SlideShare a Scribd company logo

I hear you like meshes, here’s a mesh to connect your meshes

Download as PPTX, PDF
All Things Open
All Things Open

Presented at: All Things Open 2019 Presented by: John Joyce, Cisco

Technology
1 of 38
Istio with Network Service Mesh Speaker: John Joyce email: joycej@cisco.com
What you will see • Two open source projects - Istio and Network Service Mesh working together • Network Service Mesh will be used to connect two clusters • Network Service Mesh enables sophisticated layer 2 and 3 network configuration and options • Istio will be used to layer an Application Service Mesh on top of the Network Service Mesh orchestrated connectivity • Istio enables sophisticated layer 7 functionality • Result is application request routing across the extended Service Mesh
Why should you care • NSM provides a framework to offload complex hybrid cloud requirements • In hybrid cloud environments each cloud or domain has very different requirements on layer 2 & 3 setup and protocols supported. • SecOPs and NetOPs teams enforce complex requirements to allow applications to communicate in hybrid environments • NSM allows these requirements to be fulfilled in a cloud native way • Istio provides a framework to off-load many application level tasks • Security • Retries • Logging & tracing • Application developer is unencumbered from both layer 2 & 3 requirements and layer 7 requirements and can focus on business logic
Network Service Mesh (NSM) Intro
What is Network Service Mesh • A CNCF Sandbox project - https://networkservicemesh.io/ • Network Service Mesh (NSM) is a novel approach to solving complicated L2/L3 use cases in Kubernetes • Provides the following properties to networking in Kubernetes • Heterogeneous network configurations • Exotic protocols • Tunneling as a first-class citizen • Networking context as a first-class citizen • Policy-driven service function chaining (SFC) • On-demand, dynamic, negotiated connections • Main goal is to provide ability to insert network functions between workloads in a cloud native way.
Node(Network Service Manager Domain) Network Service Mesh Dataplane (NSMD) (kernel/vswitch) App Pod (w/ NSC client) App Pod (w/ NSC client) ... Network Service Endpoint (NSE) (Pod) Network Service Endpoint (NSE) (Pod) ... ... Kubernetes API Server (Network Service Registry via CRDs) Network Service Manager (NSM) (Daemonset) Node(Network Service Manager Domain) Network Service Manager (NSM) (Daemonset) Network Service Mesh Dataplane (NSMD) (kernel/vswitch) App Pod (w/ NSC client) ... App Pod (w/ NSC client) ... Network Service Endpoint (NSE) (Pod) Network Service Endpoint (NSE) (Pod) Network Service Mesh Architecture Components Network Service Domain
NSM Value Proposition vWireWorkload NSE function and implementation can be defined outside of NSM project NSM can stich arbitrary network functions between workloads vWire WorkloadvWire NSE DPI vWire NSE (router) NSE FW Different Vwire choices for both intra and inter cluster connections NSM supports both intra-cluster and inter-cluster connections
Service Mesh Intro (or Application Service Mesh)
10 What is a Service Mesh Gateway /Ingress External Requests Business Logic2 Web UI Accounts Database Billing Database Business Logic1 Proxy More completely referred to as Application Service Mesh Wiki Definition - A mesh of proxies • Infrastructure layer for secure service-to-service communication • Supports numerous service to service API formats (HTTP 1/2, gRPC, TCP, UDP) • Can inspect API transactions at Layer 7 or layer 3/4. • Intelligent routing rules can be applied between endpoints • Supports advance policy, logging and telemetry Proxy Proxy Proxy Proxy
Service Mesh Offerings • Numerous Service Mesh offerings available in the market • Different proxies or dataplanes • Envoy • eBPF (via Cilium) • FD.io • Others and non-open source • Different control planes for the proxies • Istio – Apache License • Linkerd – CNCF • Cilium • Others and non-open source
