Multi-cluster service mesh with GlooMesh

•Download as PPT, PDF•

0 likes•1,245 views

This document discusses service mesh patterns for connecting microservices across multiple clusters. It describes using Envoy proxy to provide service discovery, load balancing, security and resiliency. Patterns are presented for connecting services across clusters with flat, controlled or separate networks. Managing connectivity across clusters can increase operator burden. Gloo Mesh is presented as a way to simplify management across multiple clusters with a centralized control plane.

Multi-Cluster Service-Mesh Patterns
Christian Posta
Field CTO – Solo.io

2 | Copyright © 2020
CHRISTIAN POSTA
Global Field CTO, Solo.io
@christianposta
christian@solo.io
https://blog.christianposta.com
https://slideshare.net/ceposta

3 | Copyright © 2020
As we move to services architectures,
on cloud-native deployment platforms,
we increase the complexity between
our services.

5 | Copyright © 2020
Service proxy lives with application instance

6 | Copyright © 2020
Service proxy lives with application instance

7 | Copyright © 2020
Service mesh technologies provide the following:
• Service discovery / Load balancing
• Secure service-to-service communication
• Traffic control / shaping / shifting
• Policy / Intention based access control
• Traffic metric collection
• Service resilience
• API / programmable interface

8 | Copyright © 2020
More, smaller clusters
• High availability
• Compliance
• Isolation / Autonomy
• Scale
• Data locality, cost
• Public/DMZ/Private networks

9 | Copyright © 2020
Pattern: flat network across pods
Account
User
Products
Cluster 1 Cluster 2
History

10 | Copyright © 2020
Pattern: Different network, expose all services
Account
User
Products
Cluster 1 Cluster 2
History

11 | Copyright © 2020
Pattern: Different network, controlled gateway
Account
User
Products
Cluster 1 Cluster 2
History
User

12 | Copyright © 2020
Envoy is the magic behind service mesh
http://envoyproxy.io

14 | Copyright © 2020
Envoy implements:
• zone aware, priority/locality load balancing
• circuit breaking, outlier detection
• timeouts, retries, retry budgets
• traffic shadowing
• request racing
• rate limiting
• RBAC, TLS origination/termination
• access logging, statistics collection

15 | Copyright © 2020
Envoy to do application networking heavy lifting
Account
work
load
work
load
work
load
mTLS
• Transparent client-side routing
decisions
• TLS orig/termination
• Circuit breaking
• Stats collection

16 | Copyright © 2020
Envoy as backbone for multi-cluster
communication federation
Account
User
Cluster 1 Cluster 2
Products
History
User

17 | Copyright © 2020
Other key Envoy proxying features
• Request hedging
• Retry Budgets
• Load balancing priorities
• Locality weighted load balancing
• Zone aware routing
• Degraded endpoints (fallback)
• Aggregated clusters

18 | Copyright © 202018 | Copyright © 2020
Multi-cluster examples
Service mesh examples using Envoy Proxy

19 | Copyright © 2020
Shared control plane, flat network
Account
User
Cluster 1 Cluster 2
Products
History
User
Istiod

20 | Copyright © 2020
Account
User
Cluster 1 Cluster 2
Products
History
User
Istiod
Shared control plane, separate networks

21 | Copyright © 2020
Account
User
Cluster 1 Cluster 2
Products
History
User
Istiod
Separate control planes, separate networks
Istiod

22 | Copyright © 2020
Increased operator burden
• Making each cluster aware of what services live where
• Unifying identity domains / limited trust networks
• Often need to write multiple configurations in multiple clusters just to
accomplish something simple (like traffic routing)
• Consistent security
• Defining failover semantics (locality, priority, etc)
• Isolating fault domains (trust, configuration, etc)

23 | Copyright © 2020
What to do about the added
burden for the operator?
https://github.com/solo-io/gloo-mesh

24 | Copyright © 2020
What to do about the added burden for the
operator?
https://github.com/solo-io/gloo-mesh

25 | Copyright © 2020 @christianposta
Cluster 1 Cluster 2
Istiod
work
load
Ingress
Gateway
Istiod
work
load
work
load
work
load
work
load
work
load
Gloo Mesh
Management
Ingress
Gateway
Management
Plane

26 | Copyright © 202026 | Copyright © 2020
Demo
Service Mesh Hub

27 | Copyright © 2020 @christianposta
THANK YOU FOR ATTENDING!
@christianposta
christian@solo.io
https://blog.christianposta.com
https://slideshare.net/ceposta

28 | Copyright © 2020
• https://solo.io
• https://slack.solo.io
• https://gloo.solo.io
• https://envoyproxy.io
• https://istio.io
• https://webassemblyhub.io
• https://servicemeshhub.io
• https://blog.christianposta.com

