECS, Amazon EKS, AWS Fargate, Kubernetes running on EC2, and services running directly on EC2 Some Service Mesh Feature Comparative Data (Continued)
31 Service Mesh Visualization SMESH-VIS!
32 Most Service Meshes use Prometheus with Grafana NOTE: Commercial offerings provide a greater variety of templates and statistics to choose from for traffic shaping analysis.
33 Comparing Service Mesh Performance PERF-SMESH!
34 ● Control Plane performance factors include: ○ The rate of deployment changes. ○ The rate of configuration changes. ○ The number of proxies connecting to the service gateway. ● Data Plane performance factors include: ○ Number of client connections ○ Target request rate ○ Request size and Response size ○ Number of proxy worker threads ○ Protocol ○ CPU cores ○ Number and types of proxy filters ● Benchmarking Tools: ○ fortio.org - a constant throughput load testing tool. ○ blueperf - a realistic cloud native application. Some Service Mesh Performance Factors
35 ● Load Balancing Throughput and Latency ○ One of the key features of a service mesh is to provide a load balancing capability. ○ Some of the more popular load balancers that can be integrated with the Service Meshes compared in this presentation are: ■ NGINX ■ HAProxy ■ Envoy ■ Traefik ■ Amazon Application Load Balancer (ALB) Some Service Mesh Comparative Performance Data
36 Load Balancer Requests-per-Second Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
37 Load Balancer Latency and Concurrency Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
38 Load Balancer CPU and Latency and Concurrency Performance Data - Disagreement Data found here: https://medium.com/@ihcsim/linkerd-2-0-and-istio-performance-benchmark-df290101c2bb The latency observed in the Linkerd2-meshed setup ranged from 11.0 ms to almost 14.0 ms. The latency observed in Istio-meshed setup ranged from 36.0 ms to 45.0 ms.
39 Consul vs Istio: ● https://www.consul.io/intro/vs/istio.html Consul vs Istio vs. Linkerd/Conduit: ● https://stackshare.io/stackups/consul-vs-istio-vs-linkerd Linkerd2/Conduit vs Istio: ● https://kinvolk.io/blog/2019/05/performance-benchmark-analysis-of-istio-and-linkerd/ ● https://glasnostic.com/blog/comparing-service-meshes-linkerd-vs-istio ● https://www.aquasec.com/wiki/display/containers/Linkerd+vs+Istio Additional Performance Data
40 Service Mesh Pros & Cons Pro-SMESH-Cons!
41 Service Meshes Architecture Pros and Cons Library Architecture Advantages: ● Resources are locally accounted for each and every service ● Self-service adoption for developers Disadvantages: ● Strong coupling is a significant drawback ● Non-uniform; upgrades are challenging in large environments Node Agent Architecture Advantages: ● Less overhead (especially memory) for things that could be shared across a node ● Easier to scale distribution of configuration information than it is with sidecar proxies (if you’re not using a control plane) ● This model is useful for deployments that are primarily physical or virtual server based. Good for large monolithic apps Disadvantages: ● Coarse support for encryption of service-to-service communication, instead host-to-host encryption and authentication policies ● Blast radius of a proxy failure includes all applications on the node, which is essentially equivalent to losing the node itself ● Not a transparent entity, services must be aware of its existence Sidecar Architecture Advantages: ● Granular encryption of service-to-service communication ● Can be gradually added to an existing cluster without central coordination ● App-to-sidecar communication is easier to secure than app-to-node proxy ● Resources consumed for a service are attributed to that service ● Blast radius of a proxy failure is limited to the sidecar app Disadvantages: ● Lack of central coordination. Difficult to scale operationally ● Sidecar footprint—per service overhead of running a service proxy sidecar
42 ● Istio was presented to the CNCF Technical Oversight Committee in November 2017. This represented an early step for the project to join CNCF. ○ We suspect they will become a full project member in 2019. ○ Linkerd is already a member of CNCF. ● There are both fully Open Source and Commercial implementations of Istio available ○ This will be a key to widespread adoption which will be key to the long-term success of Istio ● The following question will be answered in 2019: “What are the real world benefits I will receive by adopting service mesh as a standard?” ○ The answer will come from use cases stimulating adoption. Service Mesh Comparison Final Thoughts
43 Bottom Line: ● A service mesh will be mandatory by 2020 for any organization running microservices in production. ○ If you’re currently using a service mesh, you already know the value it brings. ○ If you’re considering using a service mesh, make sure you stay in tune with what is going on with this technology! ○ If your company has not yet decided on whether you need a service mesh or not, read the recent industry reports on microservices! Service Mesh Comparison Final Thoughts
44 Service Mesh Demo SMESH-Demo!
2019 | www.mirantis.com Training training.mirantis.com training.mirantis.com Service Mesh and Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day Microservices and Istio Bootcamp (IST100) New! Microservices security, resiliency and monitoring using Istio 2 days Istio Courses from Mirantis Training
46 Thank You Q&A View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar

Recommended

Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
Kunal Hire
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 

Recommended

Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
Kunal Hire
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
Red Hat
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service Mesh
Knoldus Inc.
 
Kubernetes Cluster vs Nodes vs Pods vs Containers Comparison
Kubernetes Cluster vs Nodes vs Pods vs Containers ComparisonKubernetes Cluster vs Nodes vs Pods vs Containers Comparison
Kubernetes Cluster vs Nodes vs Pods vs Containers Comparison
jeetendra mandal
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic Architecture
Paul Mooney
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services Architecture
Araf Karsh Hamid
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
rajdeep
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Araf Karsh Hamid
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Huy Vo
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
Joshua Costa
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
Amazon Web Services
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
tyrantbrian
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architecture
The Software House
 
Microservices Architecture - Bangkok 2018
Microservices Architecture - Bangkok 2018Microservices Architecture - Bangkok 2018
Microservices Architecture - Bangkok 2018
Araf Karsh Hamid
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
Amazon Web Services
 
Architecture: Microservices
Architecture: MicroservicesArchitecture: Microservices
Architecture: Microservices
Amazon Web Services
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice Frameworks
Mohammad Asif Siddiqui
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
WSO2
 

More Related Content

What's hot

Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
Red Hat
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service Mesh
Knoldus Inc.
 
Kubernetes Cluster vs Nodes vs Pods vs Containers Comparison
Kubernetes Cluster vs Nodes vs Pods vs Containers ComparisonKubernetes Cluster vs Nodes vs Pods vs Containers Comparison
Kubernetes Cluster vs Nodes vs Pods vs Containers Comparison
jeetendra mandal
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic Architecture
Paul Mooney
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services Architecture
Araf Karsh Hamid
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
rajdeep
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Araf Karsh Hamid
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Huy Vo
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
Joshua Costa
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
Amazon Web Services
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
tyrantbrian
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architecture
The Software House
 
Microservices Architecture - Bangkok 2018
Microservices Architecture - Bangkok 2018Microservices Architecture - Bangkok 2018
Microservices Architecture - Bangkok 2018
Araf Karsh Hamid
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
Amazon Web Services
 
Architecture: Microservices
Architecture: MicroservicesArchitecture: Microservices
Architecture: Microservices
Amazon Web Services
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 

What's hot (20)

Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service Mesh
 
Kubernetes Cluster vs Nodes vs Pods vs Containers Comparison
Kubernetes Cluster vs Nodes vs Pods vs Containers ComparisonKubernetes Cluster vs Nodes vs Pods vs Containers Comparison
Kubernetes Cluster vs Nodes vs Pods vs Containers Comparison
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!
 
Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic Architecture
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services Architecture
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architecture
 
Microservices Architecture - Bangkok 2018
Microservices Architecture - Bangkok 2018Microservices Architecture - Bangkok 2018
Microservices Architecture - Bangkok 2018
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Architecture: Microservices
Architecture: MicroservicesArchitecture: Microservices
Architecture: Microservices
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 

Similar to Comparison of Current Service Mesh Architectures

All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice Frameworks
Mohammad Asif Siddiqui
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
WSO2
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
apidays
 
Service-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdfService-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdf
chanhluc2112
 
Enterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices ArchitecturesEnterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices Architectures
Crishantha Nanayakkara
 
NECOS Objectives
NECOS ObjectivesNECOS Objectives
NECOS Objectives
ATMOSPHERE .
 
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
Christian Esteve Rothenberg
 
NECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMNECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUM
EUBrasilCloudFORUM .
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
CloudOps2005
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2
 
Necos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayNecos keynote UFRN Telecomday
Necos keynote UFRN Telecomday
Augusto Neto
 
Microservice Pattern Launguage
Microservice Pattern LaunguageMicroservice Pattern Launguage
Microservice Pattern Launguage
Inho Kang
 
Kenzan: Architecting for Microservices
Kenzan: Architecting for MicroservicesKenzan: Architecting for Microservices
Kenzan: Architecting for Microservices
Darren Bathgate
 
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
Jitendra Bafna
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
NGINX, Inc.
 
