SlideShare une entreprise Scribd logo

Comparison of Current Service Mesh Architectures

Mirantis
Mirantis

Learn the differences between Envoy, Istio, Conduit, Linkerd and other service meshes and their components. Watch the recording including demo at: https://info.mirantis.com/service-mesh-webinar

Technologie
1  sur  46
Télécharger pour lire hors ligne
2 Introduction Bruce Basil Mathews Sr. Solutions Architect at Mirantis Bruce has been a Senior Solutions Architect in the computer industry for 40+ years, working at multiple technology companies including Mirantis, HP, Oracle, Sun Microsystems and others. View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar
3 ● What is service mesh, its capabilities and benefits? ● Types of service mesh architectures ● Service meshes comparisons: features, visualization, performance ○ Open source ○ Commercial ● Service mesh pros and cons ● Demo ● Q&A Agenda
4 A service mesh is: ● A configurable infrastructure layer for a microservices application ● Makes communication between service instances flexible, reliable, and fast ● Provides a whole bunch of capabilities to relieve the developer from having to provide them each time uniquely. What is a Service Mesh?
5 ● Service Discovery - Allows the different services to “discover” each other when needed. The Kubernetes framework keeps a list of instances that are healthy and ready to receive requests. ● Load Balancing - Places the least busy instances at the top of the stack, so that busier instances can get the most service without starving the least busy instances’ needs. ● Encryption - Instead of having each of the services provide their own encryption/decryption, the service mesh can encrypt and decrypt requests and responses instead. ● Authentication and authorization. The service mesh can validate requests BEFORE they are sent to the service instances. ● Support for the circuit breaker pattern. The service mesh can support the circuit breaker pattern, which can stop requests from ever being sent to an unhealthy instance. We will discuss this specific feature later. What Capabilities Does a Service Mesh Provide?
6 The combined use of the features and capabilities listed on the previous slide provides the means for traffic shaping or QoS: ● Traffic shaping, (a.k.a. packet shaping), is a type of network bandwidth management for the manipulation and prioritization of network traffic to reduce the impact of heavy use cases from affecting other users. ● QoS provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices while capturing the telemetry of the traffic flow for prioritizing network traffic. Key Benefits of a Service Mesh
7 Circuit-breaking helps to guard against partial or total cascading network communication failures of application service instances by maintaining a status of the health and viability of each service instance: ● The Service Mesh’s circuit-breaker feature determines whether traffic should continue to be routed to a given service instance. NOTE: The application developer must determine what to do as a design consideration when the service instance has been marked as not accepting requests. Enterprises can create application features using modular software development across disparate teams of developers. ● Faster development, testing and deployment of applications. Key Benefits of a Service Mesh
8 Library ● Needed services are sitting in a Library that your microservices applications import and use. Node Agent ● The services are provided by a Node Agent or daemon. The daemon services all of the containers on a particular node/machine. Sidecar ● The services are provided in a Sidecar container that runs alongside your application container. Service Mesh Architectures
9 The Types of Service Mesh Architectures SMESH-ARCHS!
10 The Library Architecture Examples: Twitter Finagle Netflix Hystrix Netflix Ribbon Each of the microservices carries a copy of the library that contains all of the desired Service Mesh functions. The Library architectural approach was: ● The first architecture to be adopted ● Simplest method to implement ● Has some drawbacks in performance ● More difficult to maintain Separate copies are distributed with every microservice, which results in: ● Potential for version control issues in multi-cluster implementations ● Conflicting demand and performance is harder to determine and resolve quickly.
11 The Node Agent Architecture Examples: Linkerd/Conduit Consul The Node Agent architecture is easier to manage and maintain than the Library architecture: ● It distributes one copy of the configuration to each node, rather than one copy of the configuration to each pod on each node. In the Node Agent service mesh architecture, a separate agent is running on every worker node of a cluster: ● Node Agent, usually running in user process space, services the heterogeneous mix of workloads hosted on that worker node. ● This architectural model emphasizes work resource sharing. This method can provide a great deal more efficiency than the Library model, but leaves a door open for resource abuse. ● Resource requests for memory and other components can be demanded and fulfilled immediately, starving other microservices. It is left up to the application developer to play nicely with others.
12 The Sidecar Architecture Examples: Istio Aspen Mesh Sidecar is the latest method developed for service meshing: ● The Sidecar service mesh deploys one adjacent container for every application container. ● The sidecar container handles all the network traffic in and out of the application container. ● To eliminate the potential for a network based attack, the sidecar has the same privileges as the application to which it is attached. ● Most Sidecar implementations, founded on security best-practices, limit the scope of the authorities necessary to complete the required intercommunication and then end their own process. ● The Sidecar acts in closely secured proximity to the application, almost like a function call from a Library rather than having to traverse the network to an external Node Agent for each intercommunication.
13 Service Meshes to Compare SMESH-COMPS!
14 Open Source Offerings ● Envoy ● Istio ● Linkerd ● Linkerd2/Conduit Service Mesh Offerings for Kubernetes and Mesos Commercial Offerings ● Consul ● Aspen Mesh ● Kong Enterprise Mesh ● AWS App Mesh
15 Open Source Service Meshes OPS-SMESH!
16 Envoy’s Sidecar Architecture Envoy is a high performance C++ distributed proxy designed for single services and applications: ● Originally designed by Lyft ● Proxy architecture provides two key pieces missing in most stacks transitioning from legacy systems to a more Software Oriented Architecture (SOA.) ● Envoy’s two features: ○ Robust observability ○ Easy debugging ● Envoy uses gRPC bridge to unlock Python gevent clients But the primary focus of Envoy is raw PERFORMANCE! To do this, Envoy broke its threading model down into three categories: ● MAIN: The main thread coordinates all the most critical process functionality ● WORKER: Each worker thread spawned processes all IO for the connection’s it accepts for the lifetime of the connection ● FILE FLUSHER: Worker writes to files are buffered to memory and then physically written by the file flush process thread.
17 Istio’s Sidecar Architecture and Integration with Envoy Istio provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices in a multi-cluster scenario: ● Originally developed by Netflix, ● includes the capability of circuit-breaking to the app development process. ● Guards against partial or total cascading network communication failures by maintaining a status of the health and viability of all service instances ● Envoy is integrated as the backend proxy for Istio The Istio components and their functions are listed below: Control plane: ● Istio-Manager: provides routing rules & service discovery information to the Envoy proxies. ● Mixer: collects telemetry from each Envoy proxy and enforces access control policies. ● Istio-Auth: provides “service to service” and “user to service” authentication. This component also converts unencrypted traffic to TLS based traffic between services, as needed. Data plane: ● Envoy: a feature rich proxy managed by control plane components. Envoy intercepts traffic to and from the service, applying routing and access policies following the rules set in the control plane.
18 Linkerd 1.0 Node Agent/Sidecar Architecture In the per-host deployment model for Linkerd, one Linkerd instance is deployed per host (whether physical or virtual): ● Originally developed by Buoyant. ● All app service instances on that host route traffic through the single instance. ● This model is useful for deployments that are primarily host-based. ● Each service instance on the host can address its corresponding Linkerd instance at a fixed location (typically, localhost:4140) ● Eliminates the need for any significant client-side logic. ● Since this model requires high concurrency of Linkerd instances, a larger resource profile is usually appropriate. ● In this model, the loss of an individual Linkerd instance is equivalent to losing the host itself. Note: Could be implemented as either, but the weight of the Java engine was so heavy, it made it more resource effective as a node agent deployment.
19 Linkerd2 / Conduit Sidecar Architecture Linkerd 2 transitioned to deploying a sidecar methodology that eliminates the single point of failure per host. Linkerd 2 has three basic components: ● User Interface ● Control Plane ● Data Plane The control plane is made up of four components: ● Controller - In multiple containers ● Web - Dashboard for telemetry data display ● Prometheus - Telemetry data storage ● Grafana - Used to display the Dashboard The data plane consists of the sidecar Proxy processes injected into each Pod The Dashboard UI provides telemetry and QoS data for each service
20 Commercial Service Meshes COMMS-SMESH!
21 Consul Node Agent Architecture Consul is an ideal service to support control plane service mesh activities, whether you employ a “dumb pipe” or a “smart network”: ● Originally developed by Hashicorp ● The Consul architecture ensures it is highly available, and extends beyond a single data center. ● Consul provides service discovery for both Dumb Pipe and Smart Network scenarios. ● Applications can use Consul’s key-value store to store retries, timeouts and circuit breaking settings and request them when needed. ● The Consul K/V store can be used for persistent state storage such as network policies as well.
22 Aspen Mesh Sidecar Architecture & Integration with Istio Aspen Mesh is built on Istio and includes all the features you get with Istio plus: ● Intuitive UI ● Multi Cluster and Hybrid Cloud ● Analytics and Alerting ● Pre-configured Canary Testing ● Advanced Policy Management ● Isolated Management Platform with SLA ● A fully tested and hardened version ● Enterprise-level Support
23 Kong Enterprise Monolith, Microservice, Service Mesh, & Serverless Architecture kong Mesh Sidecar Architecture and Integration with Istio Kong Ingress Controller is a dynamic and highly available Ingress Controller which configures Kong using Ingress resources created in your Kubernetes cluster: ● Kong can configure plugins, load balancing, health checking on your services running in Kubernetes. ● Kong Ingress Controller is a Go application that listens to events from the API-server of your Kubernetes cluster ● The Ingress Controller sets up Kong to handle your configuration accordingly. You never have to configure Kong manually. ● The controller can configure any Kong cluster via a Kong node running either in a control-plane mode or running both, control and data planes. ● Kong's state is stored in Postgres or Cassandra. ○ The database should be deployed as a StatefulSet. ○ All Kong nodes in your Kubernetes cluster should be able to connect to it. ● If Kong is deployed in Control-plane and Data-plane mode, then Kong proxy can be scaled
24 AWS APP MESH Sidecar Architecture & Integration with Envoy AWS App Mesh is a service mesh based on the Envoy proxy that makes it easy to monitor and control microservices: ● App Mesh standardizes how your microservices communicate: End-to-end visibility ● Helps to ensure high-availability ● App Mesh is made up of the following components: ○ Service mesh ○ Virtual services ○ Virtual nodes ○ Envoy proxy ○ Virtual routers ○ Routes To use App Mesh, you must have an existing application running on AWS Fargate, Amazon ECS, Amazon EKS, Kubernetes on AWS, or Amazon EC2.
25 Comparing Service Mesh Features COMPS-SMESH!
26 ● Envoy ○ Low p99 tail latencies at scale when running under load, ○ Acts as a L3/L4 filter at its core with many L7 filters provided out of the box, ○ Support for gRPC, and HTTP/2 (upstream/downstream), ○ API-driven, dynamic configuration, hot reloads, ○ Strong focus on metric collection, tracing, and overall observability. ● Istio ○ Security features including identity, key management, and RBAC, ○ Fault injection, ○ Support for gRPC, HTTP/2, HTTP/1.x, WebSockets, and all TCP traffic, ○ Sophisticated policy, quota, and rate limiting, ○ Multi-platform, hybrid deployment. Some Service Mesh Feature Comparative Data
27 Linkerd was rewritten from Java to Rust - Data Plane / Go - Control plane about 1 ½ years ago. They are striving to reach feature parity between the two versions and are currently very close: Linkerd and Linkerd2/Conduit Features ○ Support for multiple platforms (Docker, Kubernetes, DC/OS, Amazon ECS, or any stand-alone machine), ○ Built-in service discovery abstractions to unite multiple systems, ○ Support for gRPC, HTTP/2, and HTTP/1.x requests + all TCP traffic. Some Service Mesh Feature Comparative Data (Continued) Note: Linkerd 2 is much faster than Linkerd as the Data Plane Proxy was rewritten in Rust. Conduit was folded into the Linkerd Project to form the basis for Linkerd 2! Conduit’s lightning-fast Rust proxies are ~10mb per instance, have sub-millisecond p99 latencies, and support HTTP/1.x, HTTP/2, and gRPC.
28 Linkerd 1 and Linkerd 2/Conduit Feature Comparison Linkerd 1.x (latest: 1.6.2.1) Linkerd 2.x (latest: 2.3) Theme Powerful, highly configurable, “industrial strength” Lightweight, minimalist, zero config Observability Automatic, non-aggregated Automatic, aggregated, live, per-path Reliability Load balancing, retries, circuit breaking Load balancing, retries, circuit breaking*, rate limiting* Security TLS, cert validation TLS, cert validation, cert management, policy enforcement* Protocol support HTTP/1.x, HTTP/2, gRPC, Thrift HTTP/1.x, HTTP/2, gRPC Installation Cluster-wide Per service, per namespace or cluster-wide (incremental) Resource footprint 100--150mb per proxy <10mb per proxy Latency introduced <5ms p99 <1ms p99 License, building blocks CNCF, Apache v2, Finagle, Netty, Scala CNCF, Apache v2, Rust, Go Supported platforms Kubernetes, DC/OS, Mesos, bare metal, ECS, ... Just Kubernetes… for now! (*roadmap)
29 ● Consul ○ Consul is a single binary providing both server and client capabilities ○ includes all functionality for service catalog ○ Includes configuration capabilities, TLS certificates, Authorization ○ Consul optionally supports external systems such as Vault to augment behavior ○ No additional systems are required to deploy Consul ● Aspen Mesh ○ Provides an intuitive UI that brings the most important information to the forefront ○ Easy-to-understand real-time status information ○ Allows for the display of multiple clusters in a single pane of glass ○ Helps the user to monitor their entire architecture in one place ○ Allows the user to sort, search and drill into individual services details Some Service Mesh Feature Comparative Data (Continued)
30 ● Kong Enterprise 1.0 ○ Engineers can make a change in a centralised location that will be reflected across multiple Kong clusters ○ Includes an implementation of the Plugin Development Kit (PDK) ○ All Kong plugins require a standard set of functionality, which the PDK provides out of the box ○ PDK based on the ngx_lua API ○ A Kong cluster deployment requires the installation of a Cassandra of PostgreSQL to act as the datastore ● AWS App Mesh ○ App Mesh separates the logic for monitoring and controlling communications into a proxy that manages all network traffic for each service ○ App Mesh uses the open source Envoy proxy to manage all traffic into and out of a service’s containers ○ Integrated with Amazon CloudWatch – monitoring & logging service for complete visibility of resources and applications. ○ Developers configure services to connect directly to each other instead of requiring code within the application or using a load balancer ○ App Mesh works with services managed by Amazon ECS, Amazon EKS, AWS Fargate, Kubernetes running on EC2, and services running directly on EC2 Some Service Mesh Feature Comparative Data (Continued)
31 Service Mesh Visualization SMESH-VIS!
32 Most Service Meshes use Prometheus with Grafana NOTE: Commercial offerings provide a greater variety of templates and statistics to choose from for traffic shaping analysis.
33 Comparing Service Mesh Performance PERF-SMESH!
34 ● Control Plane performance factors include: ○ The rate of deployment changes. ○ The rate of configuration changes. ○ The number of proxies connecting to the service gateway. ● Data Plane performance factors include: ○ Number of client connections ○ Target request rate ○ Request size and Response size ○ Number of proxy worker threads ○ Protocol ○ CPU cores ○ Number and types of proxy filters ● Benchmarking Tools: ○ fortio.org - a constant throughput load testing tool. ○ blueperf - a realistic cloud native application. Some Service Mesh Performance Factors
35 ● Load Balancing Throughput and Latency ○ One of the key features of a service mesh is to provide a load balancing capability. ○ Some of the more popular load balancers that can be integrated with the Service Meshes compared in this presentation are: ■ NGINX ■ HAProxy ■ Envoy ■ Traefik ■ Amazon Application Load Balancer (ALB) Some Service Mesh Comparative Performance Data
36 Load Balancer Requests-per-Second Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
37 Load Balancer Latency and Concurrency Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
38 Load Balancer CPU and Latency and Concurrency Performance Data - Disagreement Data found here: https://medium.com/@ihcsim/linkerd-2-0-and-istio-performance-benchmark-df290101c2bb The latency observed in the Linkerd2-meshed setup ranged from 11.0 ms to almost 14.0 ms. The latency observed in Istio-meshed setup ranged from 36.0 ms to 45.0 ms.
39 Consul vs Istio: ● https://www.consul.io/intro/vs/istio.html Consul vs Istio vs. Linkerd/Conduit: ● https://stackshare.io/stackups/consul-vs-istio-vs-linkerd Linkerd2/Conduit vs Istio: ● https://kinvolk.io/blog/2019/05/performance-benchmark-analysis-of-istio-and-linkerd/ ● https://glasnostic.com/blog/comparing-service-meshes-linkerd-vs-istio ● https://www.aquasec.com/wiki/display/containers/Linkerd+vs+Istio Additional Performance Data
40 Service Mesh Pros & Cons Pro-SMESH-Cons!
41 Service Meshes Architecture Pros and Cons Library Architecture Advantages: ● Resources are locally accounted for each and every service ● Self-service adoption for developers Disadvantages: ● Strong coupling is a significant drawback ● Non-uniform; upgrades are challenging in large environments Node Agent Architecture Advantages: ● Less overhead (especially memory) for things that could be shared across a node ● Easier to scale distribution of configuration information than it is with sidecar proxies (if you’re not using a control plane) ● This model is useful for deployments that are primarily physical or virtual server based. Good for large monolithic apps Disadvantages: ● Coarse support for encryption of service-to-service communication, instead host-to-host encryption and authentication policies ● Blast radius of a proxy failure includes all applications on the node, which is essentially equivalent to losing the node itself ● Not a transparent entity, services must be aware of its existence Sidecar Architecture Advantages: ● Granular encryption of service-to-service communication ● Can be gradually added to an existing cluster without central coordination ● App-to-sidecar communication is easier to secure than app-to-node proxy ● Resources consumed for a service are attributed to that service ● Blast radius of a proxy failure is limited to the sidecar app Disadvantages: ● Lack of central coordination. Difficult to scale operationally ● Sidecar footprint—per service overhead of running a service proxy sidecar
42 ● Istio was presented to the CNCF Technical Oversight Committee in November 2017. This represented an early step for the project to join CNCF. ○ We suspect they will become a full project member in 2019. ○ Linkerd is already a member of CNCF. ● There are both fully Open Source and Commercial implementations of Istio available ○ This will be a key to widespread adoption which will be key to the long-term success of Istio ● The following question will be answered in 2019: “What are the real world benefits I will receive by adopting service mesh as a standard?” ○ The answer will come from use cases stimulating adoption. Service Mesh Comparison Final Thoughts
43 Bottom Line: ● A service mesh will be mandatory by 2020 for any organization running microservices in production. ○ If you’re currently using a service mesh, you already know the value it brings. ○ If you’re considering using a service mesh, make sure you stay in tune with what is going on with this technology! ○ If your company has not yet decided on whether you need a service mesh or not, read the recent industry reports on microservices! Service Mesh Comparison Final Thoughts
44 Service Mesh Demo SMESH-Demo!
2019 | www.mirantis.com Training training.mirantis.com training.mirantis.com Service Mesh and Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day Microservices and Istio Bootcamp (IST100) New! Microservices security, resiliency and monitoring using Istio 2 days Istio Courses from Mirantis Training
46 Thank You Q&A View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar

Recommandé

The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioMichelle Holley
 
Service mesh
Service meshService mesh
Service meshArnab Mitra
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architectureThe Software House
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
Introduction To Microservices
Introduction To MicroservicesIntroduction To Microservices
Introduction To MicroservicesLalit Kale
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesRoger van de Kimmenade
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service MeshNatanael Fonseca
 

Recommandé

The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioMichelle Holley
 
Service mesh
Service meshService mesh
Service meshArnab Mitra
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architectureThe Software House
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
Introduction To Microservices
Introduction To MicroservicesIntroduction To Microservices
Introduction To MicroservicesLalit Kale
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesRoger van de Kimmenade
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service MeshNatanael Fonseca
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Microservices
MicroservicesMicroservices
MicroservicesSmartBear
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Animesh Singh
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservicesAnil Allewar
 
The Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudThe Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudVMware Tanzu
 
Service discovery with Eureka and Spring Cloud
Service discovery with Eureka and Spring CloudService discovery with Eureka and Spring Cloud
Service discovery with Eureka and Spring CloudMarcelo Serpa
 
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Orkhan Gasimov
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes IstioAraf Karsh Hamid
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm Docker, Inc.
 
02 api gateway
02 api gateway02 api gateway
02 api gatewayJanani Velmurugan
 
Building Microservices with gRPC and NATS
Building Microservices with gRPC and NATSBuilding Microservices with gRPC and NATS
Building Microservices with gRPC and NATSShiju Varghese
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioSAMIR BEHARA
 
Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitecturePaul Mooney
 
Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Claus Ibsen
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architectureAbdelghani Azri
 
All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksMohammad Asif Siddiqui
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...WSO2
 

Contenu connexe

Tendances

Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Microservices
MicroservicesMicroservices
MicroservicesSmartBear
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Animesh Singh
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservicesAnil Allewar
 
The Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudThe Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudVMware Tanzu
 
Service discovery with Eureka and Spring Cloud
Service discovery with Eureka and Spring CloudService discovery with Eureka and Spring Cloud
Service discovery with Eureka and Spring CloudMarcelo Serpa
 
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Orkhan Gasimov
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Building Microservices with gRPC and NATS
Building Microservices with gRPC and NATSBuilding Microservices with gRPC and NATS
Building Microservices with gRPC and NATSShiju Varghese
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioSAMIR BEHARA
 
Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitecturePaul Mooney
 
Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Claus Ibsen
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architectureAbdelghani Azri
 

Tendances (20)

Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Microservices
MicroservicesMicroservices
Microservices
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservices
 
The Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudThe Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring Cloud
 
Service discovery with Eureka and Spring Cloud
Service discovery with Eureka and Spring CloudService discovery with Eureka and Spring Cloud
Service discovery with Eureka and Spring Cloud
 
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
 
Building Microservices with gRPC and NATS
Building Microservices with gRPC and NATSBuilding Microservices with gRPC and NATS
Building Microservices with gRPC and NATS
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
 
Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic Architecture
 
Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in Docker
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 

Similaire à Comparison of Current Service Mesh Architectures

All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksMohammad Asif Siddiqui
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...WSO2
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...apidays
 
Service-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdfService-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdfchanhluc2112
 
Enterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices ArchitecturesEnterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices ArchitecturesCrishantha Nanayakkara
 
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...Christian Esteve Rothenberg
 
NECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMNECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMEUBrasilCloudFORUM .
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshCloudOps2005
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2
 
Necos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayNecos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayAugusto Neto
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Microservice Pattern Launguage
Microservice Pattern LaunguageMicroservice Pattern Launguage
Microservice Pattern LaunguageInho Kang
 
Kenzan: Architecting for Microservices
Kenzan: Architecting for MicroservicesKenzan: Architecting for Microservices
Kenzan: Architecting for MicroservicesDarren Bathgate
 
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...Jitendra Bafna
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverableSarmad Ibrahim
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architectureFaren faren
 
Microservices Design Principles.pdf
Microservices Design Principles.pdfMicroservices Design Principles.pdf
Microservices Design Principles.pdfSimform
 

Similaire à Comparison of Current Service Mesh Architectures (20)

All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice Frameworks
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
Service-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdfService-Mesh-Presentation.pdf
Service-Mesh-Presentation.pdf
 
Enterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices ArchitecturesEnterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices Architectures
 
NECOS Objectives
NECOS ObjectivesNECOS Objectives
NECOS Objectives
 
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
 
NECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMNECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUM
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice Architecture
 
Necos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayNecos keynote UFRN Telecomday
Necos keynote UFRN Telecomday
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Microservice Pattern Launguage
Microservice Pattern LaunguageMicroservice Pattern Launguage
Microservice Pattern Launguage
 
Kenzan: Architecting for Microservices
Kenzan: Architecting for MicroservicesKenzan: Architecting for Microservices
Kenzan: Architecting for Microservices
 
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Microservices
MicroservicesMicroservices
Microservices
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverable
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 
Microservices Design Principles.pdf
Microservices Design Principles.pdfMicroservices Design Principles.pdf
Microservices Design Principles.pdf
 

Plus de Mirantis

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 

Plus de Mirantis (20)

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security Workshop
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge Cloud
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar Slides
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStack
 

Dernier

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Dernier (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Comparison of Current Service Mesh Architectures