API Gateways provide functionality like rate limiting, authentication, request routing, reporting, and more. If you’ve been following the rise in service-mesh technologies, you’ll notice there is a lot of overlap with API Gateways when solving some of the challenges of microservices. If service mesh can solve these same problems, you may wonder whether you really need a dedicated API Gateway solution? The reality is there is some nuance in the problems solved at the edge (API Gateway) compared to service-to-service communication (service mesh) within a cluster. But with the evolution of cluster-deployment patterns, these nuances are becoming less important. What’s more important is that the API Gateway is evolving to live at a layer above service mesh and not directly overlapping with it. In other words, API Gateways are evolving to solve application-level concerns like aggregation, transformation, and deeper context and content-based routing as well as fitting into a more self-service, GitOps style workflow. In this talk we put aside the “API Gateway” infrastructure as we know it today and go back to first principles with the “API Gateway pattern” and revisit the real problems we’re trying to solve. Then we’ll discuss pros and cons of alternative ways to implement the API Gateway pattern and finally look at open source projects like Envoy, Kubernetes, and GraphQL to see how the “API Gateway pattern” actually becomes the API for our applications while coexisting nicely with a service mesh (if you adopt a service mesh).

The Truth About the Service Mesh Data Plane

Christian Posta

The exploration of service mesh for any organization comes with some serious questions. What data plane should I use? How does this tie in with my existing API infrastructure? What kind of overhead do sidecar proxies demand? As I've seen in my work with various organizations over the years "if you have a successful microservices deployment, then you have a service mesh whether it’s explicitly optimized as one or not." In this talk, we seek to understand the role of the data plane and how to pick the right component for the problem context. We start off by establishing the spectrum of data-plane components from shared gateways to in-code libraries with service proxies being along that spectrum. We clearly identify which scenarios would benefit from which part of the data-plane spectrum and show how modern service meshes including Istio, Linkerd, and Consul enable these optimizations.

Multicluster Kubernetes and Service Mesh Patterns

Christian Posta

Building applications for cloud-native infrastructure that are resilient, scalable, secure, and meet compliance and IT objectives gets complicated. Another wrinkle for the organizations with which we work is the fact they need to run across a hybrid deployment footprint, not just Kubernetes. At Solo.io, we build application networking technology on Envoy Proxy that helps solve difficult multi-deployment, multi-cluster, and even multi-mesh problems. In this webinar, we’re going to explore different options and patterns for building secure, scalable, resilient applications using technology like Kubernetes and Service Mesh without leaving behind existing IT investments. We’ll see why and when to use multi-cluster topologies, how to build for high availability and team autonomy, and solve for things like service discovery, identity federation, traffic routing, and access control.

Kubernetes Ingress to Service Mesh (and beyond!)

Christian Posta

Kubernetes users need to allow traffic to flow into and within the cluster. Treating the application traffic separately from the business logic allows presents new possibilities in how service to service traffic is served, controlled and observed — and provides a transition to intra cluster networking like Service Mesh. With microservices, there is a concept of both North / South traffic (incoming requests from end users to the cluster) and East / West (intra cluster) communication between the services. In this talk we will explain how Envoy Proxy works in Kubernetes as a proxy for both of these traffic directions and how it can be leveraged to do things like traffic shaping, security, and integrate the north/south to east/west behavior. Christian Posta (@christianposta) is Global Field CTO at Solo.io, former Chief Architect at Red Hat, and well known in the community for being an author (Istio in Action, Manning, Istio Service Mesh, O'Reilly 2018, Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects including Istio, Kubernetes, and many others. Christian has spent time at both enterprises as well as web-scale companies and now helps companies create and deploy large-scale, cloud-native resilient, distributed architectures. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, devops, and cloud-native application design.

Chaos Debugging for Microservices

Christian Posta

Distributed microservices introduce new challenges: failure modes are harder to anticipate and resolve. In this session, we present a “Chaos Debugging” framework enabled by three open source projects: Gloo Shot, Squash, and Loop to help you increase your microservices’ “immunity” to issues. Gloo Shot integrates with any service mesh to implement advanced, realistic chaos experiments. Squash connects powerful and mature debuggers (gdb, dlv, java debugging) to your microservices while they run in Kubernetes. Loop extends the capability of your service mesh to observe your application and record full transactions for sandboxed replay and debugging. Come to this demo-heavy talk to see how together, Squash, Gloo Shot, and Loop allow you to trigger, replay, and investigate failure modes of your microservices in a language agnostic and efficient manner without requiring any changes to your code.

Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh

Christian Posta

Service mesh abstracts the network from developers to solve three main pain points: How do services communicate securely with one another How can services implement network resilience When things go wrong, can we identify what and why Service mesh implementations usually follow a similar architecture: traffic flows through control points between services (usually service proxies deployed as sidecar processes) while an out-of-band set of nodes is responsible for defining the behavior and management of the control points. This loosely breaks out into an architecture of a "data plane" through which requests flow and a "control plane" for managing a service mesh. Different service mesh implementations use different data planes depending on their use cases and familiarity with particular technology. The control plane implementations vary between service-mesh implementations as well. In this talk, we'll take a look at three different control plane implementations with Istio, Linkerd and Consul, their strengths, and their specific tradeoffs to see how they chose to solve each of the three pain points from above. We can use this information to make choices about a service mesh or to inform our journey if we choose to build a control plane ourselves.