Microservices
MicroservicesMicroservices
Microservices
Ramesh (@Mavuluri)
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverable
Sarmad Ibrahim
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
Faren faren
 
Microservices Design Principles.pdf
Microservices Design Principles.pdfMicroservices Design Principles.pdf
Microservices Design Principles.pdf
Simform
 
Microservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration PatternsMicroservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration Patterns
Araf Karsh Hamid
 

Similar to Comparison of Current Service Mesh Architectures (20)

All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice Frameworks
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
Service-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdfService-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdf
 
Enterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices ArchitecturesEnterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices Architectures
 
NECOS Objectives
NECOS ObjectivesNECOS Objectives
NECOS Objectives
 
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
 
NECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMNECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUM
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice Architecture
 
Necos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayNecos keynote UFRN Telecomday
Necos keynote UFRN Telecomday
 
Microservice Pattern Launguage
Microservice Pattern LaunguageMicroservice Pattern Launguage
Microservice Pattern Launguage
 
Kenzan: Architecting for Microservices
Kenzan: Architecting for MicroservicesKenzan: Architecting for Microservices
Kenzan: Architecting for Microservices
 
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Microservices
MicroservicesMicroservices
Microservices
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverable
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 
Microservices Design Principles.pdf
Microservices Design Principles.pdfMicroservices Design Principles.pdf
Microservices Design Principles.pdf
 
Microservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration PatternsMicroservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration Patterns
 

More from Mirantis

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security Workshop
Mirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
Mirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge Cloud
Mirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
Mirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar Slides
Mirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Mirantis
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
Mirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
Mirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
Mirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Mirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
Mirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
Mirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
Mirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
Mirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
Mirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
Mirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 

More from Mirantis (20)

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security Workshop
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge Cloud
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar Slides
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStack
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

