SlideShare uma empresa Scribd logo

The Current And Future State Of Service Mesh

Ram Vennam
Ram Vennam

The current state of the Istio service mesh and what might be coming in the future

Tecnologia
1 de 57
Baixar para ler offline
The Current & Future State of Service Mesh
2 | Copyright © 2022 Idit Levine Founding API gateway WG-Istio Christian Posta Founding community member, Istio Steering Committee, author Istio in Action Lin Sun Founding Istio project maintainer, Technical Oversight Committee (TOC), Steering Committee Neeraj Poddar Istio Steering and TOC member. Co-founded Istio Product Security Working Group. Yuval Kohavi Renowned security researcher, Founding API Gateway WG-Istio, Contributor Envoy Ram Vennam Founding Istio Steering Committee member Nick Nellis First to run Istio in production, current contributor and maintainer Solo Istio/Envoy Community Leadership Founded in 2017 by Idit Levine Based in Cambridge, MA with multiple locations around the globe Industry leaders in application networking, service mesh, and modern API gateway technologies Open-Core, “Enterprise” Subscription model Growing fast with happy customers Well Funded 350+% bookings growth y/y 98%+ renewal rate $171.5M venture financing $1 Billion valuation Solo.io Gloo Application Networking Platform Simplify your application networking with unified control, reliability, observability, extensibility, and security 2 | Copyright © 2022 Greg Hanson Founding Istio Maintainer, Product Security WG Lead, Istio Release Manager
3 | Copyright © 2022 Large deployments of enterprise service mesh
4 | Copyright © 2022 4 | Copyright © 2022 The Current State of Service Mesh… …day 1 and day 2 operations
5 | Copyright © 2022 Service discovery / Load balancing Secure service-to-service communication Traffic control / shaping / shifting Policy / Intention based access control Traffic metric collection Service resilience API / programmable interface Service Mesh Functions
6 | Copyright © 2022 Istio
7 | Copyright © 2022 Install
8 | Copyright © 2022 Performance ● Envoy proxy uses 0.35 vCPU and 40 MB memory per 1000 requests per second going through the proxy. ● Istiod uses 1 vCPU and 1.5 GB of memory. ● The Envoy proxy adds 2.65 ms to the 90th percentile latency.
9 | Copyright © 2022 Upgrade
10 | Copyright © 2022 Gateway API https://gateway-api.sigs.k8s.io/
11 | Copyright © 2022 11 | Copyright © 2022 The Future of Service Mesh… …happens in and around the data plane
12 | Copyright © 2022 Data plane is where the innovation continues to happen ● Web Assembly ● HTTP/3 ● Universal Data Plane API Extending the data plane Optimizing the data plane
13 | Copyright © 2022 13 | Copyright © 2020 Extending the data plane with GraphQL
14 | Copyright © 2022 Clients https://api.yelp.com/v3 /businesses/search
15 | Copyright © 2022 GET https://api.yelp.com/v3/businesses/search { "total": 8228, "businesses": [ { "rating": 4, "price": "$", "phone": "+14152520800", "alias": "four-barrel-coffee-san-francisco", "categories": [ { "alias": "coffee", "title": "Coffee & Tea" } ], // ... ], "region": { "center": { "latitude": 37.767413217936834, "longitude": -122.42820739746094 } } }
16 | Copyright © 2022 Clients Web API /business/{id}/menu /reviews/{id} /events/{name}
17 | Copyright © 2022 GraphQL Returns exactly what we need and nothing more Fetches data across different resources from a single query
18 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name } } { “businesses”: [ { “name”: “solo.io” }, { “name”: “Solo Solar” } ] } Business Info API
19 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102 }, { “name”: “Solo Solar”, “phone”: 2223657814 }, ] } Business Info API
20 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone location { address } } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “address”:“3 Hershey Park” }, }, ] } Business Info API Business Location API
21 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo_query: businesses(search: “solo”) { name phone location { business_address: address } } } { “solo_query”: [ { “name”: “solo.io”, “phone”: 6172213102, “business_address”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “business_address”: { “address”:“3 Hershey Park” }, }, ], }
22 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo: businesses(search: “solo”) { name phone location { state } } software: businesses(search: “software”) { name } } { “solo”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “state”:“MA” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “state”:“CA” }, }, ], “software”: [{...}] }
23 | Copyright © 2022 Query query { businesses(search: “solo”) { name phone location { state } } } type Query { businesses(search: String!): [Business] } type Business { name: String phone: String categories: [String] reviews: [Int] location: Location } type Location { state: String! country: String! street: String! } Schema Definition Language (SDL)
24 | Copyright © 2022
25 | Copyright © 2022
26 | Copyright © 2022