API World: The service-mesh landscape

Christian Posta

Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...

Christian Posta

If you have an existing Java monolith, you know you must take care making changes to it or altering it in any negative way. Often times these monoliths are very valuable to the business and generate a lot of revenue. At the same time, since it’s difficult to make changes to the monolith it’s desirable to move to a microservices architecture. Unfortunately you cannot just do a big-bang migration to a greenfield architecture and will have to incrementally adopt microservices. In this talk, we’ll look at using Gloo proxy which is based on Envoy Proxy and GraphQL to do surgical, function-level traffic control and API aggregation to safely migrate your monolith to microservices and serverless functions.

Microservices have been great for accelerating the software innovation and delivery, but they also present new challenges, especially as abstractions and automated orchestration at every layer make pinpointing the issue seem like walking around a maze with a blindfold. Existing tools weren’t designed for distributed environments, and the new tools need to consider how to leverage these abstraction layers to better observe, test, and troubleshoot issues. Christian Posta walks you through Envoy Proxy and service mesh architecture for L7 data plane, the key features in Envoy that can help in debugging and troubleshooting, chaos engineering as a testing methodology for microservices, how to approach a testing and debugging framework for microservices, and new open source tools that address these areas. You’ll explore a workflow to discover and resolve microservices issues, including injecting experiments for stress testing the applications, gathering requests in flight, recording and replaying them, and debugging them step by step without affecting production traffic.

Layer 7 Observability and Centralized Configuration with Consul Service Mesh

Mitchell Pronschinske

Open Source Networking Days- Service Mesh

CloudOps2005

Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd

Christian Posta

The document discusses various service mesh options including Linkerd, Consul Connect, Istio, and AWS App Mesh. It provides an overview of each solution, describing their key features and strengths/opportunities. It emphasizes that the service mesh approach is useful for managing inter-service communication and that implementations are still evolving. It recommends starting simply and iteratively adopting capabilities to match needs.

API Gateways are going through an identity crisis

Christian Posta

API Gateways provide functionality like rate limiting, authentication, request routing, reporting, and more. If you've been following the rise in service-mesh technologies, you'll notice there is a lot of overlap with API Gateways when solving some of the challenges of microservices. If service mesh can solve these same problems, you may wonder whether you really need a dedicated API Gateway solution? The reality is there is some nuance in the problems solved at the edge (API Gateway) compared to service-to-service communication (service mesh) within a cluster. But with the evolution of cluster-deployment patterns, these nuances are becoming less important. What's more important is that the API Gateway is evolving to live at a layer above service mesh and not directly overlapping with it. In other words, API Gateways are evolving to solve application-level concerns like aggregation, transformation, and deeper context and content-based routing as well as fitting into a more self-service, GitOps style workflow. In this talk we put aside the "API Gateway" infrastructure as we know it today and go back to first principles with the "API Gateway pattern" and revisit the real problems we're trying to solve. Then we'll discuss pros and cons of alternative ways to implement the API Gateway pattern and finally look at open source projects like Envoy, Kubernetes, and GraphQL to see how the "API Gateway pattern" actually becomes the API for our applications while coexisting nicely with a service mesh (if you adopt a service mesh).

Intro Istio and what's new Istio 1.1

Christian Posta

The document summarizes the new features of Istio 1.1, an open-source service mesh. Some key highlights include improved performance and scalability, namespace isolation, multi-cluster capabilities, easier installation with Helm, and locality-aware load balancing. A new Sidecar resource was introduced to improve performance by configuring resources for individual proxies. The presentation demonstrates performance improvements with the Sidecar resource and highlights additional functionality in Istio like traffic control and metrics collection.

PHX DevOps Days: Service Mesh Landscape

Christian Posta

Evolution of integration and microservices patterns with service mesh

Christian Posta

Cloud-native describes a way of building applications on a cloud platform to iteratively discover and deliver business value. We now have access to a lot of similar technology that the large internet companies pioneered and used to their advantage to dominate their respective markets. What challenges arise when we start building applications to take advantage of this new technology? In this mini-conference, we'll cover what it means to build applications with microservices, how cloud-native integration and concepts like service mesh have evolved to solve some of those problems, and how the next iteration of application development with Functions as a Service (FaaS) and serverless computing fit into this landscape. You'll hear from industry experts Burr Sutter and Christian Posta who recently authored a book Introducing Istio Service Mesh for Microservices about these topics. Attendees should come away from this mini-conference with the following: Understanding of what cloud-native means and how to use it to influence positive business outcomes How integration has evolved to create, connect and manage cloud-native APIs How service-mesh technology like Istio can solve the challenges introduced with cloud-native applications How the next iteration of applications deliver with FaaS and serverless computing fits in with a world of monoliths, microservices, and APIs These talks will be of value for developers, architects, operators, platform directors, and technology leaders. After the presentations, please stay and join Christian, Burr and your peers for networking, food and drinks. All attendees will also receive a copy of Christian and Burr's new book: Introducing Istio Service Mesh for Microservices.

KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...

Christian Posta

AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)

Sam Vanhoutte

In this session, Sam will give an overview of the new Hybrid Connections feature. With this feature, customers can easily connect their cloud services with their existing on premises resources. Sam will demonstrate the various capabilities of this new service and will discuss the advanced features, such as load balancing, Always On connectivity, connection cardinality, automation and performance.

Deep Dive: Building external auth plugins for Gloo Enterprise

Christian Posta

20190727 HashiCorp Consul Workshop: 管管你們家 config 啦

Jiun-Yi Chen

Hashicorp Consul 提供了相當豐富的 Service Mesh 功能，能夠替分散式服務快速地做服務發現、服務動態劃分和服務設定，Consul 也可以支援多種 runtime 平台，也和許多工具或雲服務商做很好的 Cloud-Native ��合。此 Workshop 主要分為幾個主軸: - Why Configuration Management? - Consul 基本使用操作: KV Store, Service Registering and Building a Consul Cluster - 佈署 Consul 到 Production 環境前所需注意事項

microXchg 2018: "What is a Service Mesh? Do I Need One When Developing 'Cloud...

Daniel Bryant

While service meshes may be the next "big thing" in microservices, the concept isn't new. Classical SOA attempted to implement similar technology for abstracting and managing all aspects of service-to-service communication, and this was often realized as the much-maligned Enterprise Service Bus (ESB). Several years ago similar technology emerged from the microservice innovators, including Airbnb (SmartStack for service discovery), Netflix (Prana integration sidecars), and Twitter (Finagle for extensible RPC), and these technologies have now converged into the service meshes we are currently seeing being deployed. In this talk, Daniel Bryant will share with you what service meshes are, why they're well-suited for microservice deployments, and how best to use a service mesh when you're deploying microservices. This presentation begins with a brief history of the development of service meshes, and the motivations of the unicorn organisations that developed them. From there, you'll learn about some of the currently available implementations that are targeting microservice deployments, such as Istio/Envoy, Linkerd, and NGINX Plus

Microservices for Enterprises

Kasun Indrasiri

This document discusses microservices architecture and related concepts. It begins with an overview of microservices compared to earlier SOA approaches. Key aspects of microservices covered include developing single applications as independent services, common misconceptions, principles like single responsibility, and defining appropriate service boundaries. The document also discusses messaging approaches in microservices including REST, gRPC, and asynchronous messaging. Other sections cover organizing microservices, deployment, security, data management, governance, bridging monolithic and microservice systems, and implementing a service mesh.

Running Consul on Kubernetes and Beyond

Mitchell Pronschinske

Integration Microservices

Kasun Indrasiri

- Integration microservices are used to compose other microservices and APIs to create new services, similar to the concept of "miniservices". They help integrate web APIs, legacy systems, and microservices. - Technologies for building integration microservices include frameworks like SpringBoot and Dropwizard, Apache Camel, and the Ballerina programming language. Ballerina is designed specifically for integration and allows graphical composition of services and connectors. - Integration microservices are an important part of microservices architecture as they handle service compositions and orchestration between multiple microservices and external APIs.

Microservices Integration Patterns with Kafka

Kasun Indrasiri

Microservice composition or integration is probably the hardest thing in microservices architecture. Unlike conventional centralized ESB based integration, we need to leverage the smart-endpoints and dumb pipes terminology when it comes to integrating microservices. There two main microservices integration patterns; service orchestration (active integrations) and service choreography (reactive integration). In this talk, we will explore on, Microservice Orchestration, Microservice Choreography, Event Sourcing, CQRS and how Kafka can be leveraged to implement microservices composition

Istio a service mesh

Chandresh Pancholi

Istio is an open platform for providing a service mesh on Kubernetes clusters. It consists of three main components: Envoy proxies that mediate service-to-service communication, Pilot that configures the proxies, and Mixer that enforces policies and collects telemetry data. Istio injects Envoy sidecar proxies into applications so they can provide features like load balancing, authentication, failure recovery, and observability without requiring code changes. This provides a way to manage microservices that is more robust and flexible than using an API gateway alone.

The Service Mesh: It's about Traffic

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2mcpD5B. Oliver Gould talks about the Linkerd project, a service mesh hosted by the Cloud Native Computing Foundation, to give operators control over the traffic between their microservices. He shares the lessons they've learned helping dozens of organizations get to production with Linkerd and how they've applied these lessons to tackle complexity with Linkerd. Filmed at qconnewyork.com. Oliver Gould is co-founder and CTO at Buoyant, Inc.

Microservices on kubernetes

Chandresh Pancholi

This document summarizes microservices on Kubernetes and the benefits of using Istio as a service mesh. It discusses some of the issues with earlier microservices architectures and how Istio addresses them. The key points are: - Istio is an open platform that provides a service mesh for microservices on Kubernetes to enable security, observability, and traffic management between services. - It addresses issues with earlier architectures that used an API gateway for routing by deploying Envoy proxies as sidecars, which provide features like discovery, load balancing and failure handling. - The Istio control plane manages the proxies using components like Pilot and Mixer to configure routing and enforce policies.