Istio Architecture (https://istio.io/docs/concepts/what-is-istio/arch.svg)
Install Istio & NSM
Application Service Mesh Layered on top of Network Service Mesh
NSM + vL3 NSE creates a vL3 topology vWires Workload Work load to NSE vWire Ex. kernel intf - NSM dataplane – kernel Intf NSE – NSE vwire Ex. vxlan NSM stiches components together with vWires Various options are supported vWires Workload vWires Workload NSE (router) NSE (router) NSE (router)
Istio on top of NSM vWires Workload vWires Istio Control Plane* Envoy * Different Istio deployment models can be supported. This Demo installs a control plane on each cluster vWires WorkloadEnvoy WorkloadEnvoy NSE (router) NSE (router) NSE (router)
NSM FD.io dataplane vL3 NSE vL3 NSE NSM fd.io dataplane Istio layered on top of NSM vl3 App container App Pod App container App Pod K8s Cluster 2K8s Cluster 1 App container App Pod App container App Pod NS Dataplane NSMgr NS Registry nsmmgr vL3 NSE control NSM init NSMgr NS Registry nsmmgr vL3 NSE control NSM init NS Dataplane FD.io FD.io FD.ioEnvoy Sidecar Envoy Sidecar FD.io Istio Control Plane Istio Control Plane External Service Registry Envoy Sidecar Envoy Sidecar Base Application Data Plane NSM Control Plane Istio Control Plane
Istio layered on top of NSM vl3 – complete view NSMgr NS Registry FD.io NS Dataplane nsmmgr NSM FD.io dataplane vL3 NSE control FD.io vL3 NSE NSM init App container App Pod NSM init App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control FD.io vL3 NSE K8s Cluster 2K8s Cluster 1 NSM Control App Data Istio Control Envoy Sidecar NSM init App container App Pod NSM init App container App Pod Envoy Sidecar Istio Control Plane Istio Control Plane External Service Registry FD.io NS Dataplane NSM fd.io dataplane SVC discover
NSM Extensibility foo NS Dataplane NSM Foo dataplane vL3 NSE NSM init App container App Pod NSM init App container App Pod Bar NSE Dataplane vL3 NSE K8s Cluster 2K8s Cluster 1 NSM init App container App Pod NSM init App container App Pod foo NS Dataplane NSM foo dataplane NSM Project allows NSE details to be opaque NSM allows any dataplane implementation Bar NSE Dataplane
Pod connection details Application Pod Application Container Envoy Sidecar Network Service Client NSM Service Traffic K8s service & endpoint traffic All app traffic redirected to Envoy Envoy has SVC and EP data for both NSM and non-NSM services CNI Interface NSM Managed Interface IPtablesRoute
Service Registration and Discovery K8s Cluster App Container Istio Pilot External Registry Service Discovery Controller Implemented as a KIND cluster Via Multicluster Config App Pod
TCP? Redirect to proxy NAT Prerouting chain Dest port = App Port? TCP? NAT Output chain Owner == proxy? Proxy Route App TCP? NAT Output chain Owner != proxy? dest != localhost ? Included IP CIDR Redirect to proxy iptables / ip6tables context DNS packets TCP/HTTP packets How Envoy directs packets Pod Interface Layer CNI Managed IF NSM Managed IF Routes to NSM IF injected by NSM Routes to CNI IF by default Route
Demo Details
Install App Pods and Network Service Endpoints
Demo sequence 1. Deploy the Istio control plane 1. Deploy all the essential Istio components on 2 clusters 2. Configure Istio to insert Envoy proxies in front of all application workloads and configure Envoy 3. The Istio service mesh will be layered on top of the NSM vL3 Inter-domain connectivity 2. Deploy NSM Control components to create the necessary vWires and NSE discovery 3. Deploy Network Service Endpoints (NSEs) to provide the L3 networking foundation Istio requires 4. Populate a service registry 1. Based the application deployment graph mapping to the NSM assigned network addressing 2. Use Istio multicluster to allow Istio to learn the service graph 3. Envoy provided the service mappings (via the Istio control plane) 5. Show app level service mesh connectivity 1. Load-Balancing 2. Canary deployments etc.
Demo Dataplane Topology helloworld NSE (router) vWires NSE (router) Application Service Mesh helloworld helloworld helloworld Cluster 1 Cluster 2 All Helloworld Apps can reach each other via NSM interface IP or cluster IP Once Envoy has mesh configururation
