SlideShare a Scribd company logo

Why Is Istio That Shape?

Matt Turner
Matt Turner

In this session, Matt will look at Istio, a Service Mesh, but no prior knowledge of Istio or the space is needed. Istio is a “smart network” comprising traffic switches and controllers. It’s had about four different architectures over time, and we’ll look at what problem each solved, and the challenges that eventually led to it being changed. We’ll talk about how the different approaches each optimised performance, scalability, and redundancy. We’ll explore analogies between the shapes of Istio and common patterns - three-tier web apps, big network routers, etc - and how Istio’s lessons are broadly applicable.

1 of 66
Download to read offline
Why Is Istio That Shape? @mt165 Why Is Istio That Shape? Matt Turner Software Architecture Gathering, Virtual | November 2022 @mt165 | mt165.co.uk
Why Is Istio That Shape? @mt165 THE ENTERPRISE SERVICE MESH COMPANY
Why Is Istio That Shape? @mt165 Pop Quiz!
Why Is Istio That Shape? @mt165 Background Service Meshes and Istio
Why Is Istio That Shape? @mt165 Business Value ● Top Line ● Bottom Line ● Time to Market & Speed of Iteration ● Risk Reduction
Why Is Istio That Shape? @mt165 Break the Monolith
Why Is Istio That Shape? @mt165 Pod Pod Pod Break the Monolith Namespace A Namespace B Namespace C Namespace A Namespace B Namespace C
Why Is Istio That Shape? @mt165 But Don’t Just Distribute It!
Why Is Istio That Shape? @mt165 Technical Implications
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165 Service A Service B
Why Is Istio That Shape? @mt165 Lots of Options: In-process libraries and frameworks
Why Is Istio That Shape? @mt165 Polyglot environments
Why Is Istio That Shape? @mt165 Polyglot environments
Why Is Istio That Shape? @mt165 Take the Network Smarts out of the Process
Why Is Istio That Shape? @mt165 Add a Control Plane
Why Is Istio That Shape? @mt165 Istio “An open platform to connect, secure, control, and observe services.”
Why Is Istio That Shape? @mt165 What Shape is Istio?
Why Is Istio That Shape? @mt165 Istio 0.1 - 1.4
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B TLS certs to Envoys
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy k8s consul zk K8s API Server
Why Is Istio That Shape? @mt165 Have We Seen This Before?
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine Latency Throughput Concurrency Availability
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT ENVOY Router Information Base Forwarding Information Base Forwarding Engine
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 IP Router Architecture Interrupt Kernel module User process DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT MIXER ENVOY Interrupt Kernel module User process Router Information Base Forwarding Information Base
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Control Plane API Service A Service B Config to Envoys prom ES REPORT CHECK ACL Rate limit Mixer fat client Mixer fat client Citadel
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Why Isn’t Istio This Shape?
Why Is Istio That Shape? @mt165 Mixer Pros ● Recognisable mental mode ● Good availability ● Can horizontally scale ○ Load ○ High availability Cons ● Performance was never great ● Very few things need coördination between proxies
Why Is Istio That Shape? @mt165 µServices! Pros ● Decoupled deployments ● Isolated security contexts ● Isolated failure domains ● Individual scaling ● Multiple languages ● Clean mapping to individual teams/domains Cons ● Complex to debug ● Fiddly to deploy ● Inefficient ○ Message-passing ○ Missed shared cache opportunities
Why Is Istio That Shape? @mt165 µServices? Decoupled deployments ● No-one ever did
Why Is Istio That Shape? @mt165 µServices? Isolated security contexts ● Citadel is obviously a security component, but… ● Pilot can re-route all your requests ● Mixer can steal all your traffic ● …a breach in any one is as bad as the others
Why Is Istio That Shape? @mt165 µServices? Isolated failure domains ● Mixer is the only acutely critical service
Why Is Istio That Shape? @mt165 µServices? Individual scaling ● Resource usage was dominated by one component of service: Pilot’s XDS serving
Why Is Istio That Shape? @mt165 µServices? Multiple languages ● It’s all Go
Why Is Istio That Shape? @mt165 µServices? Clean mapping to individual teams/domains ● We’re good at writing monoliths ● µServices were never about this anyway
Why Is Istio That Shape? @mt165 Istio 1.5 - Date
Why Is Istio That Shape? @mt165 Pilot ● That thing I said about a compiler… ● It’s a nice mental model ● It wasn’t true
Why Is Istio That Shape? @mt165 Pilot Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy µServices
Why Is Istio That Shape? @mt165 Mixer ● Policy: implemented with (new) Envoy-native features
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy WASM WASM WASM WASM Telem etry
Why Is Istio That Shape? @mt165 Dataplane Topology - Host-Based Proxy #eBPF #sidecarless #nomesh
Why Is Istio That Shape? @mt165 Envoy Service A Service B WASM WASM host istiod Control Plane API
Why Is Istio That Shape? @mt165 CPU Usage Per Request Idle
Why Is Istio That Shape? @mt165 Memory Usage Per Service Config Overhead: programme
Why Is Istio That Shape? @mt165 Dataplane Topology - “Ambient Mesh”
Why Is Istio That Shape? @mt165 Ambient Mesh - zTunnel host host Service A Service B zTunnel zTunnel Service A
Why Is Istio That Shape? @mt165 Ambient Mesh - “Waypoint” Proxies host host Service A Service B zTunnel zTunnel Service A Envoy K8s ServiceAccount A Envoy K8s ServiceAccount B
Why Is Istio That Shape? @mt165 Thanks! Slides Videos Demo code mt165.co.uk Questions @mt165