Comparison of Current Service Mesh Architectures

  • 1.
  • 2. 2 Introduction Bruce Basil Mathews Sr. Solutions Architect at Mirantis Bruce has been a Senior Solutions Architect in the computer industry for 40+ years, working at multiple technology companies including Mirantis, HP, Oracle, Sun Microsystems and others. View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar
  • 3. 3 ● What is service mesh, its capabilities and benefits? ● Types of service mesh architectures ● Service meshes comparisons: features, visualization, performance ○ Open source ○ Commercial ● Service mesh pros and cons ● Demo ● Q&A Agenda
  • 4. 4 A service mesh is: ● A configurable infrastructure layer for a microservices application ● Makes communication between service instances flexible, reliable, and fast ● Provides a whole bunch of capabilities to relieve the developer from having to provide them each time uniquely. What is a Service Mesh?
  • 5. 5 ● Service Discovery - Allows the different services to “discover” each other when needed. The Kubernetes framework keeps a list of instances that are healthy and ready to receive requests. ● Load Balancing - Places the least busy instances at the top of the stack, so that busier instances can get the most service without starving the least busy instances’ needs. ● Encryption - Instead of having each of the services provide their own encryption/decryption, the service mesh can encrypt and decrypt requests and responses instead. ● Authentication and authorization. The service mesh can validate requests BEFORE they are sent to the service instances. ● Support for the circuit breaker pattern. The service mesh can support the circuit breaker pattern, which can stop requests from ever being sent to an unhealthy instance. We will discuss this specific feature later. What Capabilities Does a Service Mesh Provide?
  • 6. 6 The combined use of the features and capabilities listed on the previous slide provides the means for traffic shaping or QoS: ● Traffic shaping, (a.k.a. packet shaping), is a type of network bandwidth management for the manipulation and prioritization of network traffic to reduce the impact of heavy use cases from affecting other users. ● QoS provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices while capturing the telemetry of the traffic flow for prioritizing network traffic. Key Benefits of a Service Mesh
  • 7. 7 Circuit-breaking helps to guard against partial or total cascading network communication failures of application service instances by maintaining a status of the health and viability of each service instance: ● The Service Mesh’s circuit-breaker feature determines whether traffic should continue to be routed to a given service instance. NOTE: The application developer must determine what to do as a design consideration when the service instance has been marked as not accepting requests. Enterprises can create application features using modular software development across disparate teams of developers. ● Faster development, testing and deployment of applications. Key Benefits of a Service Mesh
  • 8. 8 Library ● Needed services are sitting in a Library that your microservices applications import and use. Node Agent ● The services are provided by a Node Agent or daemon. The daemon services all of the containers on a particular node/machine. Sidecar ● The services are provided in a Sidecar container that runs alongside your application container. Service Mesh Architectures
  • 9. 9 The Types of Service Mesh Architectures SMESH-ARCHS!
  • 10. 10 The Library Architecture Examples: Twitter Finagle Netflix Hystrix Netflix Ribbon Each of the microservices carries a copy of the library that contains all of the desired Service Mesh functions. The Library architectural approach was: ● The first architecture to be adopted ● Simplest method to implement ● Has some drawbacks in performance ● More difficult to maintain Separate copies are distributed with every microservice, which results in: ● Potential for version control issues in multi-cluster implementations ● Conflicting demand and performance is harder to determine and resolve quickly.
  • 11. 11 The Node Agent Architecture Examples: Linkerd/Conduit Consul The Node Agent architecture is easier to manage and maintain than the Library architecture: ● It distributes one copy of the configuration to each node, rather than one copy of the configuration to each pod on each node. In the Node Agent service mesh architecture, a separate agent is running on every worker node of a cluster: ● Node Agent, usually running in user process space, services the heterogeneous mix of workloads hosted on that worker node. ● This architectural model emphasizes work resource sharing. This method can provide a great deal more efficiency than the Library model, but leaves a door open for resource abuse. ● Resource requests for memory and other components can be demanded and fulfilled immediately, starving other microservices. It is left up to the application developer to play nicely with others.
  • 12. 12 The Sidecar Architecture Examples: Istio Aspen Mesh Sidecar is the latest method developed for service meshing: ● The Sidecar service mesh deploys one adjacent container for every application container. ● The sidecar container handles all the network traffic in and out of the application container. ● To eliminate the potential for a network based attack, the sidecar has the same privileges as the application to which it is attached. ● Most Sidecar implementations, founded on security best-practices, limit the scope of the authorities necessary to complete the required intercommunication and then end their own process. ● The Sidecar acts in closely secured proximity to the application, almost like a function call from a Library rather than having to traverse the network to an external Node Agent for each intercommunication.