  • 1.
  • 2. 2 Introduction Bruce Basil Mathews Sr. Solutions Architect at Mirantis Bruce has been a Senior Solutions Architect in the computer industry for 40+ years, working at multiple technology companies including Mirantis, HP, Oracle, Sun Microsystems and others. View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar
  • 3. 3 ● What is service mesh, its capabilities and benefits? ● Types of service mesh architectures ● Service meshes comparisons: features, visualization, performance ○ Open source ○ Commercial ● Service mesh pros and cons ● Demo ● Q&A Agenda
  • 4. 4 A service mesh is: ● A configurable infrastructure layer for a microservices application ● Makes communication between service instances flexible, reliable, and fast ● Provides a whole bunch of capabilities to relieve the developer from having to provide them each time uniquely. What is a Service Mesh?
  • 5. 5 ● Service Discovery - Allows the different services to “discover” each other when needed. The Kubernetes framework keeps a list of instances that are healthy and ready to receive requests. ● Load Balancing - Places the least busy instances at the top of the stack, so that busier instances can get the most service without starving the least busy instances’ needs. ● Encryption - Instead of having each of the services provide their own encryption/decryption, the service mesh can encrypt and decrypt requests and responses instead. ● Authentication and authorization. The service mesh can validate requests BEFORE they are sent to the service instances. ● Support for the circuit breaker pattern. The service mesh can support the circuit breaker pattern, which can stop requests from ever being sent to an unhealthy instance. We will discuss this specific feature later. What Capabilities Does a Service Mesh Provide?
  • 6. 6 The combined use of the features and capabilities listed on the previous slide provides the means for traffic shaping or QoS: ● Traffic shaping, (a.k.a. packet shaping), is a type of network bandwidth management for the manipulation and prioritization of network traffic to reduce the impact of heavy use cases from affecting other users. ● QoS provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices while capturing the telemetry of the traffic flow for prioritizing network traffic. Key Benefits of a Service Mesh
  • 7. 7 Circuit-breaking helps to guard against partial or total cascading network communication failures of application service instances by maintaining a status of the health and viability of each service instance: ● The Service Mesh’s circuit-breaker feature determines whether traffic should continue to be routed to a given service instance. NOTE: The application developer must determine what to do as a design consideration when the service instance has been marked as not accepting requests. Enterprises can create application features using modular software development across disparate teams of developers. ● Faster development, testing and deployment of applications. Key Benefits of a Service Mesh
  • 8. 8 Library ● Needed services are sitting in a Library that your microservices applications import and use. Node Agent ● The services are provided by a Node Agent or daemon. The daemon services all of the containers on a particular node/machine. Sidecar ● The services are provided in a Sidecar container that runs alongside your application container. Service Mesh Architectures
  • 9. 9 The Types of Service Mesh Architectures SMESH-ARCHS!
  • 10. 10 The Library Architecture Examples: Twitter Finagle Netflix Hystrix Netflix Ribbon Each of the microservices carries a copy of the library that contains all of the desired Service Mesh functions. The Library architectural approach was: ● The first architecture to be adopted ● Simplest method to implement ● Has some drawbacks in performance ● More difficult to maintain Separate copies are distributed with every microservice, which results in: ● Potential for version control issues in multi-cluster implementations ● Conflicting demand and performance is harder to determine and resolve quickly.
  • 11. 11 The Node Agent Architecture Examples: Linkerd/Conduit Consul The Node Agent architecture is easier to manage and maintain than the Library architecture: ● It distributes one copy of the configuration to each node, rather than one copy of the configuration to each pod on each node. In the Node Agent service mesh architecture, a separate agent is running on every worker node of a cluster: ● Node Agent, usually running in user process space, services the heterogeneous mix of workloads hosted on that worker node. ● This architectural model emphasizes work resource sharing. This method can provide a great deal more efficiency than the Library model, but leaves a door open for resource abuse. ● Resource requests for memory and other components can be demanded and fulfilled immediately, starving other microservices. It is left up to the application developer to play nicely with others.
  • 12. 12 The Sidecar Architecture Examples: Istio Aspen Mesh Sidecar is the latest method developed for service meshing: ● The Sidecar service mesh deploys one adjacent container for every application container. ● The sidecar container handles all the network traffic in and out of the application container. ● To eliminate the potential for a network based attack, the sidecar has the same privileges as the application to which it is attached. ● Most Sidecar implementations, founded on security best-practices, limit the scope of the authorities necessary to complete the required intercommunication and then end their own process. ● The Sidecar acts in closely secured proximity to the application, almost like a function call from a Library rather than having to traverse the network to an external Node Agent for each intercommunication.
  • 13. 13 Service Meshes to Compare SMESH-COMPS!
  • 14. 14 Open Source Offerings ● Envoy ● Istio ● Linkerd ● Linkerd2/Conduit Service Mesh Offerings for Kubernetes and Mesos Commercial Offerings ● Consul ● Aspen Mesh ● Kong Enterprise Mesh ● AWS App Mesh
  • 16. 16 Envoy’s Sidecar Architecture Envoy is a high performance C++ distributed proxy designed for single services and applications: ● Originally designed by Lyft ● Proxy architecture provides two key pieces missing in most stacks transitioning from legacy systems to a more Software Oriented Architecture (SOA.) ● Envoy’s two features: ○ Robust observability ○ Easy debugging ● Envoy uses gRPC bridge to unlock Python gevent clients But the primary focus of Envoy is raw PERFORMANCE! To do this, Envoy broke its threading model down into three categories: ● MAIN: The main thread coordinates all the most critical process functionality ● WORKER: Each worker thread spawned processes all IO for the connection’s it accepts for the lifetime of the connection ● FILE FLUSHER: Worker writes to files are buffered to memory and then physically written by the file flush process thread.
  • 17. 17 Istio’s Sidecar Architecture and Integration with Envoy Istio provides a uniform way to connect, secure, manage and monitor microservices and provides traffic shaping between microservices in a multi-cluster scenario: ● Originally developed by Netflix, ● includes the capability of circuit-breaking to the app development process. ● Guards against partial or total cascading network communication failures by maintaining a status of the health and viability of all service instances ● Envoy is integrated as the backend proxy for Istio The Istio components and their functions are listed below: Control plane: ● Istio-Manager: provides routing rules & service discovery information to the Envoy proxies. ● Mixer: collects telemetry from each Envoy proxy and enforces access control policies. ● Istio-Auth: provides “service to service” and “user to service” authentication. This component also converts unencrypted traffic to TLS based traffic between services, as needed. Data plane: ● Envoy: a feature rich proxy managed by control plane components. Envoy intercepts traffic to and from the service, applying routing and access policies following the rules set in the control plane.
  • 18. 18 Linkerd 1.0 Node Agent/Sidecar Architecture In the per-host deployment model for Linkerd, one Linkerd instance is deployed per host (whether physical or virtual): ● Originally developed by Buoyant. ● All app service instances on that host route traffic through the single instance. ● This model is useful for deployments that are primarily host-based. ● Each service instance on the host can address its corresponding Linkerd instance at a fixed location (typically, localhost:4140) ● Eliminates the need for any significant client-side logic. ● Since this model requires high concurrency of Linkerd instances, a larger resource profile is usually appropriate. ● In this model, the loss of an individual Linkerd instance is equivalent to losing the host itself. Note: Could be implemented as either, but the weight of the Java engine was so heavy, it made it more resource effective as a node agent deployment.
  • 19. 19 Linkerd2 / Conduit Sidecar Architecture Linkerd 2 transitioned to deploying a sidecar methodology that eliminates the single point of failure per host. Linkerd 2 has three basic components: ● User Interface ● Control Plane ● Data Plane The control plane is made up of four components: ● Controller - In multiple containers ● Web - Dashboard for telemetry data display ● Prometheus - Telemetry data storage ● Grafana - Used to display the Dashboard The data plane consists of the sidecar Proxy processes injected into each Pod The Dashboard UI provides telemetry and QoS data for each service
  • 21. 21 Consul Node Agent Architecture Consul is an ideal service to support control plane service mesh activities, whether you employ a “dumb pipe” or a “smart network”: ● Originally developed by Hashicorp ● The Consul architecture ensures it is highly available, and extends beyond a single data center. ● Consul provides service discovery for both Dumb Pipe and Smart Network scenarios. ● Applications can use Consul’s key-value store to store retries, timeouts and circuit breaking settings and request them when needed. ● The Consul K/V store can be used for persistent state storage such as network policies as well.
  • 22. 22 Aspen Mesh Sidecar Architecture & Integration with Istio Aspen Mesh is built on Istio and includes all the features you get with Istio plus: ● Intuitive UI ● Multi Cluster and Hybrid Cloud ● Analytics and Alerting ● Pre-configured Canary Testing ● Advanced Policy Management ● Isolated Management Platform with SLA ● A fully tested and hardened version ● Enterprise-level Support
  • 23. 23 Kong Enterprise Monolith, Microservice, Service Mesh, & Serverless Architecture kong Mesh Sidecar Architecture and Integration with Istio Kong Ingress Controller is a dynamic and highly available Ingress Controller which configures Kong using Ingress resources created in your Kubernetes cluster: ● Kong can configure plugins, load balancing, health checking on your services running in Kubernetes. ● Kong Ingress Controller is a Go application that listens to events from the API-server of your Kubernetes cluster ● The Ingress Controller sets up Kong to handle your configuration accordingly. You never have to configure Kong manually. ● The controller can configure any Kong cluster via a Kong node running either in a control-plane mode or running both, control and data planes. ● Kong's state is stored in Postgres or Cassandra. ○ The database should be deployed as a StatefulSet. ○ All Kong nodes in your Kubernetes cluster should be able to connect to it. ● If Kong is deployed in Control-plane and Data-plane mode, then Kong proxy can be scaled
  • 24. 24 AWS APP MESH Sidecar Architecture & Integration with Envoy AWS App Mesh is a service mesh based on the Envoy proxy that makes it easy to monitor and control microservices: ● App Mesh standardizes how your microservices communicate: End-to-end visibility ● Helps to ensure high-availability ● App Mesh is made up of the following components: ○ Service mesh ○ Virtual services ○ Virtual nodes ○ Envoy proxy ○ Virtual routers ○ Routes To use App Mesh, you must have an existing application running on AWS Fargate, Amazon ECS, Amazon EKS, Kubernetes on AWS, or Amazon EC2.
  • 26. 26 ● Envoy ○ Low p99 tail latencies at scale when running under load, ○ Acts as a L3/L4 filter at its core with many L7 filters provided out of the box, ○ Support for gRPC, and HTTP/2 (upstream/downstream), ○ API-driven, dynamic configuration, hot reloads, ○ Strong focus on metric collection, tracing, and overall observability. ● Istio ○ Security features including identity, key management, and RBAC, ○ Fault injection, ○ Support for gRPC, HTTP/2, HTTP/1.x, WebSockets, and all TCP traffic, ○ Sophisticated policy, quota, and rate limiting, ○ Multi-platform, hybrid deployment. Some Service Mesh Feature Comparative Data
  • 27. 27 Linkerd was rewritten from Java to Rust - Data Plane / Go - Control plane about 1 ½ years ago. They are striving to reach feature parity between the two versions and are currently very close: Linkerd and Linkerd2/Conduit Features ○ Support for multiple platforms (Docker, Kubernetes, DC/OS, Amazon ECS, or any stand-alone machine), ○ Built-in service discovery abstractions to unite multiple systems, ○ Support for gRPC, HTTP/2, and HTTP/1.x requests + all TCP traffic. Some Service Mesh Feature Comparative Data (Continued) Note: Linkerd 2 is much faster than Linkerd as the Data Plane Proxy was rewritten in Rust. Conduit was folded into the Linkerd Project to form the basis for Linkerd 2! Conduit’s lightning-fast Rust proxies are ~10mb per instance, have sub-millisecond p99 latencies, and support HTTP/1.x, HTTP/2, and gRPC.
  • 28. 28 Linkerd 1 and Linkerd 2/Conduit Feature Comparison Linkerd 1.x (latest: 1.6.2.1) Linkerd 2.x (latest: 2.3) Theme Powerful, highly configurable, “industrial strength” Lightweight, minimalist, zero config Observability Automatic, non-aggregated Automatic, aggregated, live, per-path Reliability Load balancing, retries, circuit breaking Load balancing, retries, circuit breaking*, rate limiting* Security TLS, cert validation TLS, cert validation, cert management, policy enforcement* Protocol support HTTP/1.x, HTTP/2, gRPC, Thrift HTTP/1.x, HTTP/2, gRPC Installation Cluster-wide Per service, per namespace or cluster-wide (incremental) Resource footprint 100--150mb per proxy <10mb per proxy Latency introduced <5ms p99 <1ms p99 License, building blocks CNCF, Apache v2, Finagle, Netty, Scala CNCF, Apache v2, Rust, Go Supported platforms Kubernetes, DC/OS, Mesos, bare metal, ECS, ... Just Kubernetes… for now! (*roadmap)
  • 29. 29 ● Consul ○ Consul is a single binary providing both server and client capabilities ○ includes all functionality for service catalog ○ Includes configuration capabilities, TLS certificates, Authorization ○ Consul optionally supports external systems such as Vault to augment behavior ○ No additional systems are required to deploy Consul ● Aspen Mesh ○ Provides an intuitive UI that brings the most important information to the forefront ○ Easy-to-understand real-time status information ○ Allows for the display of multiple clusters in a single pane of glass ○ Helps the user to monitor their entire architecture in one place ○ Allows the user to sort, search and drill into individual services details Some Service Mesh Feature Comparative Data (Continued)
  • 30. 30 ● Kong Enterprise 1.0 ○ Engineers can make a change in a centralised location that will be reflected across multiple Kong clusters ○ Includes an implementation of the Plugin Development Kit (PDK) ○ All Kong plugins require a standard set of functionality, which the PDK provides out of the box ○ PDK based on the ngx_lua API ○ A Kong cluster deployment requires the installation of a Cassandra of PostgreSQL to act as the datastore ● AWS App Mesh ○ App Mesh separates the logic for monitoring and controlling communications into a proxy that manages all network traffic for each service ○ App Mesh uses the open source Envoy proxy to manage all traffic into and out of a service’s containers ○ Integrated with Amazon CloudWatch – monitoring & logging service for complete visibility of resources and applications. ○ Developers configure services to connect directly to each other instead of requiring code within the application or using a load balancer ○ App Mesh works with services managed by Amazon ECS, Amazon EKS, AWS Fargate, Kubernetes running on EC2, and services running directly on EC2 Some Service Mesh Feature Comparative Data (Continued)
  • 32. 32 Most Service Meshes use Prometheus with Grafana NOTE: Commercial offerings provide a greater variety of templates and statistics to choose from for traffic shaping analysis.
  • 34. 34 ● Control Plane performance factors include: ○ The rate of deployment changes. ○ The rate of configuration changes. ○ The number of proxies connecting to the service gateway. ● Data Plane performance factors include: ○ Number of client connections ○ Target request rate ○ Request size and Response size ○ Number of proxy worker threads ○ Protocol ○ CPU cores ○ Number and types of proxy filters ● Benchmarking Tools: ○ fortio.org - a constant throughput load testing tool. ○ blueperf - a realistic cloud native application. Some Service Mesh Performance Factors
  • 35. 35 ● Load Balancing Throughput and Latency ○ One of the key features of a service mesh is to provide a load balancing capability. ○ Some of the more popular load balancers that can be integrated with the Service Meshes compared in this presentation are: ■ NGINX ■ HAProxy ■ Envoy ■ Traefik ■ Amazon Application Load Balancer (ALB) Some Service Mesh Comparative Performance Data
  • 36. 36 Load Balancer Requests-per-Second Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
  • 37. 37 Load Balancer Latency and Concurrency Performance Data Data found here: https://www.loggly.com/blog/benchmarking-5-popular-load-balancers-nginx-haproxy-envoy-traefik-and-alb/
  • 38. 38 Load Balancer CPU and Latency and Concurrency Performance Data - Disagreement Data found here: https://medium.com/@ihcsim/linkerd-2-0-and-istio-performance-benchmark-df290101c2bb The latency observed in the Linkerd2-meshed setup ranged from 11.0 ms to almost 14.0 ms. The latency observed in Istio-meshed setup ranged from 36.0 ms to 45.0 ms.
  • 39. 39 Consul vs Istio: ● https://www.consul.io/intro/vs/istio.html Consul vs Istio vs. Linkerd/Conduit: ● https://stackshare.io/stackups/consul-vs-istio-vs-linkerd Linkerd2/Conduit vs Istio: ● https://kinvolk.io/blog/2019/05/performance-benchmark-analysis-of-istio-and-linkerd/ ● https://glasnostic.com/blog/comparing-service-meshes-linkerd-vs-istio ● https://www.aquasec.com/wiki/display/containers/Linkerd+vs+Istio Additional Performance Data
  • 40. 40 Service Mesh Pros & Cons Pro-SMESH-Cons!
  • 41. 41 Service Meshes Architecture Pros and Cons Library Architecture Advantages: ● Resources are locally accounted for each and every service ● Self-service adoption for developers Disadvantages: ● Strong coupling is a significant drawback ● Non-uniform; upgrades are challenging in large environments Node Agent Architecture Advantages: ● Less overhead (especially memory) for things that could be shared across a node ● Easier to scale distribution of configuration information than it is with sidecar proxies (if you’re not using a control plane) ● This model is useful for deployments that are primarily physical or virtual server based. Good for large monolithic apps Disadvantages: ● Coarse support for encryption of service-to-service communication, instead host-to-host encryption and authentication policies ● Blast radius of a proxy failure includes all applications on the node, which is essentially equivalent to losing the node itself ● Not a transparent entity, services must be aware of its existence Sidecar Architecture Advantages: ● Granular encryption of service-to-service communication ● Can be gradually added to an existing cluster without central coordination ● App-to-sidecar communication is easier to secure than app-to-node proxy ● Resources consumed for a service are attributed to that service ● Blast radius of a proxy failure is limited to the sidecar app Disadvantages: ● Lack of central coordination. Difficult to scale operationally ● Sidecar footprint—per service overhead of running a service proxy sidecar
  • 42. 42 ● Istio was presented to the CNCF Technical Oversight Committee in November 2017. This represented an early step for the project to join CNCF. ○ We suspect they will become a full project member in 2019. ○ Linkerd is already a member of CNCF. ● There are both fully Open Source and Commercial implementations of Istio available ○ This will be a key to widespread adoption which will be key to the long-term success of Istio ● The following question will be answered in 2019: “What are the real world benefits I will receive by adopting service mesh as a standard?” ○ The answer will come from use cases stimulating adoption. Service Mesh Comparison Final Thoughts
  • 43. 43 Bottom Line: ● A service mesh will be mandatory by 2020 for any organization running microservices in production. ○ If you’re currently using a service mesh, you already know the value it brings. ○ If you’re considering using a service mesh, make sure you stay in tune with what is going on with this technology! ○ If your company has not yet decided on whether you need a service mesh or not, read the recent industry reports on microservices! Service Mesh Comparison Final Thoughts
  • 45. 2019 | www.mirantis.com Training training.mirantis.com training.mirantis.com Service Mesh and Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day Microservices and Istio Bootcamp (IST100) New! Microservices security, resiliency and monitoring using Istio 2 days Istio Courses from Mirantis Training
  • 46. 46 Thank You Q&A View the webinar recording, including demo, at: https://info.mirantis.com/service-mesh-webinar