Recommended

Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019
Matt Turner
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019
Matt Turner
 
What is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your MicroservicesWhat is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your Microservices
Matt Turner
 
Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018
Matt Turner
 
The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019
Matt Turner
 
Gateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysGateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API Gateways
Matt Turner
 
Evolving big microservice architectures
Evolving big microservice architecturesEvolving big microservice architectures
Evolving big microservice architectures
Nikolay Stoitsev
 

Recommended

Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019
Matt Turner
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019
Matt Turner
 
What is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your MicroservicesWhat is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your Microservices
Matt Turner
 
Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018
Matt Turner
 
The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019
Matt Turner
 
Gateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysGateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API Gateways
Matt Turner
 
Evolving big microservice architectures
Evolving big microservice architecturesEvolving big microservice architectures
Evolving big microservice architectures
Nikolay Stoitsev
 
Azure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaAzure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu Vunvulea
ITCamp
 
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Radu Vunvulea
 
Running Resilient Workloads on Istio
Running Resilient Workloads on IstioRunning Resilient Workloads on Istio
Running Resilient Workloads on Istio
Matt Turner
 
The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019
Matt Turner
 
The next-gen Mahara
The next-gen MaharaThe next-gen Mahara
The next-gen Mahara
Kristina D.C. Hoeppner
 
Pivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxPivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptx
Sufyaan Kazi
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019
Matt Turner
 
Testing your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeTesting your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin Loghiade
ITCamp
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric Architecture
WSO2
 
Presenting: Mahara 15.04
Presenting: Mahara 15.04Presenting: Mahara 15.04
Presenting: Mahara 15.04
Kristina D.C. Hoeppner
 
GenieATM useful usage
GenieATM useful usageGenieATM useful usage
GenieATM useful usage
Hirotaka Tajima
 
Agile Lab_BigData_Meetup
Agile Lab_BigData_MeetupAgile Lab_BigData_Meetup
Agile Lab_BigData_Meetup
Paolo Platter
 
Massive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingMassive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark Streaming
Paolo Platter
 
Sail In The Cloud
Sail In The CloudSail In The Cloud
Sail In The Cloud
Alex Soto
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
ITCamp
 
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Codemotion
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]
Mikhail Asavkin
 
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
Osaka University
 
The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio III
Matt Turner
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Matt Turner
 

More Related Content

Similar to Why Is Istio That Shape?

Azure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaAzure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu Vunvulea
ITCamp
 
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Radu Vunvulea
 
Running Resilient Workloads on Istio
Running Resilient Workloads on IstioRunning Resilient Workloads on Istio
Running Resilient Workloads on Istio
Matt Turner
 
The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019
Matt Turner
 
The next-gen Mahara
The next-gen MaharaThe next-gen Mahara
The next-gen Mahara
Kristina D.C. Hoeppner
 
Pivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxPivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptx
Sufyaan Kazi
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019
Matt Turner
 
Testing your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeTesting your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin Loghiade
ITCamp
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric Architecture
WSO2
 
Presenting: Mahara 15.04
Presenting: Mahara 15.04Presenting: Mahara 15.04
Presenting: Mahara 15.04
Kristina D.C. Hoeppner
 
GenieATM useful usage
GenieATM useful usageGenieATM useful usage
GenieATM useful usage
Hirotaka Tajima
 
Agile Lab_BigData_Meetup
Agile Lab_BigData_MeetupAgile Lab_BigData_Meetup
Agile Lab_BigData_Meetup
Paolo Platter
 
Massive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingMassive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark Streaming
Paolo Platter
 
Sail In The Cloud
Sail In The CloudSail In The Cloud
Sail In The Cloud
Alex Soto
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
ITCamp
 
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Codemotion
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]
Mikhail Asavkin
 
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
Osaka University
 

Similar to Why Is Istio That Shape? (20)

Azure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaAzure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu Vunvulea
 
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
 
Running Resilient Workloads on Istio
Running Resilient Workloads on IstioRunning Resilient Workloads on Istio
Running Resilient Workloads on Istio
 
The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019
 
The next-gen Mahara
The next-gen MaharaThe next-gen Mahara
The next-gen Mahara
 
Pivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxPivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptx
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019
 
Testing your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeTesting your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin Loghiade
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric Architecture
 
Presenting: Mahara 15.04
Presenting: Mahara 15.04Presenting: Mahara 15.04
Presenting: Mahara 15.04
 
GenieATM useful usage
GenieATM useful usageGenieATM useful usage
GenieATM useful usage
 
Agile Lab_BigData_Meetup
Agile Lab_BigData_MeetupAgile Lab_BigData_Meetup
Agile Lab_BigData_Meetup
 
Massive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingMassive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark Streaming
 
Sail In The Cloud
Sail In The CloudSail In The Cloud
Sail In The Cloud
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
 
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
 
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]
 
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
 

More from Matt Turner

The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio III
Matt Turner
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Matt Turner
 
apiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitapiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profit
Matt Turner
 
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosIstio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Matt Turner
 
Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production
Matt Turner
 
The Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonThe Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh London
Matt Turner
 
Cloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryCloud-Native Progressive Delivery
Cloud-Native Progressive Delivery
Matt Turner
 
An Introduction to Bazel
An Introduction to BazelAn Introduction to Bazel
An Introduction to Bazel
Matt Turner
 
Networks, Linux, Containers, Pods
Networks, Linux, Containers, PodsNetworks, Linux, Containers, Pods
Networks, Linux, Containers, Pods
Matt Turner
 
Debugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioDebugging an RBAC Problem in Istio
Debugging an RBAC Problem in Istio
Matt Turner
 
Software Networking and Interfaces on Linux
Software Networking and Interfaces on LinuxSoftware Networking and Interfaces on Linux
Software Networking and Interfaces on Linux
Matt Turner
 
The life of a packet through Istio
The life of a packet through IstioThe life of a packet through Istio
The life of a packet through Istio
Matt Turner
 
Bash is Testing
Bash is TestingBash is Testing
Bash is Testing
Matt Turner
 
Istio - The life of a packet
Istio - The life of a packetIstio - The life of a packet
Istio - The life of a packet
Matt Turner
 
Fluency
FluencyFluency
Fluency
Matt Turner
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem Development
Matt Turner
 

More from Matt Turner (16)

The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio III
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
 
apiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitapiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profit
 
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosIstio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
 
Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production
 
The Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonThe Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh London
 
Cloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryCloud-Native Progressive Delivery
Cloud-Native Progressive Delivery
 
An Introduction to Bazel
An Introduction to BazelAn Introduction to Bazel
An Introduction to Bazel
 
Networks, Linux, Containers, Pods
Networks, Linux, Containers, PodsNetworks, Linux, Containers, Pods
Networks, Linux, Containers, Pods
 
Debugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioDebugging an RBAC Problem in Istio
Debugging an RBAC Problem in Istio
 
Software Networking and Interfaces on Linux
Software Networking and Interfaces on LinuxSoftware Networking and Interfaces on Linux
Software Networking and Interfaces on Linux
 
The life of a packet through Istio
The life of a packet through IstioThe life of a packet through Istio
The life of a packet through Istio
 
Bash is Testing
Bash is TestingBash is Testing
Bash is Testing
 
Istio - The life of a packet
Istio - The life of a packetIstio - The life of a packet
Istio - The life of a packet
 
Fluency
FluencyFluency
Fluency
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem Development
 

Recently uploaded

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 

Recently uploaded (20)

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 

Why Is Istio That Shape?

  • 1. Why Is Istio That Shape? @mt165 Why Is Istio That Shape? Matt Turner Software Architecture Gathering, Virtual | November 2022 @mt165 | mt165.co.uk
  • 2. Why Is Istio That Shape? @mt165 THE ENTERPRISE SERVICE MESH COMPANY
  • 3. Why Is Istio That Shape? @mt165 Pop Quiz!
  • 4. Why Is Istio That Shape? @mt165 Background Service Meshes and Istio
  • 5. Why Is Istio That Shape? @mt165 Business Value ● Top Line ● Bottom Line ● Time to Market & Speed of Iteration ● Risk Reduction
  • 6. Why Is Istio That Shape? @mt165 Break the Monolith
  • 7. Why Is Istio That Shape? @mt165 Pod Pod Pod Break the Monolith Namespace A Namespace B Namespace C Namespace A Namespace B Namespace C
  • 8. Why Is Istio That Shape? @mt165 But Don’t Just Distribute It!
  • 9. Why Is Istio That Shape? @mt165 Technical Implications
  • 10. Why Is Istio That Shape? @mt165
  • 11. Why Is Istio That Shape? @mt165
  • 12. Why Is Istio That Shape? @mt165
  • 13. Why Is Istio That Shape? @mt165
  • 14. Why Is Istio That Shape? @mt165
  • 15. Why Is Istio That Shape? @mt165
  • 16. Why Is Istio That Shape? @mt165 Service A Service B
  • 17. Why Is Istio That Shape? @mt165 Lots of Options: In-process libraries and frameworks
  • 18. Why Is Istio That Shape? @mt165 Polyglot environments
  • 19. Why Is Istio That Shape? @mt165 Polyglot environments
  • 20. Why Is Istio That Shape? @mt165 Take the Network Smarts out of the Process
  • 21. Why Is Istio That Shape? @mt165 Add a Control Plane
  • 22. Why Is Istio That Shape? @mt165 Istio “An open platform to connect, secure, control, and observe services.”
  • 23. Why Is Istio That Shape? @mt165 What Shape is Istio?
  • 24. Why Is Istio That Shape? @mt165 Istio 0.1 - 1.4
  • 25. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 26. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 27. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 28. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
  • 29. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
  • 30. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B TLS certs to Envoys
  • 31. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 32. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy k8s consul zk K8s API Server
  • 33. Why Is Istio That Shape? @mt165 Have We Seen This Before?
  • 34. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine
  • 35. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine Latency Throughput Concurrency Availability
  • 36. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT ENVOY Router Information Base Forwarding Information Base Forwarding Engine
  • 37. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 38. Why Is Istio That Shape? @mt165 IP Router Architecture Interrupt Kernel module User process DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base
  • 39. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT MIXER ENVOY Interrupt Kernel module User process Router Information Base Forwarding Information Base
  • 40. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Control Plane API Service A Service B Config to Envoys prom ES REPORT CHECK ACL Rate limit Mixer fat client Mixer fat client Citadel
  • 41. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 42. Why Is Istio That Shape? @mt165 Why Isn’t Istio This Shape?
  • 43. Why Is Istio That Shape? @mt165 Mixer Pros ● Recognisable mental mode ● Good availability ● Can horizontally scale ○ Load ○ High availability Cons ● Performance was never great ● Very few things need coördination between proxies
  • 44. Why Is Istio That Shape? @mt165 µServices! Pros ● Decoupled deployments ● Isolated security contexts ● Isolated failure domains ● Individual scaling ● Multiple languages ● Clean mapping to individual teams/domains Cons ● Complex to debug ● Fiddly to deploy ● Inefficient ○ Message-passing ○ Missed shared cache opportunities
  • 45. Why Is Istio That Shape? @mt165 µServices? Decoupled deployments ● No-one ever did
  • 46. Why Is Istio That Shape? @mt165 µServices? Isolated security contexts ● Citadel is obviously a security component, but… ● Pilot can re-route all your requests ● Mixer can steal all your traffic ● …a breach in any one is as bad as the others
  • 47. Why Is Istio That Shape? @mt165 µServices? Isolated failure domains ● Mixer is the only acutely critical service
  • 48. Why Is Istio That Shape? @mt165 µServices? Individual scaling ● Resource usage was dominated by one component of service: Pilot’s XDS serving
  • 49. Why Is Istio That Shape? @mt165 µServices? Multiple languages ● It’s all Go
  • 50. Why Is Istio That Shape? @mt165 µServices? Clean mapping to individual teams/domains ● We’re good at writing monoliths ● µServices were never about this anyway
  • 51. Why Is Istio That Shape? @mt165 Istio 1.5 - Date
  • 52. Why Is Istio That Shape? @mt165 Pilot ● That thing I said about a compiler… ● It’s a nice mental model ● It wasn’t true
  • 53. Why Is Istio That Shape? @mt165 Pilot Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
  • 54. Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
  • 55. Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
  • 56. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy µServices
  • 57. Why Is Istio That Shape? @mt165 Mixer ● Policy: implemented with (new) Envoy-native features
  • 58. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy WASM WASM WASM WASM Telem etry
  • 59. Why Is Istio That Shape? @mt165 Dataplane Topology - Host-Based Proxy #eBPF #sidecarless #nomesh
  • 60. Why Is Istio That Shape? @mt165 Envoy Service A Service B WASM WASM host istiod Control Plane API
  • 61. Why Is Istio That Shape? @mt165 CPU Usage Per Request Idle
  • 62. Why Is Istio That Shape? @mt165 Memory Usage Per Service Config Overhead: programme
  • 63. Why Is Istio That Shape? @mt165 Dataplane Topology - “Ambient Mesh”
  • 64. Why Is Istio That Shape? @mt165 Ambient Mesh - zTunnel host host Service A Service B zTunnel zTunnel Service A
  • 65. Why Is Istio That Shape? @mt165 Ambient Mesh - “Waypoint” Proxies host host Service A Service B zTunnel zTunnel Service A Envoy K8s ServiceAccount A Envoy K8s ServiceAccount B
  • 66. Why Is Istio That Shape? @mt165 Thanks! Slides Videos Demo code mt165.co.uk Questions @mt165