Current state • Four helloworld apps deployed. Two on each Cluster. • The pods are inter-connected via NSM and pingable • The service mesh for the helloworld service and endpoint has not been populated. • Can only access the local helloworld Instance
Install Controller to Populate External Service Registry
Final state • A controller on each node has been started • That controller watches for NSM related pod events • The controller has populated the service and endpoints in an external registry (KIND cluster) • Istio Pilot is watching that registry via Multicluster configuration • Istio Pilot has populated the Envoy sidecar with the service mesh topology • Now all the helloworld endpoints are available to each other • Envoy will load balance across all the endpoints if cluster IP used
Questions & Answers
References • NSM • https://networkservicemesh.io/ • https://github.com/networkservicemesh/networkservicemesh • https://github.com/networkservicemesh/examples • Istio • https://istio.io/ • https://github.com/istio/istio • https://github.com/istio/cni • Demo Material • https://github.com/john-a-joyce/nsm-istio • https://github.com/tiswanso/networkservicemesh • https://github.com/john-a-joyce/examples • https://github.com/tiswanso/examples • Contact me: • Slack – Active on both Istio and NSM communities • Email: joycej@cisco.com
Backup Slides
Service Registration Details apiVersion: v1 kind: Pod metadata: creationTimestamp: "2019-09-24T14:01:27Z" generateName: helloworld-v1-5bc5c999d6- labels: app: helloworld nsm/servicename: helloworld nsm/serviceport: "5000" pod-template-hash: 5bc5c999d6 version: v1 Service Discovery Controller (New) Create service helloworld RegistryCreate Endpoint IP = PodIP Port = nsm/serviceport Pod Numerous implementation options
Istio - vL3 Control Plane Only NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE NSM init App container App Pod NSM init App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE K8s Cluster 2K8s Cluster 1 NSM Control App Data Istio Control NSM init App container App Pod NSM init App container App Pod Envoy Sidecar Istio Control Plane Istio Control Plane External Service Registry SVC discover
Istio - vL3 Control Plane Only NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE NSM init App container App Pod App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE K8s Cluster 2K8s Cluster 1 NSM Control App Data Istio Control NSM init App container App Pod NSM init App container App Pod Istio Control Plane Istio Control Plane External Service Registry SVC discover
NSM FD.io dataplane vL3 NSE vL3 NSE NSM fd.io dataplane Istio layered on top of NSM vl3 NS Dataplane App container App Pod App container App Pod K8s Cluster 2K8s Cluster 1 NSM Control App container App Pod App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control NSM init NSMgr NS Registry nsmmgr vL3 NSE control NSM init NS Dataplane FD.io FD.io FD.ioEnvoy Sidecar Envoy Sidecar FD.io Istio Control Plane Istio Control Plane External Service Registry App Data Istio Control SVC discover
NSM vL3 Dataplane only view FD.io NS Dataplane NSM FD.io dataplane FD.io vL3 NSE NSM init App container App Pod App container App Pod FD.io vL3 NSE K8s Cluster 2K8s Cluster 1 Envoy Sidecar NSM init App container App Pod App container App Pod Envoy Sidecar FD.io NS Dataplane NSM fd.io dataplane
Service Registration and Discovery K8s Cluster CoreDNS Server App Container Istio Pilot External Registry Service Discovery Controller Implemented as a KIND cluster Via Multicluster Config App Pod Local server Fwd. to Ext. Registry
Pod connection details Application Pod Application Container K8s CNI managed Interface Envoy Sidecar Network Service Client NSM managed interfaces NSM Service Traffic Non-NSM Traffic All app traffic redirected to Envoy Pilot K8s API Server External Service Registry Envoy has SVC and EP data for both NSM and non-NSM services