  • 13. 13 Service Meshes to Compare SMESH-COMPS!
  • 14. 14 Open Source Offerings ● Envoy ● Istio ● Linkerd ● Linkerd2/Conduit Service Mesh Offerings for Kubernetes and Mesos Commercial Offerings ● Consul ● Aspen Mesh ● Kong Enterprise Mesh ● AWS App Mesh
  • 16. 16 Envoy’s Sidecar Architecture Envoy is a high performance C++ distributed proxy designed for single services and applications: ● Originally designed by Lyft ● Proxy architecture provides two key pieces missing in most stacks transitioning from legacy systems to a more Software Oriented Architecture (SOA.) ● Envoy’s two features: ○ Robust observability ○ Easy debugging ● Envoy uses gRPC bridge to unlock Python gevent clients But the primary focus of Envoy is raw PERFORMANCE! To do this, Envoy broke its threading model down into three categories: ● MAIN: The main thread coordinates all the most critical process functionality ● WORKER: Each worker thread spawned processes all IO for the connection’s it accepts for the lifetime of the connection ● FILE FLUSHER: Worker writes to files are buffered to memory and then physically written by the file flush process thread.
  • 17. 17 Istio’s Sidecar Architecture and Integration with Envoy Istio provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices in a multi-cluster scenario: ● Originally developed by Netflix, ● includes the capability of circuit-breaking to the app development process. ● Guards against partial or total cascading network communication failures by maintaining a status of the health and viability of all service instances ● Envoy is integrated as the backend proxy for Istio The Istio components and their functions are listed below: Control plane: ● Istio-Manager: provides routing rules & service discovery information to the Envoy proxies. ● Mixer: collects telemetry from each Envoy proxy and enforces access control policies. ● Istio-Auth: provides “service to service” and “user to service” authentication. This component also converts unencrypted traffic to TLS based traffic between services, as needed. Data plane: ● Envoy: a feature rich proxy managed by control plane components. Envoy intercepts traffic to and from the service, applying routing and access policies following the rules set in the control plane.
  • 18. 18 Linkerd 1.0 Node Agent/Sidecar Architecture In the per-host deployment model for Linkerd, one Linkerd instance is deployed per host (whether physical or virtual): ● Originally developed by Buoyant. ● All app service instances on that host route traffic through the single instance. ● This model is useful for deployments that are primarily host-based. ● Each service instance on the host can address its corresponding Linkerd instance at a fixed location (typically, localhost:4140) ● Eliminates the need for any significant client-side logic. ● Since this model requires high concurrency of Linkerd instances, a larger resource profile is usually appropriate. ● In this model, the loss of an individual Linkerd instance is equivalent to losing the host itself. Note: Could be implemented as either, but the weight of the Java engine was so heavy, it made it more resource effective as a node agent deployment.
  • 19. 19 Linkerd2 / Conduit Sidecar Architecture Linkerd 2 transitioned to deploying a sidecar methodology that eliminates the single point of failure per host. Linkerd 2 has three basic components: ● User Interface ● Control Plane ● Data Plane The control plane is made up of four components: ● Controller - In multiple containers ● Web - Dashboard for telemetry data display ● Prometheus - Telemetry data storage ● Grafana - Used to display the Dashboard The data plane consists of the sidecar Proxy processes injected into each Pod The Dashboard UI provides telemetry and QoS data for each service
  • 21. 21 Consul Node Agent Architecture Consul is an ideal service to support control plane service mesh activities, whether you employ a “dumb pipe” or a “smart network”: ● Originally developed by Hashicorp ● The Consul architecture ensures it is highly available, and extends beyond a single data center. ● Consul provides service discovery for both Dumb Pipe and Smart Network scenarios. ● Applications can use Consul’s key-value store to store retries, timeouts and circuit breaking settings and request them when needed. ● The Consul K/V store can be used for persistent state storage such as network policies as well.
  • 22. 22 Aspen Mesh Sidecar Architecture & Integration with Istio Aspen Mesh is built on Istio and includes all the features you get with Istio plus: ● Intuitive UI ● Multi Cluster and Hybrid Cloud ● Analytics and Alerting ● Pre-configured Canary Testing ● Advanced Policy Management ● Isolated Management Platform with SLA ● A fully tested and hardened version ● Enterprise-level Support
