Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS re:Invent 2018

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fully Realizing the Microservices Vision
with Service Mesh
Arijit Mukherji
CTO
SignalFx
D E V 3 1 2 - S

In a beautiful dream future . . .
• Developers focus on core functionality
• No more reliance on tribal knowledge and out-of-date wiki pages
• Summer intern can run chaos experiments

Cloud
Containers
OSS
Microservices and cloud environments are complex

About me
• Monitoring and observability for 11+ years
• Architected, developed, managed
• Been a customer of monitoring services
• Currently CTO @ SignalFx
• Ring-side view to state of monitoring in enterprises
• Monitoring @ Facebook 2007-2013
• Original developer/member of FB’s ODS – Their metrics platform
11+

Agenda
How did we get here?
Realizing the potential of service mesh
SignalFx and service mesh
Takeaways
Service mesh risks and mitigations

• An infrastructure layer for service-to-service communication
• Makes communication visible, manageable, controlled
What is a service mesh?

Let’s say μ1 needs to communicate with μ2
μ1 μ2

They could talk directly by name/IP
μ1 μ2

Service discovery typically used to locate services
μ1 μ2

Service mesh adds an L7 proxy with each μ instance
μ1 μ2Proxy 1 Proxy 2

Service discovery handled in the proxy layer

Service mesh data plane
Data plane

Finally, put a ring on it – Policy layer to control proxies

Service mesh control plane
Control plane

Another way to view this

Policy engine = Target for expressing our intent

Common use cases
• What are some common uses of service mesh?

Common use cases
• Automatic retry on errors by protocol-aware proxy
• Circuit breaker – Stop sending calls to impaired/failed microservice instance

Common use cases
• Proxy acts as L7 load balancer

Common use cases
• Application-aware proxy + service discovery allows sophisticated routing
• For example, route requests based on customer, software version, and so on

Common use cases
• Authentication – Who can speak and to whom?
• Encryption – Transparently encrypt inter-microservice communication

Service mesh implementations
Usually coupled with Envoy proxy

Standardize on a simple architectural foundation
• Solves the problems associated with code libraries
• Binary proxy can be developed, deployed, and operated independently
• APIs instead of libraries – Exact same functionality for callers of all languages
• Provides a target for implementing policy-driven behavior

Proxy as a microservice and service discovery

Auto-generate and deploy policy-driven configs
• User configures intent centrally in policy engine
• Policy engine generates and pushes relevant configs to all proxies

Policy engine pushes configuration

Audit and enforce user intent continually
• Dynamically re-configure proxies with feedback based on operational state
• Feedback provided by monitoring/observability system

Adapt configuration based on feedback

The full picture – Feedback-driven closed loop

Feedback-driven dynamic policy is a key enabler
• Feedback will come from monitoring systems
• Service mesh will control far more than inter-service networking
• It will consolidate multiple different use cases under one umbrella
• Let us discuss a few of them
A. Code deployments B. Run-time behavior optimization
C. Testing D. Monitoring

Fully automated deploymentsA

Workflow for automated blue/green deployment
In future, this workflow can be fully automated end to end
Container orchestrators, CI/CD tools, monitoring systems will work in concert
A

Runtime behavior optimization
• If using standard protocols (such as HTTP), proxy can handle errors/retries
• Simplifies microservice codebase
• Makes error handling behavior centrally configurable
B

• Proxies maintain statistics on errors and latencies
• This telemetry is used by policy engine to determine healthy/unhealthy instances
• Impaired/failed instances automatically stop receiving new requests
B

• Prefer co-located targets while optimizing for network cost
• Prefer faster instances while optimizing for latency
• Changing behavior on the fly through configuration will be transformational
B

Testing – Chaos engineering
• Simulate failures or specific error conditions
• Artificially simulate high-latency conditions and other perf issues
• Simulate issues randomly or by host, geography, customer, and so on
C

• Run manual or automated tests and workflows without jeopardizing service health
• Feedback from monitoring system will inform tests and automation
• For example, determine if test passed/failed; stop experiment if service is
affected
Testing – Chaos engineeringC

Service mesh as a platform

Service mesh will evolve into a platform
• Standardization will lead to faster innovation
• Common platform => Faster development of new features
• Consolidation will lead to wider adoption of higher-order features
• Sophisticated functionality for all
• Unified platform => Fewer things to learn
• Higher quality services, more productive engineers

D

Service mesh will have a huge impact on monitoring
Metrics
Logs
APM
Most actionable – Visualize, alert, single-pane-of-glass view
Root cause analysis (RCA), forensics, security
Traditional APM giving way to distributed tracing in modern environments

Service mesh’s impact on monitoring
• Fix spotty adoption through auto-instrumentation of all communication
• Unified vendor-agnostic target for all telemetry (metrics, logs, traces)

• Fix uneven quality by standardized collection of all RED metrics, traces, and so on
• RED = Rates (calls/sec), Errors, Durations (call latencies)

Service mesh will consolidate monitoring
ProxyContainer
Application
Host agent

Standardized, high-quality telemetry will support feedback-based automation

Modern app & infra monitoring – What does it take?