27 | Copyright © 2022 GraphQL Interest - Market Indicators https://trends.google.com https://2020.stateofjs.com/en-US/technologies/datalayer https://smartbear.com/state-of-software-quality/api/tools 24%
28 | Copyright © 2022 GraphQL Adoption Patterns REST
29 | Copyright © 2022 GraphQL Adoption Patterns REST gRPC REST gRPC
30 | Copyright © 2022 GraphQL Adoption Patterns
31 | Copyright © 2022 GraphQL Adoption Patterns
32 | Copyright © 2022 GraphQL Traffic Patterns
33 | Copyright © 2022 Considerations when using GraphQL APIs Application Interface Application Network Client-specific data views Single entry point to entire graph Overfetching data Underfetching data (N+1) Client compatibility with schema evolution Authentication / Authorization Rate Limiting Observability Web Application Firewall Data Loss Prevention
34 | Copyright © 2022 GraphQL Support in Envoy • Web Application Firewall (WAF) • Data Loss Prevention (DLP) • AWS Lambda • Request and Response Transformation • SOAP • GraphQL EXTERNAL AUTH RATE LIMITING ROUTER UPSTREAM CUSTOM gRPC TRANSCODER Gloo Edge Custom Envoy Filter
35 | Copyright © 2022 Extending the service mesh data plane
36 | Copyright © 2022 Extending the data plane
37 | Copyright © 2022 Benefits of GraphQL in Envoy Simplified deployment architecture Optimized data plane performance Declarative configuration for apps and infra Leverage platform capabilities vs. DIY in every application Architecture scales from simple monolith to multi cloud federation
38 | Copyright © 2022 38 | Copyright © 2020 Optimizing the service mesh data plane
39 | Copyright © 2022 What is eBPF? • Linux technology which enables users to run custom programs “sandboxed” in the kernel • extended Berkeley Packet Filter, evolution of “classic BPF” – think tcpdump • Event-based – programs are attached to “hook points” that are triggered by certain events − E.g. ‘kprobe’ type programs are attached to kernel functions and are then executed when that function is called • BPF programs are verified to be “safe” – won’t crash the kernel, guaranteed to return (no infinite loops), can only access specific sections of memory, etc.
40 | Copyright © 2022 petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket Istio sidecar redirection
41 | Copyright © 2022 Networking in Istio Source: https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing
42 | Copyright © 2022 Istio data-path acceleration with eBPF • The Linux kernel has several hookpoints in network stack for BPF programs to be attached • Attach BPF programs to network sockets • Special BPF map (sockmap) that can redirect data from one socket directly to another
43 | Copyright © 2022 Istio data-path acceleration petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket eBPF eBPF Skip the network stack!
44 | Copyright © 2022 Istio data-path acceleration
45 | Copyright © 2022 Can eBPF implement service mesh functions? Service Mesh Functions: • L4 & L7 Observability • Identity Management • Encryption • JWT based Authz/Authn • External Authorization • L7 Traffic Management • Advanced Load Balancing • Session Affinity • ... eBPF: ● eBPF execution paths must be fully known and verified ● eBPF programs cannot have arbitrary loops where the verifier will not know when the program will stop execution. ● eBPF is turing incomplete. ● eBPF is ideal for O(1) complexity ○ inspecting a packet ○ manipulating some bits ○ redirect ● Complex protocols like HTTP/2 and gRPC can be O(n) complexity and very difficult to debug
46 | Copyright © 2022 Data plane as a spectrum From “The Truth About the Service Mesh Data Plane”, November 2019 https://www.slideshare.net/ceposta/the-truth-about-the-service-mesh-data-plane
47 | Copyright © 2022 Data plane: sidecar (service proxy)
48 | Copyright © 2022 Data plane: sidecar (service proxy)
49 | Copyright © 2022 Data plane: shared proxy per node
50 | Copyright © 2022 Data plane: shared proxy per node
51 | Copyright © 2022 Data plane: shared proxy per service account (per node)
52 | Copyright © 2022 Data plane: shared proxy per service account (per node)
53 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
54 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
55 | Copyright © 2022 User Clusters Public cloud Compliance / DMZ
56 | Copyright © 2022 Gloo Application Networking Platform
57 | Copyright © 2022 Solo Istio/Envoy Community Leadership Idit Levine Christian Posta Lin Sun Neeraj Poddar Yuval Kohavi Ram Vennam Nick Nellis “The team Solo has assembled is incredible. They have deep expertise with Envoy and Istio, and they’re extremely receptive to community feedback. The strength of their team gives us confidence in the innovation and support they’re able to provide.” CURRENT CUSTOMER Thank you!! Reach out to us for guidance! CRAWL WALK Access to Expertise and Long-term Support (LTS) Enhanced capabilities for security, observability & collaboration RUN FLY Extend & Scale Across Teams and the World Multi-Cluster, Multi-Mesh on Cloud and Hybrid 57 | Copyright © 2022