  • 23. 23 Kong Enterprise Monolith, Microservice, Service Mesh, & Serverless Architecture kong Mesh Sidecar Architecture and Integration with Istio Kong Ingress Controller is a dynamic and highly available Ingress Controller which configures Kong using Ingress resources created in your Kubernetes cluster: ● Kong can configure plugins, load balancing, health checking on your services running in Kubernetes. ● Kong Ingress Controller is a Go application that listens to events from the API-server of your Kubernetes cluster ● The Ingress Controller sets up Kong to handle your configuration accordingly. You never have to configure Kong manually. ● The controller can configure any Kong cluster via a Kong node running either in a control-plane mode or running both, control and data planes. ● Kong's state is stored in Postgres or Cassandra. ○ The database should be deployed as a StatefulSet. ○ All Kong nodes in your Kubernetes cluster should be able to connect to it. ● If Kong is deployed in Control-plane and Data-plane mode, then Kong proxy can be scaled
  • 24. 24 AWS APP MESH Sidecar Architecture & Integration with Envoy AWS App Mesh is a service mesh based on the Envoy proxy that makes it easy to monitor and control microservices: ● App Mesh standardizes how your microservices communicate: End-to-end visibility ● Helps to ensure high-availability ● App Mesh is made up of the following components: ○ Service mesh ○ Virtual services ○ Virtual nodes ○ Envoy proxy ○ Virtual routers ○ Routes To use App Mesh, you must have an existing application running on AWS Fargate, Amazon ECS, Amazon EKS, Kubernetes on AWS, or Amazon EC2.
  • 26. 26 ● Envoy ○ Low p99 tail latencies at scale when running under load, ○ Acts as a L3/L4 filter at its core with many L7 filters provided out of the box, ○ Support for gRPC, and HTTP/2 (upstream/downstream), ○ API-driven, dynamic configuration, hot reloads, ○ Strong focus on metric collection, tracing, and overall observability. ● Istio ○ Security features including identity, key management, and RBAC, ○ Fault injection, ○ Support for gRPC, HTTP/2, HTTP/1.x, WebSockets, and all TCP traffic, ○ Sophisticated policy, quota, and rate limiting, ○ Multi-platform, hybrid deployment. Some Service Mesh Feature Comparative Data
  • 27. 27 Linkerd was rewritten from Java to Rust - Data Plane / Go - Control plane about 1 ½ years ago. They are striving to reach feature parity between the two versions and are currently very close: Linkerd and Linkerd2/Conduit Features ○ Support for multiple platforms (Docker, Kubernetes, DC/OS, Amazon ECS, or any stand-alone machine), ○ Built-in service discovery abstractions to unite multiple systems, ○ Support for gRPC, HTTP/2, and HTTP/1.x requests + all TCP traffic. Some Service Mesh Feature Comparative Data (Continued) Note: Linkerd 2 is much faster than Linkerd as the Data Plane Proxy was rewritten in Rust. Conduit was folded into the Linkerd Project to form the basis for Linkerd 2! Conduit’s lightning-fast Rust proxies are ~10mb per instance, have sub-millisecond p99 latencies, and support HTTP/1.x, HTTP/2, and gRPC.
  • 28. 28 Linkerd 1 and Linkerd 2/Conduit Feature Comparison Linkerd 1.x (latest: 1.6.2.1) Linkerd 2.x (latest: 2.3) Theme Powerful, highly configurable, “industrial strength” Lightweight, minimalist, zero config Observability Automatic, non-aggregated Automatic, aggregated, live, per-path Reliability Load balancing, retries, circuit breaking Load balancing, retries, circuit breaking*, rate limiting* Security TLS, cert validation TLS, cert validation, cert management, policy enforcement* Protocol support HTTP/1.x, HTTP/2, gRPC, Thrift HTTP/1.x, HTTP/2, gRPC Installation Cluster-wide Per service, per namespace or cluster-wide (incremental) Resource footprint 100--150mb per proxy <10mb per proxy Latency introduced <5ms p99 <1ms p99 License, building blocks CNCF, Apache v2, Finagle, Netty, Scala CNCF, Apache v2, Rust, Go Supported platforms Kubernetes, DC/OS, Mesos, bare metal, ECS, ... Just Kubernetes… for now! (*roadmap)
  • 29. 29 ● Consul ○ Consul is a single binary providing both server and client capabilities ○ includes all functionality for service catalog ○ Includes configuration capabilities, TLS certificates, Authorization ○ Consul optionally supports external systems such as Vault to augment behavior ○ No additional systems are required to deploy Consul ● Aspen Mesh ○ Provides an intuitive UI that brings the most important information to the forefront ○ Easy-to-understand real-time status information ○ Allows for the display of multiple clusters in a single pane of glass ○ Helps the user to monitor their entire architecture in one place ○ Allows the user to sort, search and drill into individual services details Some Service Mesh Feature Comparative Data (Continued)
  • 30. 30 ● Kong Enterprise 1.0 ○ Engineers can make a change in a centralised location that will be reflected across multiple Kong clusters ○ Includes an implementation of the Plugin Development Kit (PDK) ○ All Kong plugins require a standard set of functionality, which the PDK provides out of the box ○ PDK based on the ngx_lua API ○ A Kong cluster deployment requires the installation of a Cassandra of PostgreSQL to act as the datastore ● AWS App Mesh ○ App Mesh separates the logic for monitoring and controlling communications into a proxy that manages all network traffic for each service ○ App Mesh uses the open source Envoy proxy to manage all traffic into and out of a service’s containers ○ Integrated with Amazon CloudWatch – monitoring & logging service for complete visibility of resources and applications. ○ Developers configure services to connect directly to each other instead of requiring code within the application or using a load balancer ○ App Mesh works with services managed by Amazon ECS, Amazon EKS, AWS Fargate, Kubernetes running on EC2, and services running directly on EC2 Some Service Mesh Feature Comparative Data (Continued)
