The document outlines a presentation on NGINX's journey to implementing a service mesh using a microservices architecture, detailing the benefits and components of microservices, including the fabric model and NGINX's orchestration implementations. It introduces key concepts like service discovery, load balancing, and the differences between various service mesh architectures, such as Istio and Linkerd. The agenda covers NGINX's history, product roadmap, and provides insights into building and deploying microservices using NGINX Plus.

1. NGINX MRA AMA #9:
Ingenious: The Journey to Service Mesh
Using a Microservices Demo App
1

2. MORE INFORMATION AT
NGINX.COM
Who Are We?
Charles Pretzer
Technical Architect
Formerly:
- Software architecture consultant
- Engineering lead at Zinio, StyleHive,
others
Floyd Smith
Director, Content Marketing
Formerly:
- Apple, Alta Vista, Google, and more
- Author of multiple books on technology
including web, marketing, usability

3. MORE INFORMATION AT
NGINX.COM
Agenda
1. Introducing NGINX
2. Microservices and Service Mesh Definitions
3. Ingenious: Why We Built It
4. Fabric Model and the NGINX Microservices Network
Architectures
5. A Peek Under the Hood
6. Demo
7. Building a Service Mesh
8. Q & A
3 3

4. 4
Introducing NGINX
1

5. MORE INFORMATION AT
NGINX.COM
About NGINX, Inc.
• NGINX OSS released 2003
• NGINX Plus first released in 2013
• NGINX, Inc. is VC-backed by leading investors in enterprise
software
• Offices in SF, Sunnyvale, Singapore, Cork, Cambridge, & Moscow
• 1,200+ commercial customers
• 180+ employees

6. >50%of the top 100,000
busiest websites
6Source: W3Techs Web Technology Survey

7. Internet
Web Server
Serve content from disk
Application Gateway
FastCGI, uWSGI,
Passenger…
Reverse Proxy
Caching, load balancing…
HTTP traffic
Where NGINX Plus Fits

8. MORE INFORMATION AT
NGINX.COM
Public/Private/Hybrid CloudBare Metal Containers
8
NGINX Plus Works in All Environments

9. MORE INFORMATION AT
NGINX.COM
NGINX Products and Roadmap
• Start with Gus Robertson keynote at nginx.conf 2017
• See Owen Garrett’s Roadmap presentation….
• …and Chris and Rachael’s Controller demo
• Also, Chris Richardson series, Intro to Microservices…
• …and Chris Stetson series, NGINX MRA
• …and much more; contact Sales for free evaluation

10. Ingenious: The Microservice
Reference Architecture

11. Microservices

12. ● Services in a microservice architecture (MSA) are often processes that communicate
with each other over a network in order to fulfill a goal using technology-agnostic
protocols such as HTTP. However, services might also use other kinds of
inter-process communication mechanisms such as shared memory. Services might
also run within the same process as, for example, OSGI bundles.
● Services in a microservice architecture should be independently deployable.
● The services are easy to replace.
● Services are organized around capabilities, e.g., user interface front-end,
recommendation, logistics, billing, etc.
● Services can be implemented using different programming languages, databases,
hardware and software environment, depending on what fits best.
● Services are small in size, messaging enabled, bounded by contexts, autonomously
developed, independently deployable, decentralized and built and released with
automated processes.
What is a Microservice?
?
source: https://en.wikipedia.org/wiki/Microservices

13. ● A group of microservice components working together
in order to provide full application functionality.
What is a Microservice Architecture?
A
B
D
C
E

14. Service Mesh

15. Data Plane
● Authentication and Authorization
● Health Checking
● Routing
○ Uses security policies set by the Control
Plane
● Load Balancing
● Service Discovery
● Observability

16. Control Plane
● Configures and coordinates the
individual sidecars in the data plane
● Set security policy
● Scheduler
○ Service Discovery of scheduled services

17. Ingenious

18. ● Seven distinct services written in
different languages comprising a
single application
● Release 1 uses the Fabric Model
○ Uses persistent SSL connections to
enforce TLS between services
● Quick Start:
○ https://github.com/nginxinc/mra-inge
nious
Ingenious

19. Orchestration Specific Implementations
● Kubernetes
○ Deployed using YAML files
○ https://k8s.mra.nginxps.com
● Mesosphere DC/OS
○ Deployed using JSON files
○ https://mra.nginxps.com
● Both sets of files will be released in open source repositories

20. NGINX Microservice
Network Architectures

21. Proxy Model
● Load Balances requests
to services
● Secures North/South
traffic and provides SSL
Termination
● Services are left to
communicate with each
other
● Lays the foundation for
building a service mesh

22. Router Mesh
● Standalone NGINX Plus
instance which acts as a
traffic manager
● Provides service
discovery via DNS SRV
records
● Load balances to
instances of services
● NGINX Plus provides
active health checks
allowing for circuit
breaker functionality

23. Fabric Model
● NGINX Plus exists as a
sidecar within the same
container as the service
● NGINX Plus and the app
communicate only on
localhost
● Instances of NGINX Plus
communicate directly with
each other
● Incorporates all the
features of the Router
Mesh and adds persistent
SSL connections

24. The Migration Path

25. Containerize the monolith
Similar to scaling horizontally
Watch out for singletons!
This may not work for every application.
Ingress
Controller

26. Decompose the Monolith
Create services from features
Similar to scaling horizontally
Watch out for singletons!
This may not work for every application.
Ingress
Controller
User Data
Orders
Pod
Pod
Pod
Pod
Pod Pod
Photo
Uploader
Photo
Resizer
Content
Service

27. Implement the Ingress Proxy
Create services from features
Similar to scaling horizontally
Watch out for singletons!
This may not work for every
application.
Ingress
Controller
Pod
Auth
Proxy
Pod
Photo
Uploader
Pod
Photo
Resizer
Pod
Content
Service
Pod
Album
Manager
Pod
User
Manager
Pod
Pages

28. Implement the Router Mesh
Add the Router Mesh Service and
configure the locations and upstreams
for the service.
Re-configure the services to use the
Router Mesh service
Ingress
Controller
Pod
Auth
Proxy
Pod
Photo
Uploader
Pod
Photo
Resizer
Pod
Content
Service
Pod
Album
Manager
Pod
User
Manager
Pod
Pages
Pod
Router
Mesh

29. Implement the Service Proxy
Add the NGINX Plus container to each
pod and use a ConfigMap to define the
upstreams and locations.
Re-configure the services to use the
Router Mesh service
Pod
Auth
Proxy
Ingress
Controller
Pod
Photo
Uploader
Pod
Photo
Resizer
Pod
Content
Service
Pod
Album
Manager
Pod
User
Manager
Pod
Pages

30. Service Mesh
Implementations

31. Istio
● Supports mTLS between
sidecars
● Istio Auth uses Kubernetes
service accounts to identify
who runs the service:
Image credit: istio.io

32. Istio
● RBAC implementation as
ServiceRole resource
● ServiceRoleBinding
○ roleRef refers to a ServiceRole object in the
same namespace.
○ A list of subjects that are assigned the role.
Image credit: istio.io

33. Linkerd/Conduit
● Products from buoyant.io, the
company that coined the term
service mesh
○ linkerd
■ First service mesh product
released by buoyant
■ Provides control and data planes
○ conduit
■ Released in December and
focuses on performance in
Kubernetes

34. Linkerd/Conduit
● TLS communication between
services
● http/2 support

35. Envoy
● Acts as:
○ Sidecar proxy
○ Ingress
○ Egress
● Supports TLS termination and
origination

36. nginmesh
- Sidecar implementation for Istio using
NGINX as the sidecar proxy
- Provides load balancing and service
discovery in the data plane of a service
mesh
- https://github.com/nginxinc/nginmesh
- Current support only for Kubernetes

37. Q & A

38. Thank You