Paul Polakos (Bel Labs, Alcatel-Lucent, USA) - Network Virtualisation

FIA2010

The document discusses next-generation network virtualization. It describes how VPNs and server virtualization/cloud computing are influencing network virtualization. New applications require integration of these technologies and greater network support. The approach presented is to create a system that allows users to set up combinations of computing and networking resources based on a high-level specification. Key innovations needed include a language for specifying application needs, algorithms for provisioning resources, a virtualized router that can run multiple protocol stacks in parallel, and a software foundation.

4. Clearwater on rina

ARCFIRE ICT

The document discusses using the RINA networking model to enhance the Project Clearwater IMS core. It describes prototyping HTTP and SIP traffic over RINA, and potential benefits like built-in fault tolerance, mobility, and multi-tenancy support. Future work could explore running additional protocols like Diameter or a service mesh over RINA. An interposer approach is also outlined to enable legacy applications to use RINA transparently.

What's hot

Cloud-Native Application Debugging with Envoy and Service Mesh

Christian Posta

Layer 7 Observability and Centralized Configuration with Consul Service Mesh

Mitchell Pronschinske

Open Source Networking Days- Service Mesh

CloudOps2005

Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd

Christian Posta

API Gateways are going through an identity crisis

Christian Posta

Intro Istio and what's new Istio 1.1

Christian Posta

PHX DevOps Days: Service Mesh Landscape

Christian Posta

Evolution of integration and microservices patterns with service mesh

Christian Posta

KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...

Christian Posta

AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)

Sam Vanhoutte

Deep Dive: Building external auth plugins for Gloo Enterprise

Christian Posta

20190727 HashiCorp Consul Workshop: 管管你們家 config 啦

Jiun-Yi Chen

Hashicorp Consul 提供了相當豐富的 Service Mesh 功能，能夠替分散式服務快速地做服務發現、服務動態劃分和服務設定，Consul 也可以支援多種 runtime 平台，也和許多工具或雲服務商做很好的 Cloud-Native 整合。此 Workshop 主要分為幾個主軸: - Why Configuration Management? - Consul 基本使用操作: KV Store, Service Registering and Building a Consul Cluster - 佈署 Consul 到 Production 環境前所需注意事項

microXchg 2018: "What is a Service Mesh? Do I Need One When Developing 'Cloud...

Daniel Bryant

Microservices for Enterprises

Kasun Indrasiri

Running Consul on Kubernetes and Beyond

Mitchell Pronschinske

Integration Microservices

Kasun Indrasiri

Microservices Integration Patterns with Kafka

Kasun Indrasiri

Istio a service mesh

Chandresh Pancholi

The Service Mesh: It's about Traffic

C4Media

Microservices on kubernetes

Chandresh Pancholi

What's hot (20)

Cloud-Native Application Debugging with Envoy and Service Mesh

Layer 7 Observability and Centralized Configuration with Consul Service Mesh

Open Source Networking Days- Service Mesh

Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd

API Gateways are going through an identity crisis

Intro Istio and what's new Istio 1.1

PHX DevOps Days: Service Mesh Landscape

Evolution of integration and microservices patterns with service mesh

KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...

AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)

Deep Dive: Building external auth plugins for Gloo Enterprise

20190727 HashiCorp Consul Workshop: 管管你們家 config 啦

microXchg 2018: "What is a Service Mesh? Do I Need One When Developing 'Cloud...

Microservices for Enterprises

Running Consul on Kubernetes and Beyond

Integration Microservices

Microservices Integration Patterns with Kafka

Istio a service mesh

The Service Mesh: It's about Traffic

Microservices on kubernetes

Similar to Multi-cluster service mesh with GlooMesh

Paul Polakos (Bel Labs, Alcatel-Lucent, USA) - Network Virtualisation

FIA2010

4. Clearwater on rina

ARCFIRE ICT

Istio Triangle Kubernetes Meetup Aug 2019

Ram Vennam

The Future of Service Mesh

All Things Open

Presented at Spacewalk 2023 Presented by Christian Posta, solo.io Title: The Future of Service Mesh Abstract: Service mesh is a powerful way to solve cross-cutting application-networking concerns, such as load balancing, service resilience, observability, and security. Adopting a mesh for your services can save hundreds of hours of developer time and reduce the burden placed on operations. In this talk we'll explore some common use cases for service mesh, look at some case studies, and then dig into innovation happening in this space such as "sidecar-less" service mesh.

WebRTC - Bridging Web and SIP Worlds

IMTC

Open Source Middleware for the Cloud: WSO2 Stratos

WSO2

Stratos is an open source middleware platform for the cloud that provides Platform as a Service (PaaS) capabilities. It is based on the WSO2 Carbon middleware platform and provides features such as self-service provisioning, multi-tenancy, elastic scaling, metering, and billing. Stratos offers a complete PaaS solution with services for application development, data, integration, identity, and logging in a cloud environment.

Next Generation DDoS Services – can we do this with NFV? - CF Chui

MyNOG

- DDoS attacks are increasing in complexity by combining different attack vectors, though the peak size of volumetric attacks decreased - More service providers are adopting SDN/NFV technologies, with the proportion doubling over the previous year, though interoperability and cost remain barriers - NFV aims to deploy network services through software on generic hardware rather than proprietary appliances, improving flexibility, but challenges include integration, orchestration, availability, and licensing

Microservices K8S

Lumina Networks

ATMOSPHERE at HPC2018 – Fogbow: Middleware for the Federation of IaaS Cloud P...

ATMOSPHERE .

ATMOSPHERE was invited to be a speaker at HPC2018 workshop. Francisco Brasileiro, Brazilian Coordinator of ATMOSPHERE and Professor at Federal University of Campina Grande, will present a talk on “Fogbow: A Middleware for the Federation of IaaS Cloud Providers”. Francisco Brasileiro presented the design and implementation of a middleware that allows the fast and non-intrusive deployment of very large federations of IaaS cloud providers. The use of the middleware in production systems will be also discussed, providing concrete evidences of its suitability

Presentation cloud orchestration solution overview

xKinAnx

Hyperledger Fabric update Meetup 20181101

Arnaud Le Hors

This document provides an overview of Hyperledger Fabric 1.1 and 1.2 updates, including new features such as private data collections, pluggable endorsement and validation, service discovery, and identity mixer. It discusses the Hyperledger Fabric roadmap and planned features for versions 1.3, 1.4, 2.0 and beyond, focusing on increasing privacy, improving consensus methods, enhancing serviceability, and improving the programming model.

Connectivité temps réel et bi-directionnelle pour solutions IOT

Solace

The document discusses Solace and how it provides real-time bidirectional connectivity for IoT solutions. It outlines Solace's event mesh architecture, which provides uniform connectivity across IoT, edge, cloud and enterprise applications. This allows for massive scalability, security, and routing of data and commands between devices and applications. Use cases discussed include connected cars, smart cities, industrial IoT, and cloud-to-cloud scenarios.

The Current And Future State Of Service Mesh

Ram Vennam

This document discusses the current and future state of service mesh. It provides an overview of Solo.io, including its leadership team members and growth. It then discusses key functions of service meshes like Istio including traffic control and policy enforcement. The document outlines considerations for extending the data plane, such as with GraphQL and eBPF. It argues that optimizing the data plane is an area of ongoing innovation and discusses tradeoffs between different data plane architectures.

PaaS TCO

Chris Haddad

Multi-tenant shared container PaaS will deliver a significant advantage when compared with single tenant, dedicated container PaaS. In single tenant, dedicated container PaaS, significantly more expense is required to run a PaaS environment compared with a multi-tenant, shared application container PaaS. The proposed PaaS cost evaluation tool compares multi-tenant, shared application container PaaS with single tenant, dedicated container PaaS (i.e. traditional application server deployment in Cloud) across multiple tenant counts and application platform service combinations. The worksheet incorporates application platform license (or subscription) cost, PaaS Management service cost, infrastructure expense, and IT management overhead. Across all scenarios, the worksheet calculates cost when application platforms are deployed on Infrastructure as a Service (IaaS).

OIT552 Cloud Computing Material

pkaviya

The document provides an overview of the evolution of cloud computing from its roots in mainframe computing, distributed systems, grid computing, and cluster computing. It discusses how hardware virtualization, Internet technologies, distributed computing concepts, and systems management techniques enabled the development of cloud computing. The document then describes several early technologies and models such as time-shared mainframes, distributed systems, grid computing, and cluster computing that influenced the development of cloud computing.

Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)

Yong Tang

In this talk, we share our experience of building up a cloud native service with Docker, Kubernetes, and CoreDNS. It is a customer-facing, multi-tenant, and globally available service that helps customers defending against various Internet attacks. The global availability of the service is achieved through Anycast so that all customers only need to access one IP address across different regions. Deploying Anycast turns out to be a challenge because of the limitations on certain clouds. We overcome those limitations through containerization of different components with Docker. We also share our experiences in container orchestration, container networking, load balancing, and service registration & discovery. We use a simplified architecture for container networking, and the service registration & discovery is done through CoreDNS. The overall design have helped our deployed service with improved elasticity, ease of use, and lowered maintenance cost.

Enabling the Future of Work with SD-WAN

Xylos

This document discusses Citrix's hybrid multi-cloud and networking solutions. It begins by noting that most enterprises today have a hybrid/multi-cloud strategy and use multiple public cloud environments. It then outlines some of the key benefits Citrix networking provides, such as avoiding cloud lock-in, a consistent user experience across environments, and centralized security and performance monitoring. The rest of the document provides examples of how Citrix SD-WAN solutions have helped customers by optimizing cloud performance and connectivity, prioritizing application traffic, and ensuring reliable access across different network links.

NDIC-Module1 : module jaringan komputer.pptx

fauzanmasy

Service mesh on Kubernetes - Istio 101

Huy Vo

5G in Brownfield how SDN makes 5G Deployments Work

Lumina Networks

This document summarizes an open source networking group meetup about 5G and brownfield networks. It discusses how 5G will utilize distributed micro data centers and container networking to deploy services. It also explains how an open source central controller using projects like OpenStack and OpenDaylight can provide orchestration, service paths, and abstraction of network elements. Finally, it provides examples of how container networking and an open source SDN controller can help establish service paths and enable the deployment of 5G in hybrid brownfield environments.

Similar to Multi-cluster service mesh with GlooMesh (20)

Paul Polakos (Bel Labs, Alcatel-Lucent, USA) - Network Virtualisation

4. Clearwater on rina

Istio Triangle Kubernetes Meetup Aug 2019

The Future of Service Mesh

WebRTC - Bridging Web and SIP Worlds

Open Source Middleware for the Cloud: WSO2 Stratos

Next Generation DDoS Services – can we do this with NFV? - CF Chui

Microservices K8S

ATMOSPHERE at HPC2018 – Fogbow: Middleware for the Federation of IaaS Cloud P...

Presentation cloud orchestration solution overview

Hyperledger Fabric update Meetup 20181101

Connectivité temps réel et bi-directionnelle pour solutions IOT

The Current And Future State Of Service Mesh

PaaS TCO

OIT552 Cloud Computing Material

Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)

Enabling the Future of Work with SD-WAN

NDIC-Module1 : module jaringan komputer.pptx

Service mesh on Kubernetes - Istio 101

5G in Brownfield how SDN makes 5G Deployments Work

eydbbz

原版办【微信号:95270640】【宾夕法尼亚大学毕业证(UPenn毕业证书)】【微信号:95270640】《成绩单、外壳、雅思、offer、真实留信官方学历认证（永久存档/真实可查）》采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【我们承诺采用的是学校原版纸张（纸质、底色、纹路）我们拥有全套进口原装设备，特殊工艺都是采用不同机器制作，仿真度基本可以达到100%，所有工艺效果都可提前给客户展示，不满意可以根据客户要求进行调整，直到满意为止！】【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信号95270640】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信号95270640】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才留信网服务项目： 1、留学生专业人才库服务（留信分析） 2、国（境）学习人员提供就业推荐信服务 3、留学人员区块链存储服务【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。选择实体注册公司办理，更放心，更安全！我们的承诺：客户在留信官方认证查询网站查询到认证通过结果后付款，不成功不收费！

ANSYS Mechanical APDL Introductory Tutorials.pdf

sachin chaurasia

Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.

Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...

Asher Sterkin

Ortus Solutions - Headless Content for the Win!

Ortus Solutions, Corp

we delve into the power of headless CMS—a versatile solution separating content creation from presentation. Explore its benefits: multi-channel delivery, accelerated time-to-market, content reusability, scalability, technology flexibility, and enhanced security. Discover how headless CMS transforms digital content management, empowering efficient and flexible content delivery across diverse platforms.

Top 10 Tips To Get Google AdSense For Your Website

e-Definers Technology

Write More Durable Code: Principles and Techniques

Ortus Solutions, Corp

Enhancing Customer Experience in Cargo Services Through Cargo Strategy Consul...

RTS corp

In the highly competitive world of cargo services, enhancing customer experience is crucial for retaining clients and fostering long-term relationships. As industries evolve and customer expectations rise, companies must adopt innovative strategies to stay ahead. Revenue Technology Services (RTS) offers specialized cargo strategy consulting to help businesses navigate these challenges and elevate their customer service standards.

NYC 26-Jun-2024 Combined Presentations.pdf

AUGNYC

Kolkata @ℂall @Girls ꧁❤ 000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe

Misti Soneji

cbq - Jobs and Tasks in the Background by Ortus

Ortus Solutions, Corp

Web Hosting with CommandBox and CommandBox Pro

Ortus Solutions, Corp

CommandBox was highlighted as a powerful web hosting solution, perfect for developers and businesses alike. Featuring a built-in server and command-line interface, CommandBox simplified web application management. Developers could deploy multiple application instances simultaneously, optimizing development workflows. CommandBox's efficient deployment processes ensured reliable web hosting, seamlessly integrating into existing workflows for scalability and feature enhancements.

What is OCR Technology and How to Extract Text from Any Image for Free

TwisterTools

Discover the fascinating world of Optical Character Recognition (OCR) technology with our comprehensive presentation. Learn how OCR converts various types of documents, such as scanned paper documents, PDFs, or images captured by a digital camera, into editable and searchable data. Dive into the history, modern applications, and future trends of OCR technology. Get step-by-step instructions on how to extract text from any image online for free using a simple tool, along with best practices for OCR image preparation. Ideal for professionals, students, and tech enthusiasts looking to harness the power of OCR.

Recently uploaded (20)

Reactive CFML with CBWIRE v4 by Ortus Solutions

Disk to Cloud: Abstract your File Operations with CBFS

Schrodinger’s Backup: Is Your Backup Really a Backup?

How to Break Your App with Playwright Tests

YouTube SEO Mastery ......................

Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdf

How we built TryBoxLang in under 48 hours

一比一原版英国牛津大学毕业证（oxon毕业证书）如何办理

一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理

ANSYS Mechanical APDL Introductory Tutorials.pdf

Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...

Ortus Solutions - Headless Content for the Win!

Top 10 Tips To Get Google AdSense For Your Website

Write More Durable Code: Principles and Techniques

Enhancing Customer Experience in Cargo Services Through Cargo Strategy Consul...

NYC 26-Jun-2024 Combined Presentations.pdf

Kolkata @ℂall @Girls ꧁❤ 000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe

cbq - Jobs and Tasks in the Background by Ortus

Web Hosting with CommandBox and CommandBox Pro

What is OCR Technology and How to Extract Text from Any Image for Free

Multi-cluster service mesh with GlooMesh

1. Multi-Cluster Service-Mesh Patterns Christian Posta Field CTO – Solo.io

7. 7 | Copyright © 2020 Service mesh technologies provide the following: • Service discovery / Load balancing • Secure service-to-service communication • Traffic control / shaping / shifting • Policy / Intention based access control • Traffic metric collection • Service resilience • API / programmable interface

14. 14 | Copyright © 2020 Envoy implements: • zone aware, priority/locality load balancing • circuit breaking, outlier detection • timeouts, retries, retry budgets • traffic shadowing • request racing • rate limiting • RBAC, TLS origination/termination • access logging, statistics collection

15. 15 | Copyright © 2020 Envoy to do application networking heavy lifting Account work load work load work load mTLS • Transparent client-side routing decisions • TLS orig/termination • Circuit breaking • Stats collection

17. 17 | Copyright © 2020 Other key Envoy proxying features • Request hedging • Retry Budgets • Load balancing priorities • Locality weighted load balancing • Zone aware routing • Degraded endpoints (fallback) • Aggregated clusters

22. 22 | Copyright © 2020 Increased operator burden • Making each cluster aware of what services live where • Unifying identity domains / limited trust networks • Often need to write multiple configurations in multiple clusters just to accomplish something simple (like traffic routing) • Consistent security • Defining failover semantics (locality, priority, etc) • Isolating fault domains (trust, configuration, etc)

25. 25 | Copyright © 2020 @christianposta Cluster 1 Cluster 2 Istiod work load Ingress Gateway Istiod work load work load work load work load work load Gloo Mesh Management Ingress Gateway Management Plane

28. 28 | Copyright © 2020 • https://solo.io • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io • https://servicemeshhub.io • https://blog.christianposta.com

Editor's Notes

How does Solo help do this? Help pick right tech when it’s warranted (Envoy) Hedge when market still volatile (SMH) Simplify adoption Enterprise focus (security, heterogeneous) Solve the problem everywhere regardless of technology, infrastructure, footprint On prem/public cloud/hybrid Any service mesh technology VMs, containers, et. al
Need a way to automate handling of explosive numbers of workloads (microservices) Placement of workloads AKA deployments Autoscale, health check, start/stop, rebalance, scale up/down Building applications for Kubernetes (or any cloud native platform) is fundamentally different Why Kubernetes won: * community Right level of API Extensible Declarative configuration model Foundation of DevOps and Automation model Adopting microservices to go fast!
Need a way to automate handling of explosive numbers of workloads (microservices) Placement of workloads AKA deployments Autoscale, health check, start/stop, rebalance, scale up/down Building applications for Kubernetes (or any cloud native platform) is fundamentally different Why Kubernetes won: * community Right level of API Extensible Declarative configuration model Foundation of DevOps and Automation model Adopting microservices to go fast!
Need a way to automate handling of explosive numbers of workloads (microservices) Placement of workloads AKA deployments Autoscale, health check, start/stop, rebalance, scale up/down Building applications for Kubernetes (or any cloud native platform) is fundamentally different Why Kubernetes won: * community Right level of API Extensible Declarative configuration model Foundation of DevOps and Automation model Adopting microservices to go fast!
Need a way to automate handling of explosive numbers of workloads (microservices) Placement of workloads AKA deployments Autoscale, health check, start/stop, rebalance, scale up/down Building applications for Kubernetes (or any cloud native platform) is fundamentally different Why Kubernetes won: * community Right level of API Extensible Declarative configuration model Foundation of DevOps and Automation model Adopting microservices to go fast!

Multi-cluster service mesh with GlooMesh

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Multi-cluster service mesh with GlooMesh

Similar to Multi-cluster service mesh with GlooMesh (20)

More from Christian Posta

More from Christian Posta (14)

Recently uploaded

Recently uploaded (20)

Multi-cluster service mesh with GlooMesh

Editor's Notes