Decoupling Distributed Systems from IP Networks
Take a trip with Derek Collison into the history of distributed systems, the good and the bad, and now how to move forward.
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
OSCON 2019 | Time to Think Different
1. Time to Think Different:
Decoupling distributed systems from
IP networks
oscon.com
#OSCON
2. oscon.com
#OSCON
Derek Collison / @derekcollison
Founder and CEO at Synadia
๏ Creator of NATS
๏ Founder and Former CEO at Apcera
๏ CTO, Chief Architect at VMware
๏ Architected CloudFoundry
๏ Technical Director at Google
๏ SVP and Chief Architect at TIBCO
7. Distributed Systems History
1. We created this problem
2. There used to be just one computer
3. Security was a guard that was posted, sometimes
4. Want to do more, buy a faster machine
12. IP Networks
1. Based on network addressing and routing
2. Network elements can route packets
3. Used to be NO network elements but NICs
4. Now, lots of network elements - try traceroute!
13. IP Networks
1. Mostly 1:1 (src -> dst)
2. But could do broadcast, kindof
3. Could do select broadcast, e.g. multicast, kindof
4. Management and admin nightmare
5. So mostly 1:1 via TCP/IP, clouds don’t support 1:N
16. IP Ports
1. 2 bytes - max 65k per src addr
2. Allows multiple “apps” on a single “machine”
3. Defined scale problems with Web Scale 🤔
4. Defined the Firewall era (punch a hole!)
5. Ports == app, e.g. 22, 80, 443, 4222
6. Why is everything HTTP(S)? 😏
26. DNS
1. Generally does not include the port
2. Generally is not secured
3. Can be compromised easily, e.g. hotels, GoGo
4. Can be hard to register new hostname
28. Modern Software Systems
1. Decomposable software
2. Services and Streams to Connect
3. Platform technology is maturing
4. Compute and Storage are ubiquitous, but can $$
5. Machine -> VM -> Container -> Serverless -> ????
6. Systems Arch still important, but being forgot
33. Cryptography
1. Symmetric
2. Asymmetric or PKI
3. Both - Diffie Hellman
4. Prime Based -> Elliptic Curve
5. Encrypted Communications, Authenticated, a bit.
6. X509 certificates - TLS, SSL, HTTPS
34. x509
1. Public Key Certificates - PKI
2. Chains of trust (or self signed)
3. A way to trust who you are speaking to
4. Mostly one way
5. Cumbersome, painful, surprising!
37. Summary
1. Communications over IP networks
2. DNS converts name to IP, but not a port
3. Apps bind to a port, but mostly HTTPS
4. Moderns software systems lots of moving parts
5. They use TLS for encryption and some identity
6. Based off a name, returned as IP from DNS
7. And everything is moving and changing
42. Think different
1. Do not use IP for addressing/discovery and comms
2. Do not depend on DNS to get the right IP
3. PKI is good, passwords bad. Lose them!
4. Don’t restrict to 1:1 communications
5. Don’t force everything through HTTP(S)
6. Allow scalable Services and Streams, same tech
7. Secure by default, decentralized by design
43.
44. NATS
1. Based on routing of subjects (topics) not IP
2. Message based, not packet
3. Can do Services and Streams
4. Can do N:M, and queue delivery, not just 1:1
5. Secure and isolated, decentralized by design
6. A Simple, Lightweight, Self Healing System
7. Simple things are Simple, Hard is Possible
46. NATS Slack
1. Decentralized, no central control or SPOF
2. Secure by default
3. Can run anywhere, on any cloud, platform, or geo
4. Verify messages and users
5. Channels and DMs, DMs private
6. Lightweight
7. Extensible - Your homework