  • 32. 32 Most Service Meshes use Prometheus with Grafana NOTE: Commercial offerings provide a greater variety of templates and statistics to choose from for traffic shaping analysis.
  • 34. 34 ● Control Plane performance factors include: ○ The rate of deployment changes. ○ The rate of configuration changes. ○ The number of proxies connecting to the service gateway. ● Data Plane performance factors include: ○ Number of client connections ○ Target request rate ○ Request size and Response size ○ Number of proxy worker threads ○ Protocol ○ CPU cores ○ Number and types of proxy filters ● Benchmarking Tools: ○ fortio.org - a constant throughput load testing tool. ○ blueperf - a realistic cloud native application. Some Service Mesh Performance Factors
  • 35. 35 ● Load Balancing Throughput and Latency ○ One of the key features of a service mesh is to provide a load balancing capability. ○ Some of the more popular load balancers that can be integrated with the Service Meshes compared in this presentation are: ■ NGINX ■ HAProxy ■ Envoy ■ Traefik ■ Amazon Application Load Balancer (ALB) Some Service Mesh Comparative Performance Data
  • 36. 36 Load Balancer Requests-per-Second Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
  • 37. 37 Load Balancer Latency and Concurrency Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
  • 38. 38 Load Balancer CPU and Latency and Concurrency Performance Data - Disagreement Data found here: https://medium.com/@ihcsim/linkerd-2-0-and-istio-performance-benchmark-df290101c2bb The latency observed in the Linkerd2-meshed setup ranged from 11.0 ms to almost 14.0 ms. The latency observed in Istio-meshed setup ranged from 36.0 ms to 45.0 ms.
  • 39. 39 Consul vs Istio: ● https://www.consul.io/intro/vs/istio.html Consul vs Istio vs. Linkerd/Conduit: ● https://stackshare.io/stackups/consul-vs-istio-vs-linkerd Linkerd2/Conduit vs Istio: ● https://kinvolk.io/blog/2019/05/performance-benchmark-analysis-of-istio-and-linkerd/ ● https://glasnostic.com/blog/comparing-service-meshes-linkerd-vs-istio ● https://www.aquasec.com/wiki/display/containers/Linkerd+vs+Istio Additional Performance Data
  • 40. 40 Service Mesh Pros & Cons Pro-SMESH-Cons!
  • 41. 41 Service Meshes Architecture Pros and Cons Library Architecture Advantages: ● Resources are locally accounted for each and every service ● Self-service adoption for developers Disadvantages: ● Strong coupling is a significant drawback ● Non-uniform; upgrades are challenging in large environments Node Agent Architecture Advantages: ● Less overhead (especially memory) for things that could be shared across a node ● Easier to scale distribution of configuration information than it is with sidecar proxies (if you’re not using a control plane) ● This model is useful for deployments that are primarily physical or virtual server based. Good for large monolithic apps Disadvantages: ● Coarse support for encryption of service-to-service communication, instead host-to-host encryption and authentication policies ● Blast radius of a proxy failure includes all applications on the node, which is essentially equivalent to losing the node itself ● Not a transparent entity, services must be aware of its existence Sidecar Architecture Advantages: ● Granular encryption of service-to-service communication ● Can be gradually added to an existing cluster without central coordination ● App-to-sidecar communication is easier to secure than app-to-node proxy ● Resources consumed for a service are attributed to that service ● Blast radius of a proxy failure is limited to the sidecar app Disadvantages: ● Lack of central coordination. Difficult to scale operationally ● Sidecar footprint—per service overhead of running a service proxy sidecar
  • 42. 42 ● Istio was presented to the CNCF Technical Oversight Committee in November 2017. This represented an early step for the project to join CNCF. ○ We suspect they will become a full project member in 2019. ○ Linkerd is already a member of CNCF. ● There are both fully Open Source and Commercial implementations of Istio available ○ This will be a key to widespread adoption which will be key to the long-term success of Istio ● The following question will be answered in 2019: “What are the real world benefits I will receive by adopting service mesh as a standard?” ○ The answer will come from use cases stimulating adoption. Service Mesh Comparison Final Thoughts
  • 43. 43 Bottom Line: ● A service mesh will be mandatory by 2020 for any organization running microservices in production. ○ If you’re currently using a service mesh, you already know the value it brings. ○ If you’re considering using a service mesh, make sure you stay in tune with what is going on with this technology! ○ If your company has not yet decided on whether you need a service mesh or not, read the recent industry reports on microservices! Service Mesh Comparison Final Thoughts
  • 45. 2019 | www.mirantis.com Training training.mirantis.com training.mirantis.com Service Mesh and Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day Microservices and Istio Bootcamp (IST100) New! Microservices security, resiliency and monitoring using Istio 2 days Istio Courses from Mirantis Training
  • 46. 46 Thank You Q&A View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar