Enviar pesquisa
Carregar
The Current And Future State Of Service Mesh
•
0 gostou
•
95 visualizações
Ram Vennam
Seguir
The current state of the Istio service mesh and what might be coming in the future
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 57
Baixar agora
Baixar para ler offline
Recomendados
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
The Future of Service Mesh
The Future of Service Mesh
All Things Open
ciscothousandeyesusecase
ciscothousandeyesusecase
RENJITHKNAIR5
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
IoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdf
GVNSK Sravya
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Canada
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption
Michelle Holley
Recomendados
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
The Future of Service Mesh
The Future of Service Mesh
All Things Open
ciscothousandeyesusecase
ciscothousandeyesusecase
RENJITHKNAIR5
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
IoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdf
GVNSK Sravya
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Canada
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption
Michelle Holley
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
Luca Muscariello
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Canada
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
BAKOTECH
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016
Scott Sims
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Hello Cloud
Istio Service Mesh
Istio Service Mesh
Lew Tucker
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
Cisco DevNet
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
prune1
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
NGINX, Inc.
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
Sanae BEKKAR
Serverless service adoption for Thailand
Serverless service adoption for Thailand
Watcharin Yang-Ngam
Edge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalers
Patrick Lopez
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
mfrancis
Ankit Vakil (2)
Ankit Vakil (2)
Ankit Vakil
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays
StampedeCon 2015 Keynote
StampedeCon 2015 Keynote
Ken Owens
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
StampedeCon
Digital Reinvention by NRB
Digital Reinvention by NRB
William Poos
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
DataWorks Summit
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Mais conteúdo relacionado
Semelhante a The Current And Future State Of Service Mesh
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
Luca Muscariello
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Canada
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
BAKOTECH
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016
Scott Sims
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Hello Cloud
Istio Service Mesh
Istio Service Mesh
Lew Tucker
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
Cisco DevNet
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
prune1
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
NGINX, Inc.
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
Sanae BEKKAR
Serverless service adoption for Thailand
Serverless service adoption for Thailand
Watcharin Yang-Ngam
Edge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalers
Patrick Lopez
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
mfrancis
Ankit Vakil (2)
Ankit Vakil (2)
Ankit Vakil
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays
StampedeCon 2015 Keynote
StampedeCon 2015 Keynote
Ken Owens
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
StampedeCon
Digital Reinvention by NRB
Digital Reinvention by NRB
William Poos
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
DataWorks Summit
Semelhante a The Current And Future State Of Service Mesh
(20)
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Istio Service Mesh
Istio Service Mesh
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
Serverless service adoption for Thailand
Serverless service adoption for Thailand
Edge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalers
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Ankit Vakil (2)
Ankit Vakil (2)
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
StampedeCon 2015 Keynote
StampedeCon 2015 Keynote
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
Digital Reinvention by NRB
Digital Reinvention by NRB
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Último
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Último
(20)
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
The Current And Future State Of Service Mesh
1.
The Current &
Future State of Service Mesh
2.
2 | Copyright
© 2022 Idit Levine Founding API gateway WG-Istio Christian Posta Founding community member, Istio Steering Committee, author Istio in Action Lin Sun Founding Istio project maintainer, Technical Oversight Committee (TOC), Steering Committee Neeraj Poddar Istio Steering and TOC member. Co-founded Istio Product Security Working Group. Yuval Kohavi Renowned security researcher, Founding API Gateway WG-Istio, Contributor Envoy Ram Vennam Founding Istio Steering Committee member Nick Nellis First to run Istio in production, current contributor and maintainer Solo Istio/Envoy Community Leadership Founded in 2017 by Idit Levine Based in Cambridge, MA with multiple locations around the globe Industry leaders in application networking, service mesh, and modern API gateway technologies Open-Core, “Enterprise” Subscription model Growing fast with happy customers Well Funded 350+% bookings growth y/y 98%+ renewal rate $171.5M venture financing $1 Billion valuation Solo.io Gloo Application Networking Platform Simplify your application networking with unified control, reliability, observability, extensibility, and security 2 | Copyright © 2022 Greg Hanson Founding Istio Maintainer, Product Security WG Lead, Istio Release Manager
3.
3 | Copyright
© 2022 Large deployments of enterprise service mesh
4.
4 | Copyright
© 2022 4 | Copyright © 2022 The Current State of Service Mesh… …day 1 and day 2 operations
5.