Recomendados

FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service MeshAll Things Open
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
IoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdfIoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdfGVNSK Sravya
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Michelle Holley
 

Recomendados

FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service MeshAll Things Open
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
IoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdfIoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdfGVNSK Sravya
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Michelle Holley
 
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...Luca Muscariello
 
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Canada
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаBAKOTECH
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Scott Sims
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsCisco DevNet
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfprune1
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...Sanae BEKKAR
 
Serverless service adoption for Thailand
Serverless service adoption for ThailandServerless service adoption for Thailand
Serverless service adoption for ThailandWatcharin Yang-Ngam
 
Edge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalersEdge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalersPatrick Lopez
 
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...mfrancis
 
Ankit Vakil (2)
Ankit Vakil (2)Ankit Vakil (2)
Ankit Vakil (2)Ankit Vakil
 
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 KeynoteKen Owens
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015StampedeCon
 
Digital Reinvention by NRB
Digital Reinvention by NRBDigital Reinvention by NRB
Digital Reinvention by NRBWilliam Poos
 
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...DataWorks Summit
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Mais conteúdo relacionado

Semelhante a The Current And Future State Of Service Mesh

A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...Luca Muscariello
 
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Canada
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаBAKOTECH
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Scott Sims
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsCisco DevNet
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfprune1
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...Sanae BEKKAR
 
Serverless service adoption for Thailand
Serverless service adoption for ThailandServerless service adoption for Thailand
Serverless service adoption for ThailandWatcharin Yang-Ngam
 
Edge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalersEdge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalersPatrick Lopez
 
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...mfrancis
 
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 KeynoteKen Owens
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015StampedeCon
 
Digital Reinvention by NRB
Digital Reinvention by NRBDigital Reinvention by NRB
Digital Reinvention by NRBWilliam Poos
 
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...DataWorks Summit
 

Semelhante a The Current And Future State Of Service Mesh (20)

A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Perfo...
 
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
 
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
 
Serverless service adoption for Thailand
Serverless service adoption for ThailandServerless service adoption for Thailand
Serverless service adoption for Thailand
 
Edge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalersEdge Computing risks and Opportunities for Telco and hyperscalers
Edge Computing risks and Opportunities for Telco and hyperscalers
 
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
 
Ankit Vakil (2)
Ankit Vakil (2)Ankit Vakil (2)
Ankit Vakil (2)
 
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
 
Digital Reinvention by NRB
Digital Reinvention by NRBDigital Reinvention by NRB
Digital Reinvention by NRB
 
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
Data Acquisition Automation for NiFi in a Hybrid Cloud environment – the Path...
 

Último

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Último (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