Infrastructure monitoring requirements
• Support for diverse environments
• Today’s environments use 10s or 100s of technologies
• Auto-configuration of data collection
• Elastic/ephemeral environments require quick discovery
• High resolution
• Ephemerality, SLA requirements => Measure with fine grain

Application monitoring requirements
• Rich metadata and dimensionality
• Track by service, customer, version, and so on
• Consistent collection of key telemetry
• RED metrics (Rates/Errors/Durations)
• Transaction flows between microservices
• Infrastructure correlation
• Drilldown from application => Container => Host/instance

Monitoring platform requirements
• Scalability
• Handle high-res data from ‘000s of reporters
• Handle metadata churn of ephemeral environments
• Mutable metadata and flexible querying
• Reflect operational state of environment
• Slice/dice/filter/aggregate across any metadata
• Dependency-aware directed triage
• Use service dependencies, data science to help reduce MTTR

Analytics requirements
• High-cardinality analytics across full dataset
• Data silos prevent monitoring of KPIs across services
• Timely and interactive
• Auto-remediation requires real-time feedback to keep SLAs
• Operators need quick analytics during triage process
• Programmability and data science capabilities
• Integrate with infrastructure-as-code; for example, Terraform
• Predictive alerts to catch problems before an outage

About SignalFx
• Monitoring and operational intelligence for the cloud
• Only solution built on real-time streaming analytics architecture

• How best to support/monitor a cloud-native microservices world?
• SignalFx works everywhere but is optimized for modern environments
• Belief in open standards, easy instrumentation, and integrated toolsets
and service mesh

• Member of CNCF
• Integrating with service-mesh ecosystem for monitoring
and service mesh

supports telemetry from service mesh

Distributed tracing is now an integral part of the product
Mesh will lead to wider adoption of distributed tracing, and it will be combined with metrics
and service mesh

Microservices APM
Granular, Real-
time analytics
Open
instrumentation
• Complete flexibility
• No vendor lock-in
• No production overhead
• Observes every transaction
• Focus on what matter most
• Single pane-of-glass
• Correlated infrastructure and trace visibility
• Machine learning based prescriptive RCA
• Follow unique customer
• Historical trends at the span level
• Path-level insights
• Real-time – In seconds versus minutes
NoSample
architecture
Faster RCA, lower MTTR

infrastructure monitoring
• Support for diverse environments
• 150+ integrations, APIs, libraries
• Auto-configuring data collection
• Smart Agent does auto-discovery, can be a k8s sidecar
• High resolution
• One-second resolution

application monitoring
• Rich metadata and dimensionality
• True multi-dimensional data model. Automatic tag syncing
• Consistent collection of key telemetry
• Integrated with service mesh and open standards
• Infrastructure correlation
• Rich metadata enables correlating apps with infra

monitoring platform
• Large scale
• Horizontally scalable, many large enterprise customers
• Separate metadata DB scales independently
• Mutable metadata and flexible querying
• APIs to add color to dataset – Properties, tags
• Dependency-aware triage for low MTTR
• Transaction-flow-based dependency maps and navigation
• Cross links to other tools

SignalFlow analytics
• High-cardinality analytics across full dataset
• Core strength – for example, KPIs, per customer analytics &
alerting
• Timely and interactive
• The only streaming monitoring platform from ground up
• 2-3 second from data arrival => Alert or chart
• Programmability and data science capabilities
• Powerful analytics platform with data science built-in
• Fully programmable through APIs

Demo
Power of feedback-driven automation
Lower MTTR with integrated metrics and traces

Service mesh considerations
• Easy configuration => Easy to make big mistakes
• More systematic configuration testing and management will need to be adopted
• Large blast radius of problems involving proxy itself
• Gradual feedback-driven deployment workflows will reduce risk
• Security
• Will improve over time as more engineers get involved and solutions get hardened
• Higher API latency, more failure modes
• Usually not a big deal in the bigger scheme of things. Benefits far outweigh costs

Takeaways
• Addresses real use cases and challenges

Takeaways
• Policy-driven operations
• Simplified development
• Consolidation of multiple functions under one umbrella

Takeaways
• New software projects/companies should seriously consider it
• Nascent field – Plan ahead for yet-to-be-developed functionality

Takeaways
• What can service mesh do for you?

Booth 1613
@Venetian

Thank you!
Arijit Mukherji
arijit@signalfx.com
Booth 1613
@Venetian

Support for diverse environments

Flexible metadata and querying

Dependency maps from distributed traces

Powerful analytics

Integrated with external systems

Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS re:Invent 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS re:Invent 2018

Similar to Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS re:Invent 2018 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS re:Invent 2018