5 | Copyright
© 2022 Service discovery / Load balancing Secure service-to-service communication Traffic control / shaping / shifting Policy / Intention based access control Traffic metric collection Service resilience API / programmable interface Service Mesh Functions
6.
6 | Copyright
© 2022 Istio
7.
7 | Copyright
© 2022 Install
8.
8 | Copyright
© 2022 Performance ● Envoy proxy uses 0.35 vCPU and 40 MB memory per 1000 requests per second going through the proxy. ● Istiod uses 1 vCPU and 1.5 GB of memory. ● The Envoy proxy adds 2.65 ms to the 90th percentile latency.
9.
9 | Copyright
© 2022 Upgrade
10.
10 | Copyright
© 2022 Gateway API https://gateway-api.sigs.k8s.io/
11.
11 | Copyright
© 2022 11 | Copyright © 2022 The Future of Service Mesh… …happens in and around the data plane
12.
12 | Copyright
© 2022 Data plane is where the innovation continues to happen ● Web Assembly ● HTTP/3 ● Universal Data Plane API Extending the data plane Optimizing the data plane
13.
13 | Copyright
© 2022 13 | Copyright © 2020 Extending the data plane with GraphQL
14.
14 | Copyright
© 2022 Clients https://api.yelp.com/v3 /businesses/search
15.
15 | Copyright
© 2022 GET https://api.yelp.com/v3/businesses/search { "total": 8228, "businesses": [ { "rating": 4, "price": "$", "phone": "+14152520800", "alias": "four-barrel-coffee-san-francisco", "categories": [ { "alias": "coffee", "title": "Coffee & Tea" } ], // ... ], "region": { "center": { "latitude": 37.767413217936834, "longitude": -122.42820739746094 } } }
16.
16 | Copyright
© 2022 Clients Web API /business/{id}/menu /reviews/{id} /events/{name}
17.
17 | Copyright
© 2022 GraphQL Returns exactly what we need and nothing more Fetches data across different resources from a single query
18.
18 | Copyright
© 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name } } { “businesses”: [ { “name”: “solo.io” }, { “name”: “Solo Solar” } ] } Business Info API
19.
19 | Copyright
© 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102 }, { “name”: “Solo Solar”, “phone”: 2223657814 }, ] } Business Info API
20.
20 | Copyright
© 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone location { address } } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “address”:“3 Hershey Park” }, }, ] } Business Info API Business Location API
21.
21 | Copyright
© 2022 https://api.yelp.com/v3/graphql query { solo_query: businesses(search: “solo”) { name phone location { business_address: address } } } { “solo_query”: [ { “name”: “solo.io”, “phone”: 6172213102, “business_address”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “business_address”: { “address”:“3 Hershey Park” }, }, ], }
22.
22 | Copyright
© 2022 https://api.yelp.com/v3/graphql query { solo: businesses(search: “solo”) { name phone location { state } } software: businesses(search: “software”) { name } } { “solo”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “state”:“MA” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “state”:“CA” }, }, ], “software”: [{...}] }
23.
23 | Copyright
© 2022 Query query { businesses(search: “solo”) { name phone location { state } } } type Query { businesses(search: String!): [Business] } type Business { name: String phone: String categories: [String] reviews: [Int] location: Location } type Location { state: String! country: String! street: String! } Schema Definition Language (SDL)
24.
24 | Copyright
© 2022
25.
25 | Copyright
© 2022
26.
26 | Copyright
© 2022
27.
27 | Copyright
© 2022 GraphQL Interest - Market Indicators https://trends.google.com https://2020.stateofjs.com/en-US/technologies/datalayer https://smartbear.com/state-of-software-quality/api/tools 24%
28.
28 | Copyright
© 2022 GraphQL Adoption Patterns REST
29.
29 | Copyright
© 2022 GraphQL Adoption Patterns REST gRPC REST gRPC
30.
30 | Copyright
© 2022 GraphQL Adoption Patterns
31.
31 | Copyright
© 2022 GraphQL Adoption Patterns
32.
32 | Copyright
© 2022 GraphQL Traffic Patterns
33.
33 | Copyright
© 2022 Considerations when using GraphQL APIs Application Interface Application Network Client-specific data views Single entry point to entire graph Overfetching data Underfetching data (N+1) Client compatibility with schema evolution Authentication / Authorization Rate Limiting Observability Web Application Firewall Data Loss Prevention
34.
34 | Copyright
© 2022 GraphQL Support in Envoy • Web Application Firewall (WAF) • Data Loss Prevention (DLP) • AWS Lambda • Request and Response Transformation • SOAP • GraphQL EXTERNAL AUTH RATE LIMITING ROUTER UPSTREAM CUSTOM gRPC TRANSCODER Gloo Edge Custom Envoy Filter
35.
35 | Copyright
© 2022 Extending the service mesh data plane
36.
36 | Copyright
© 2022 Extending the data plane
37.
37 | Copyright
© 2022 Benefits of GraphQL in Envoy Simplified deployment architecture Optimized data plane performance Declarative configuration for apps and infra Leverage platform capabilities vs. DIY in every application Architecture scales from simple monolith to multi cloud federation
38.
38 | Copyright
© 2022 38 | Copyright © 2020 Optimizing the service mesh data plane
39.
39 | Copyright
© 2022 What is eBPF? • Linux technology which enables users to run custom programs “sandboxed” in the kernel • extended Berkeley Packet Filter, evolution of “classic BPF” – think tcpdump • Event-based – programs are attached to “hook points” that are triggered by certain events − E.g. ‘kprobe’ type programs are attached to kernel functions and are then executed when that function is called • BPF programs are verified to be “safe” – won’t crash the kernel, guaranteed to return (no infinite loops), can only access specific sections of memory, etc.
40.
40 | Copyright
© 2022 petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket Istio sidecar redirection
41.
41 | Copyright
© 2022 Networking in Istio Source: https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing
42.
42 | Copyright
© 2022 Istio data-path acceleration with eBPF • The Linux kernel has several hookpoints in network stack for BPF programs to be attached • Attach BPF programs to network sockets • Special BPF map (sockmap) that can redirect data from one socket directly to another
43.
43 | Copyright
© 2022 Istio data-path acceleration petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket eBPF eBPF Skip the network stack!
44.
44 | Copyright
© 2022 Istio data-path acceleration
45.
45 | Copyright
© 2022 Can eBPF implement service mesh functions? Service Mesh Functions: • L4 & L7 Observability • Identity Management • Encryption • JWT based Authz/Authn • External Authorization • L7 Traffic Management • Advanced Load Balancing • Session Affinity • ... eBPF: ● eBPF execution paths must be fully known and verified ● eBPF programs cannot have arbitrary loops where the verifier will not know when the program will stop execution. ● eBPF is turing incomplete. ● eBPF is ideal for O(1) complexity ○ inspecting a packet ○ manipulating some bits ○ redirect ● Complex protocols like HTTP/2 and gRPC can be O(n) complexity and very difficult to debug
46.
46 | Copyright
© 2022 Data plane as a spectrum From “The Truth About the Service Mesh Data Plane”, November 2019 https://www.slideshare.net/ceposta/the-truth-about-the-service-mesh-data-plane
47.
47 | Copyright
© 2022 Data plane: sidecar (service proxy)
48.
48 | Copyright
© 2022 Data plane: sidecar (service proxy)
49.
49 | Copyright
© 2022 Data plane: shared proxy per node
50.
50 | Copyright
© 2022 Data plane: shared proxy per node
51.
51 | Copyright
© 2022 Data plane: shared proxy per service account (per node)
52.
52 | Copyright
© 2022 Data plane: shared proxy per service account (per node)
53.
53 | Copyright
© 2022 Data plane: shared remote proxy with micro-sidecar
54.
54 | Copyright
© 2022 Data plane: shared remote proxy with micro-sidecar
55.
55 | Copyright
© 2022 User Clusters Public cloud Compliance / DMZ
56.
56 | Copyright
© 2022 Gloo Application Networking Platform
57.
57 | Copyright
© 2022 Solo Istio/Envoy Community Leadership Idit Levine Christian Posta Lin Sun Neeraj Poddar Yuval Kohavi Ram Vennam Nick Nellis “The team Solo has assembled is incredible. They have deep expertise with Envoy and Istio, and they’re extremely receptive to community feedback. The strength of their team gives us confidence in the innovation and support they’re able to provide.” CURRENT CUSTOMER Thank you!! Reach out to us for guidance! CRAWL WALK Access to Expertise and Long-term Support (LTS) Enhanced capabilities for security, observability & collaboration RUN FLY Extend & Scale Across Teams and the World Multi-Cluster, Multi-Mesh on Cloud and Hybrid 57 | Copyright © 2022
Baixar agora