The Current And Future State Of Service Mesh

  • 1. The Current & Future State of Service Mesh
  • 2. 2 | Copyright © 2022 Idit Levine Founding API gateway WG-Istio Christian Posta Founding community member, Istio Steering Committee, author Istio in Action Lin Sun Founding Istio project maintainer, Technical Oversight Committee (TOC), Steering Committee Neeraj Poddar Istio Steering and TOC member. Co-founded Istio Product Security Working Group. Yuval Kohavi Renowned security researcher, Founding API Gateway WG-Istio, Contributor Envoy Ram Vennam Founding Istio Steering Committee member Nick Nellis First to run Istio in production, current contributor and maintainer Solo Istio/Envoy Community Leadership Founded in 2017 by Idit Levine Based in Cambridge, MA with multiple locations around the globe Industry leaders in application networking, service mesh, and modern API gateway technologies Open-Core, “Enterprise” Subscription model Growing fast with happy customers Well Funded 350+% bookings growth y/y 98%+ renewal rate $171.5M venture financing $1 Billion valuation Solo.io Gloo Application Networking Platform Simplify your application networking with unified control, reliability, observability, extensibility, and security 2 | Copyright © 2022 Greg Hanson Founding Istio Maintainer, Product Security WG Lead, Istio Release Manager
  • 3. 3 | Copyright © 2022 Large deployments of enterprise service mesh
  • 4. 4 | Copyright © 2022 4 | Copyright © 2022 The Current State of Service Mesh… …day 1 and day 2 operations
  • 5. 5 | Copyright © 2022 Service discovery / Load balancing Secure service-to-service communication Traffic control / shaping / shifting Policy / Intention based access control Traffic metric collection Service resilience API / programmable interface Service Mesh Functions
  • 6. 6 | Copyright © 2022 Istio
  • 7. 7 | Copyright © 2022 Install
  • 8. 8 | Copyright © 2022 Performance ● Envoy proxy uses 0.35 vCPU and 40 MB memory per 1000 requests per second going through the proxy. ● Istiod uses 1 vCPU and 1.5 GB of memory. ● The Envoy proxy adds 2.65 ms to the 90th percentile latency.
  • 9. 9 | Copyright © 2022 Upgrade
  • 10. 10 | Copyright © 2022 Gateway API https://gateway-api.sigs.k8s.io/
  • 11. 11 | Copyright © 2022 11 | Copyright © 2022 The Future of Service Mesh… …happens in and around the data plane
  • 12. 12 | Copyright © 2022 Data plane is where the innovation continues to happen ● Web Assembly ● HTTP/3 ● Universal Data Plane API Extending the data plane Optimizing the data plane
  • 13. 13 | Copyright © 2022 13 | Copyright © 2020 Extending the data plane with GraphQL
  • 14. 14 | Copyright © 2022 Clients https://api.yelp.com/v3 /businesses/search
  • 15. 15 | Copyright © 2022 GET https://api.yelp.com/v3/businesses/search { "total": 8228, "businesses": [ { "rating": 4, "price": "$", "phone": "+14152520800", "alias": "four-barrel-coffee-san-francisco", "categories": [ { "alias": "coffee", "title": "Coffee & Tea" } ], // ... ], "region": { "center": { "latitude": 37.767413217936834, "longitude": -122.42820739746094 } } }
  • 16. 16 | Copyright © 2022 Clients Web API /business/{id}/menu /reviews/{id} /events/{name}
  • 17. 17 | Copyright © 2022 GraphQL Returns exactly what we need and nothing more Fetches data across different resources from a single query
  • 18. 18 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name } } { “businesses”: [ { “name”: “solo.io” }, { “name”: “Solo Solar” } ] } Business Info API
  • 19. 19 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102 }, { “name”: “Solo Solar”, “phone”: 2223657814 }, ] } Business Info API
  • 20. 20 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone location { address } } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “address”:“3 Hershey Park” }, }, ] } Business Info API Business Location API
  • 21. 21 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo_query: businesses(search: “solo”) { name phone location { business_address: address } } } { “solo_query”: [ { “name”: “solo.io”, “phone”: 6172213102, “business_address”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “business_address”: { “address”:“3 Hershey Park” }, }, ], }
  • 22. 22 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo: businesses(search: “solo”) { name phone location { state } } software: businesses(search: “software”) { name } } { “solo”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “state”:“MA” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “state”:“CA” }, }, ], “software”: [{...}] }
  • 23. 23 | Copyright © 2022 Query query { businesses(search: “solo”) { name phone location { state } } } type Query { businesses(search: String!): [Business] } type Business { name: String phone: String categories: [String] reviews: [Int] location: Location } type Location { state: String! country: String! street: String! } Schema Definition Language (SDL)
  • 24. 24 | Copyright © 2022
  • 25. 25 | Copyright © 2022
  • 26. 26 | Copyright © 2022
  • 27. 27 | Copyright © 2022 GraphQL Interest - Market Indicators https://trends.google.com https://2020.stateofjs.com/en-US/technologies/datalayer https://smartbear.com/state-of-software-quality/api/tools 24%
  • 28. 28 | Copyright © 2022 GraphQL Adoption Patterns REST
  • 29. 29 | Copyright © 2022 GraphQL Adoption Patterns REST gRPC REST gRPC
  • 30. 30 | Copyright © 2022 GraphQL Adoption Patterns
  • 31. 31 | Copyright © 2022 GraphQL Adoption Patterns
  • 32. 32 | Copyright © 2022 GraphQL Traffic Patterns
  • 33. 33 | Copyright © 2022 Considerations when using GraphQL APIs Application Interface Application Network Client-specific data views Single entry point to entire graph Overfetching data Underfetching data (N+1) Client compatibility with schema evolution Authentication / Authorization Rate Limiting Observability Web Application Firewall Data Loss Prevention
  • 34. 34 | Copyright © 2022 GraphQL Support in Envoy • Web Application Firewall (WAF) • Data Loss Prevention (DLP) • AWS Lambda • Request and Response Transformation • SOAP • GraphQL EXTERNAL AUTH RATE LIMITING ROUTER UPSTREAM CUSTOM gRPC TRANSCODER Gloo Edge Custom Envoy Filter
  • 35. 35 | Copyright © 2022 Extending the service mesh data plane
  • 36. 36 | Copyright © 2022 Extending the data plane
  • 37. 37 | Copyright © 2022 Benefits of GraphQL in Envoy Simplified deployment architecture Optimized data plane performance Declarative configuration for apps and infra Leverage platform capabilities vs. DIY in every application Architecture scales from simple monolith to multi cloud federation
  • 38. 38 | Copyright © 2022 38 | Copyright © 2020 Optimizing the service mesh data plane
  • 39. 39 | Copyright © 2022 What is eBPF? • Linux technology which enables users to run custom programs “sandboxed” in the kernel • extended Berkeley Packet Filter, evolution of “classic BPF” – think tcpdump • Event-based – programs are attached to “hook points” that are triggered by certain events − E.g. ‘kprobe’ type programs are attached to kernel functions and are then executed when that function is called • BPF programs are verified to be “safe” – won’t crash the kernel, guaranteed to return (no infinite loops), can only access specific sections of memory, etc.
  • 40. 40 | Copyright © 2022 petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket Istio sidecar redirection
  • 41. 41 | Copyright © 2022 Networking in Istio Source: https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing
  • 42. 42 | Copyright © 2022 Istio data-path acceleration with eBPF • The Linux kernel has several hookpoints in network stack for BPF programs to be attached • Attach BPF programs to network sockets • Special BPF map (sockmap) that can redirect data from one socket directly to another
  • 43. 43 | Copyright © 2022 Istio data-path acceleration petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket eBPF eBPF Skip the network stack!
  • 44. 44 | Copyright © 2022 Istio data-path acceleration
  • 45. 45 | Copyright © 2022 Can eBPF implement service mesh functions? Service Mesh Functions: • L4 & L7 Observability • Identity Management • Encryption • JWT based Authz/Authn • External Authorization • L7 Traffic Management • Advanced Load Balancing • Session Affinity • ... eBPF: ● eBPF execution paths must be fully known and verified ● eBPF programs cannot have arbitrary loops where the verifier will not know when the program will stop execution. ● eBPF is turing incomplete. ● eBPF is ideal for O(1) complexity ○ inspecting a packet ○ manipulating some bits ○ redirect ● Complex protocols like HTTP/2 and gRPC can be O(n) complexity and very difficult to debug
  • 46. 46 | Copyright © 2022 Data plane as a spectrum From “The Truth About the Service Mesh Data Plane”, November 2019 https://www.slideshare.net/ceposta/the-truth-about-the-service-mesh-data-plane
  • 47. 47 | Copyright © 2022 Data plane: sidecar (service proxy)
  • 48. 48 | Copyright © 2022 Data plane: sidecar (service proxy)
  • 49. 49 | Copyright © 2022 Data plane: shared proxy per node
  • 50. 50 | Copyright © 2022 Data plane: shared proxy per node
  • 51. 51 | Copyright © 2022 Data plane: shared proxy per service account (per node)
  • 52. 52 | Copyright © 2022 Data plane: shared proxy per service account (per node)
  • 53. 53 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
  • 54. 54 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
  • 55. 55 | Copyright © 2022 User Clusters Public cloud Compliance / DMZ
  • 56. 56 | Copyright © 2022 Gloo Application Networking Platform
  • 57. 57 | Copyright © 2022 Solo Istio/Envoy Community Leadership Idit Levine Christian Posta Lin Sun Neeraj Poddar Yuval Kohavi Ram Vennam Nick Nellis “The team Solo has assembled is incredible. They have deep expertise with Envoy and Istio, and they’re extremely receptive to community feedback. The strength of their team gives us confidence in the innovation and support they’re able to provide.” CURRENT CUSTOMER Thank you!! Reach out to us for guidance! CRAWL WALK Access to Expertise and Long-term Support (LTS) Enhanced capabilities for security, observability & collaboration RUN FLY Extend & Scale Across Teams and the World Multi-Cluster, Multi-Mesh on Cloud and Hybrid 57 | Copyright © 2022