Recommended

Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
DragonFlow sdn based distributed virtual router for openstack neutron
DragonFlow sdn based distributed virtual router for openstack neutronDragonFlow sdn based distributed virtual router for openstack neutron
DragonFlow sdn based distributed virtual router for openstack neutronEran Gampel
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
 
OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Securing & Enforcing Network Policy and Encryption with Weave Net
Securing & Enforcing Network Policy and Encryption with Weave NetSecuring & Enforcing Network Policy and Encryption with Weave Net
Securing & Enforcing Network Policy and Encryption with Weave NetLuke Marsden
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
 

Recommended

Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
DragonFlow sdn based distributed virtual router for openstack neutron
DragonFlow sdn based distributed virtual router for openstack neutronDragonFlow sdn based distributed virtual router for openstack neutron
DragonFlow sdn based distributed virtual router for openstack neutronEran Gampel
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
 
OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Securing & Enforcing Network Policy and Encryption with Weave Net
Securing & Enforcing Network Policy and Encryption with Weave NetSecuring & Enforcing Network Policy and Encryption with Weave Net
Securing & Enforcing Network Policy and Encryption with Weave NetLuke Marsden
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
 
OpenStack Tokyo Talk Application Data Protection Service
OpenStack Tokyo Talk Application Data Protection ServiceOpenStack Tokyo Talk Application Data Protection Service
OpenStack Tokyo Talk Application Data Protection ServiceEran Gampel
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes CoreOS
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftDaniel Krook
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...Cloud Native Day Tel Aviv
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Nati Shalom
 
How to install and use Kubernetes
How to install and use KubernetesHow to install and use Kubernetes
How to install and use KubernetesLuke Marsden
 
VXLAN Practice Guide
VXLAN Practice GuideVXLAN Practice Guide
VXLAN Practice GuidePrasenjit Sarkar
 
OpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMOpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMRomana Project
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
How and why we got Prometheus working with Docker Swarm
How and why we got Prometheus working with Docker SwarmHow and why we got Prometheus working with Docker Swarm
How and why we got Prometheus working with Docker SwarmLuke Marsden
 
MidoNet deep dive
MidoNet deep diveMidoNet deep dive
MidoNet deep diveTaku Fukushima
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PROIDEA
 
Kubernetes on open stack
Kubernetes on open stackKubernetes on open stack
Kubernetes on open stackNaveen Joy
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
OpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsOpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsThomas Morin
 
Docker networking
Docker networkingDocker networking
Docker networkinglakshman kumar Vit.Lakshman
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowMyNOG
 
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..Trinath Somanchi
 

More Related Content

What's hot

OpenStack Tokyo Talk Application Data Protection Service
OpenStack Tokyo Talk Application Data Protection ServiceOpenStack Tokyo Talk Application Data Protection Service
OpenStack Tokyo Talk Application Data Protection ServiceEran Gampel
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes CoreOS
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftDaniel Krook
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...Cloud Native Day Tel Aviv
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Nati Shalom
 
How to install and use Kubernetes
How to install and use KubernetesHow to install and use Kubernetes
How to install and use KubernetesLuke Marsden
 
OpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMOpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMRomana Project
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
How and why we got Prometheus working with Docker Swarm
How and why we got Prometheus working with Docker SwarmHow and why we got Prometheus working with Docker Swarm
How and why we got Prometheus working with Docker SwarmLuke Marsden
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PROIDEA
 
Kubernetes on open stack
Kubernetes on open stackKubernetes on open stack
Kubernetes on open stackNaveen Joy
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
OpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsOpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsThomas Morin
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 

What's hot (20)

OpenStack Tokyo Talk Application Data Protection Service
OpenStack Tokyo Talk Application Data Protection ServiceOpenStack Tokyo Talk Application Data Protection Service
OpenStack Tokyo Talk Application Data Protection Service
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
 
How to install and use Kubernetes
How to install and use KubernetesHow to install and use Kubernetes
How to install and use Kubernetes
 
VXLAN Practice Guide
VXLAN Practice GuideVXLAN Practice Guide
VXLAN Practice Guide
 
OpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMOpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAM
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on Linux
 
How and why we got Prometheus working with Docker Swarm
How and why we got Prometheus working with Docker SwarmHow and why we got Prometheus working with Docker Swarm
How and why we got Prometheus working with Docker Swarm
 
MidoNet deep dive
MidoNet deep diveMidoNet deep dive
MidoNet deep dive
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...
 
Kubernetes on open stack
Kubernetes on open stackKubernetes on open stack
Kubernetes on open stack
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
 
OpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsOpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnections
 
Docker networking
Docker networkingDocker networking
Docker networking
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 

Similar to I hear you like meshes, here’s a mesh to connect your meshes

Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowMyNOG
 
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..Trinath Somanchi
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
ONOS-Based VIM Implementation
ONOS-Based VIM ImplementationONOS-Based VIM Implementation
ONOS-Based VIM ImplementationOPNFV
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksMohammad Asif Siddiqui
 
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...Jitendra Bafna
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric OverviewMichelle Holley
 
Support your modern distributed microservices applications using VMware Tanzu...
Support your modern distributed microservices applications using VMware Tanzu...Support your modern distributed microservices applications using VMware Tanzu...
Support your modern distributed microservices applications using VMware Tanzu...Principled Technologies
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Ajeet Singh Raina
 
NodeJS guide for beginners
NodeJS guide for beginnersNodeJS guide for beginners
NodeJS guide for beginnersEnoch Joshua
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
Openstack_administration
Openstack_administrationOpenstack_administration
Openstack_administrationAshish Sharma
 
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...NETWAYS
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Demystifying OpenStack for NFV
Demystifying OpenStack for NFVDemystifying OpenStack for NFV
Demystifying OpenStack for NFVTrinath Somanchi
 

Similar to I hear you like meshes, here’s a mesh to connect your meshes (20)

Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid Chow
 
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..
OpenStack Collaboration made in heaven with Heat, Mistral, Neutron and more..
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
ONOS-Based VIM Implementation
ONOS-Based VIM ImplementationONOS-Based VIM Implementation
ONOS-Based VIM Implementation
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
 
All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice Frameworks
 
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
 
Introduction to ns3
Introduction to ns3Introduction to ns3
Introduction to ns3
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
Support your modern distributed microservices applications using VMware Tanzu...
Support your modern distributed microservices applications using VMware Tanzu...Support your modern distributed microservices applications using VMware Tanzu...
Support your modern distributed microservices applications using VMware Tanzu...
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
 
NodeJS guide for beginners
NodeJS guide for beginnersNodeJS guide for beginners
NodeJS guide for beginners
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
 
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX BoxesCloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
 
Openstack_administration
Openstack_administrationOpenstack_administration
Openstack_administration
 
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
 
Demystifying OpenStack for NFV
Demystifying OpenStack for NFVDemystifying OpenStack for NFV
Demystifying OpenStack for NFV
 
NECOS Objectives
NECOS ObjectivesNECOS Objectives
NECOS Objectives
 

More from All Things Open

Building Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityBuilding Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityAll Things Open
 
Modern Database Best Practices
Modern Database Best PracticesModern Database Best Practices
Modern Database Best PracticesAll Things Open
 
Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public PolicyAll Things Open
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...All Things Open
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashAll Things Open
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptAll Things Open
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?All Things Open
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractAll Things Open
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlowAll Things Open
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and SuccessAll Things Open
 
Scaling Web Applications with Background
Scaling Web Applications with BackgroundScaling Web Applications with Background
Scaling Web Applications with BackgroundAll Things Open
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblyAll Things Open
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksAll Things Open
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptAll Things Open
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramAll Things Open
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceAll Things Open
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamAll Things Open
 
Sudo – Giving access while staying in control
Sudo – Giving access while staying in controlSudo – Giving access while staying in control
Sudo – Giving access while staying in controlAll Things Open
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsAll Things Open
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
 

More from All Things Open (20)

Building Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityBuilding Reliability - The Realities of Observability
Building Reliability - The Realities of Observability
 
Modern Database Best Practices
Modern Database Best PracticesModern Database Best Practices
Modern Database Best Practices
 
Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public Policy
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScript
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart Contract
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and Success
 
Scaling Web Applications with Background
Scaling Web Applications with BackgroundScaling Web Applications with Background
Scaling Web Applications with Background
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssembly
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in Haystacks
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit Intercept
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship Program
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open Source
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache Beam
 
Sudo – Giving access while staying in control
Sudo – Giving access while staying in controlSudo – Giving access while staying in control
Sudo – Giving access while staying in control
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

I hear you like meshes, here’s a mesh to connect your meshes

  • 1. Istio with Network Service Mesh Speaker: John Joyce email: joycej@cisco.com
  • 2. What you will see • Two open source projects - Istio and Network Service Mesh working together • Network Service Mesh will be used to connect two clusters • Network Service Mesh enables sophisticated layer 2 and 3 network configuration and options • Istio will be used to layer an Application Service Mesh on top of the Network Service Mesh orchestrated connectivity • Istio enables sophisticated layer 7 functionality • Result is application request routing across the extended Service Mesh
  • 3. Why should you care • NSM provides a framework to offload complex hybrid cloud requirements • In hybrid cloud environments each cloud or domain has very different requirements on layer 2 & 3 setup and protocols supported. • SecOPs and NetOPs teams enforce complex requirements to allow applications to communicate in hybrid environments • NSM allows these requirements to be fulfilled in a cloud native way • Istio provides a framework to off-load many application level tasks • Security • Retries • Logging & tracing • Application developer is unencumbered from both layer 2 & 3 requirements and layer 7 requirements and can focus on business logic
  • 5. What is Network Service Mesh • A CNCF Sandbox project - https://networkservicemesh.io/ • Network Service Mesh (NSM) is a novel approach to solving complicated L2/L3 use cases in Kubernetes • Provides the following properties to networking in Kubernetes • Heterogeneous network configurations • Exotic protocols • Tunneling as a first-class citizen • Networking context as a first-class citizen • Policy-driven service function chaining (SFC) • On-demand, dynamic, negotiated connections • Main goal is to provide ability to insert network functions between workloads in a cloud native way.
  • 6. Node(Network Service Manager Domain) Network Service Mesh Dataplane (NSMD) (kernel/vswitch) App Pod (w/ NSC client) App Pod (w/ NSC client) ... Network Service Endpoint (NSE) (Pod) Network Service Endpoint (NSE) (Pod) ... ... Kubernetes API Server (Network Service Registry via CRDs) Network Service Manager (NSM) (Daemonset) Node(Network Service Manager Domain) Network Service Manager (NSM) (Daemonset) Network Service Mesh Dataplane (NSMD) (kernel/vswitch) App Pod (w/ NSC client) ... App Pod (w/ NSC client) ... Network Service Endpoint (NSE) (Pod) Network Service Endpoint (NSE) (Pod) Network Service Mesh Architecture Components Network Service Domain
  • 7. NSM Value Proposition vWireWorkload NSE function and implementation can be defined outside of NSM project NSM can stich arbitrary network functions between workloads vWire WorkloadvWire NSE DPI vWire NSE (router) NSE FW Different Vwire choices for both intra and inter cluster connections NSM supports both intra-cluster and inter-cluster connections
  • 8. Service Mesh Intro (or Application Service Mesh)
  • 9. 10 What is a Service Mesh Gateway /Ingress External Requests Business Logic2 Web UI Accounts Database Billing Database Business Logic1 Proxy More completely referred to as Application Service Mesh Wiki Definition - A mesh of proxies • Infrastructure layer for secure service-to-service communication • Supports numerous service to service API formats (HTTP 1/2, gRPC, TCP, UDP) • Can inspect API transactions at Layer 7 or layer 3/4. • Intelligent routing rules can be applied between endpoints • Supports advance policy, logging and telemetry Proxy Proxy Proxy Proxy
  • 10. Service Mesh Offerings • Numerous Service Mesh offerings available in the market • Different proxies or dataplanes • Envoy • eBPF (via Cilium) • FD.io • Others and non-open source • Different control planes for the proxies • Istio – Apache License • Linkerd – CNCF • Cilium • Others and non-open source
  • 13. Application Service Mesh Layered on top of Network Service Mesh
  • 14. NSM + vL3 NSE creates a vL3 topology vWires Workload Work load to NSE vWire Ex. kernel intf - NSM dataplane – kernel Intf NSE – NSE vwire Ex. vxlan NSM stiches components together with vWires Various options are supported vWires Workload vWires Workload NSE (router) NSE (router) NSE (router)
  • 15. Istio on top of NSM vWires Workload vWires Istio Control Plane* Envoy * Different Istio deployment models can be supported. This Demo installs a control plane on each cluster vWires WorkloadEnvoy WorkloadEnvoy NSE (router) NSE (router) NSE (router)
  • 16. NSM FD.io dataplane vL3 NSE vL3 NSE NSM fd.io dataplane Istio layered on top of NSM vl3 App container App Pod App container App Pod K8s Cluster 2K8s Cluster 1 App container App Pod App container App Pod NS Dataplane NSMgr NS Registry nsmmgr vL3 NSE control NSM init NSMgr NS Registry nsmmgr vL3 NSE control NSM init NS Dataplane FD.io FD.io FD.ioEnvoy Sidecar Envoy Sidecar FD.io Istio Control Plane Istio Control Plane External Service Registry Envoy Sidecar Envoy Sidecar Base Application Data Plane NSM Control Plane Istio Control Plane
  • 17. Istio layered on top of NSM vl3 – complete view NSMgr NS Registry FD.io NS Dataplane nsmmgr NSM FD.io dataplane vL3 NSE control FD.io vL3 NSE NSM init App container App Pod NSM init App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control FD.io vL3 NSE K8s Cluster 2K8s Cluster 1 NSM Control App Data Istio Control Envoy Sidecar NSM init App container App Pod NSM init App container App Pod Envoy Sidecar Istio Control Plane Istio Control Plane External Service Registry FD.io NS Dataplane NSM fd.io dataplane SVC discover
  • 18. NSM Extensibility foo NS Dataplane NSM Foo dataplane vL3 NSE NSM init App container App Pod NSM init App container App Pod Bar NSE Dataplane vL3 NSE K8s Cluster 2K8s Cluster 1 NSM init App container App Pod NSM init App container App Pod foo NS Dataplane NSM foo dataplane NSM Project allows NSE details to be opaque NSM allows any dataplane implementation Bar NSE Dataplane
  • 19. Pod connection details Application Pod Application Container Envoy Sidecar Network Service Client NSM Service Traffic K8s service & endpoint traffic All app traffic redirected to Envoy Envoy has SVC and EP data for both NSM and non-NSM services CNI Interface NSM Managed Interface IPtablesRoute
  • 20. Service Registration and Discovery K8s Cluster App Container Istio Pilot External Registry Service Discovery Controller Implemented as a KIND cluster Via Multicluster Config App Pod
  • 21. TCP? Redirect to proxy NAT Prerouting chain Dest port = App Port? TCP? NAT Output chain Owner == proxy? Proxy Route App TCP? NAT Output chain Owner != proxy? dest != localhost ? Included IP CIDR Redirect to proxy iptables / ip6tables context DNS packets TCP/HTTP packets How Envoy directs packets Pod Interface Layer CNI Managed IF NSM Managed IF Routes to NSM IF injected by NSM Routes to CNI IF by default Route
  • 23. Install App Pods and Network Service Endpoints
  • 24. Demo sequence 1. Deploy the Istio control plane 1. Deploy all the essential Istio components on 2 clusters 2. Configure Istio to insert Envoy proxies in front of all application workloads and configure Envoy 3. The Istio service mesh will be layered on top of the NSM vL3 Inter-domain connectivity 2. Deploy NSM Control components to create the necessary vWires and NSE discovery 3. Deploy Network Service Endpoints (NSEs) to provide the L3 networking foundation Istio requires 4. Populate a service registry 1. Based the application deployment graph mapping to the NSM assigned network addressing 2. Use Istio multicluster to allow Istio to learn the service graph 3. Envoy provided the service mappings (via the Istio control plane) 5. Show app level service mesh connectivity 1. Load-Balancing 2. Canary deployments etc.
  • 25. Demo Dataplane Topology helloworld NSE (router) vWires NSE (router) Application Service Mesh helloworld helloworld helloworld Cluster 1 Cluster 2 All Helloworld Apps can reach each other via NSM interface IP or cluster IP Once Envoy has mesh configururation
  • 26. Current state • Four helloworld apps deployed. Two on each Cluster. • The pods are inter-connected via NSM and pingable • The service mesh for the helloworld service and endpoint has not been populated. • Can only access the local helloworld Instance
  • 27. Install Controller to Populate External Service Registry
  • 28. Final state • A controller on each node has been started • That controller watches for NSM related pod events • The controller has populated the service and endpoints in an external registry (KIND cluster) • Istio Pilot is watching that registry via Multicluster configuration • Istio Pilot has populated the Envoy sidecar with the service mesh topology • Now all the helloworld endpoints are available to each other • Envoy will load balance across all the endpoints if cluster IP used
  • 30. References • NSM • https://networkservicemesh.io/ • https://github.com/networkservicemesh/networkservicemesh • https://github.com/networkservicemesh/examples • Istio • https://istio.io/ • https://github.com/istio/istio • https://github.com/istio/cni • Demo Material • https://github.com/john-a-joyce/nsm-istio • https://github.com/tiswanso/networkservicemesh • https://github.com/john-a-joyce/examples • https://github.com/tiswanso/examples • Contact me: • Slack – Active on both Istio and NSM communities • Email: joycej@cisco.com
  • 32. Service Registration Details apiVersion: v1 kind: Pod metadata: creationTimestamp: "2019-09-24T14:01:27Z" generateName: helloworld-v1-5bc5c999d6- labels: app: helloworld nsm/servicename: helloworld nsm/serviceport: "5000" pod-template-hash: 5bc5c999d6 version: v1 Service Discovery Controller (New) Create service helloworld RegistryCreate Endpoint IP = PodIP Port = nsm/serviceport Pod Numerous implementation options
  • 33. Istio - vL3 Control Plane Only NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE NSM init App container App Pod NSM init App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE K8s Cluster 2K8s Cluster 1 NSM Control App Data Istio Control NSM init App container App Pod NSM init App container App Pod Envoy Sidecar Istio Control Plane Istio Control Plane External Service Registry SVC discover
  • 34. Istio - vL3 Control Plane Only NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE NSM init App container App Pod App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control vL3 NSE K8s Cluster 2K8s Cluster 1 NSM Control App Data Istio Control NSM init App container App Pod NSM init App container App Pod Istio Control Plane Istio Control Plane External Service Registry SVC discover
  • 35. NSM FD.io dataplane vL3 NSE vL3 NSE NSM fd.io dataplane Istio layered on top of NSM vl3 NS Dataplane App container App Pod App container App Pod K8s Cluster 2K8s Cluster 1 NSM Control App container App Pod App container App Pod NSMgr NS Registry nsmmgr vL3 NSE control NSM init NSMgr NS Registry nsmmgr vL3 NSE control NSM init NS Dataplane FD.io FD.io FD.ioEnvoy Sidecar Envoy Sidecar FD.io Istio Control Plane Istio Control Plane External Service Registry App Data Istio Control SVC discover
  • 36. NSM vL3 Dataplane only view FD.io NS Dataplane NSM FD.io dataplane FD.io vL3 NSE NSM init App container App Pod App container App Pod FD.io vL3 NSE K8s Cluster 2K8s Cluster 1 Envoy Sidecar NSM init App container App Pod App container App Pod Envoy Sidecar FD.io NS Dataplane NSM fd.io dataplane
  • 37. Service Registration and Discovery K8s Cluster CoreDNS Server App Container Istio Pilot External Registry Service Discovery Controller Implemented as a KIND cluster Via Multicluster Config App Pod Local server Fwd. to Ext. Registry
  • 38. Pod connection details Application Pod Application Container K8s CNI managed Interface Envoy Sidecar Network Service Client NSM managed interfaces NSM Service Traffic Non-NSM Traffic All app traffic redirected to Envoy Pilot K8s API Server External Service Registry Envoy has SVC and EP data for both NSM and non-NSM services

Editor's Notes

  1. Config distribution has not been fleshed out overall. We need to deal with push vs. pull, and staged rollout.
  2. Iptables/ip6tables context == k8s pod or VM or BM