Istio Service Mesh
0 likes633 views
The document discusses the role of Istio service mesh in managing microservices within a hybrid cloud environment, highlighting its ability to facilitate communication, security, and observability across services. It outlines the emerging trends in containerization, especially with Kubernetes as a leading orchestration platform, and emphasizes the challenges of multicloud architectures. The overall focus is on how these technologies are evolving application architecture and service management, enabling more efficient deployment and operation of services in diverse environments.
Istio Service Mesh
- 1. Istio Service Mesh (networking for microservices) Lew Tucker, Ph.D. VP/CTO Cloud Computing Cisco Systems, Inc. @lewtucker
- 2. © 2 0 1 8 C is c o a n d / o r it s a f f ilia t e s . A ll r ig h t s r e s e r v e d . Cloud Computing Has Won and it’s Multiple Clouds plan to use multiple clouds evaluating or using public cloud 85% 94% taken steps towards a hybrid cloud strategy 87% S o u rc e : ID C C lo u d V ie w , A p ril, 2 0 1 7 , n = 8 ,2 9 3 w o rld w id e re s p o n d e n ts , w e ig h te d b y c o u n try , c o m p a n y s iz e a n d in d u s try Among cloud users
- 3. © 2 0 1 8 C is c o a n d / o r it s a f f ilia t e s . A ll r ig h t s r e s e r v e d . SaaS SaaSSaaS SaaS SaaS SaaS MULTICLOUD Private Cloud Cam pus Branch Data Center JASPER P u b lic C lo u d E n t P riv a te C lo u d S P P riv a te C lo u d Enables new business models by driving intersection between enterprise, service providers, cloud, and co-lo providers Data Center PoP Private & Telco Cloud CO /Agg Access Co-location Enterprise Service Provider
- 4. © 2 0 1 8 C is c o a n d / o r it s a f f ilia t e s . A ll r ig h t s r e s e r v e d . Many choices for where you’d like apps to run >1,000s of Virtual workloads Production & Backend services Rack(s) >100s of Virtual workloads, Production services >10s of Virtual Workloads, Production Services Edge Compute Latency sensitive apps (MEC, IoT, Edge Analytics) BM High Performance, Automation, Day 0 – N Lifecycle Management, HA, Consistent Networking Models, Logging, Assurance, Security Modular Cloud Orchestration Software Stack Multi-Rack ` Access Carrier-E / Transport Central Data Centers Edge Internet / Partner SP Edge Core and EdgeAggregation Multi-Cloud VPN CPE Cust. Prem Peering DCI DCI DCI DCI DCI DCI Remote DC Near Edge Remote DC Near Edge Co-Lo Co-Lo Peering Peering >100s of Virtual workloads Production services MicroNano ½ or Full Rack
- 5. © 2 0 1 8 C is c o a n d / o r it s a f f ilia t e s . A ll r ig h t s r e s e r v e d . Containers and Kubernetes offer new potential 5 Starts faster, uses less memory Consistent development environment Run anywhere
- 6. © 2 0 1 8 C is c o a n d / o r it s a f f ilia t e s . A ll r ig h t s r e s e r v e d . Containerization challenges in a multicloud world Multiple Open Source Solutions Hybrid Environments Container Complexity Networking, Security and Storage Source: CNCF Survey, January and June 2017 Container Trends § Kubernetes is emerging as the leading container orchestration platform § Containers are being adopted heavily in on-premise data centers
- 7. © 2 0 1 8 C is c o a n d / o r it s a f f ilia t e s . A ll r ig h t s r e s e r v e d . Native Kubernetes (100% Upstream) Direct updates and best practices from open source community Hybrid Cloud Optimized A key element of the Cisco-Google open hybrid cloud solution Integrated Networking | Management | Security | Analytics Container-based Applications Management Extending Cisco’s portfolio of offers The Cisco Container Platform - Kubernetes Turnkey Solution For Production-Grade Container Environments Easy to acquire, deploy & manage | Extensible platform | World-class advisory & support | Open & consistent
- 9. © 2 0 1 8 C is c o a n d / o r it s a f f ilia t e s . A ll r ig h t s r e s e r v e d . Consistent Environment for Hybrid Cloud Services On Prem/Colo Data Center Google Cloud Google Cloud Platform Google Kubernetes Engine Existing Services Apps | Data Private Cloud infrastructure Cisco Container Platform (VM | Bare metal | HX, ACI) Cloud Apps Istio: Hybrid Cloud Service Management Consistent Environment Networking | Security | Private Cloud Infrastructure | Consumption Management CSR 1000v, ACI, Stealthwatch Cloud, Cisco Container Platform, Contiv, CloudCenter, AppDynamics
- 10. Cloud native computing is driving an evolution of application/service architecture © 2017 C isco and/or its affiliates. A ll rights reserved. Monolithic Hybrid Microservices
- 11. © 2017 C isco and/or its affiliates. A ll rights reserved. Wecome to the wonderful world of distributed systems ! Observability Traffic management Security and Policy
- 12. Payments Order Mgmt Web Server Content Server Services should be simple but get complicated fast Auth Logs and Metrics API Mgmt Security Policy Load Balancing Connection Mgmt Order Mgmt Request Routing Failover Policy Content Server Auth Logs and Metrics API Mgmt Security Policy Load Balancing Connection Mgmt Request Routing Failover Policy Auth Logs and Metrics API Mgmt Security Policy Load Balancing Connection Mgmt Payments Request Routing Failover Policy Web Server Auth Logs and Metrics API Mgmt Security Policy Load Balancing Connection Mgmt Request Routing Failover Policy
- 13. Order Mgmt Payments Content Server Web Server Hand-off routing, authentication, and other parts to a policy-driven, secure service mesh service API Mgmt Load Balancing Order Mgmt Content Server Request Routing Failover Policy Auth Security Policy Payments Web Server Logs and Metrics Connection Mgmt
- 14. Istio Architecture PilotPilot Mixer Istio-Auth Pod Pod Pod Envoy svcA Pod Pod Pod Envoy svcB HTTP/1.1, HTTP/2, gRPC, TCP with or without TLS Config data to Envoys TLS certs to EnvoyPolicy checks, telemetry HTTP/1.1, HTTP/2, gRPC, TCP with or without TLS Control PlaneAPI Data Plane
- 15. Several different service mesh options for developers © 2017 C isco and/or its affiliates. A ll rights reserved.
- 16. © 2017 C isco and/or its affiliates. A ll rights reserved.
- 17. Simple example: traffic splitting for rolling out service updates (canary testing) © 2017 C isco and/or its affiliates. A ll rights reserved. 5% Requires only a change in policy Services remain the same Networking infra remains the same Rules API Pilot Svc A Service A Envoy Pod 1 Svc B v1.0 Envoy Pod 1 Svc B v1.0 Envoy Pod 2 Svc B v1.0 Envoy Pod 3 Svc B v2.0 - Staging Envoy Pod 4 Service B 95%
- 18. Stretching Istio Across Public, Private Clouds and Edge PilotPilot Mixer Istio-Auth Envo y svc Public Cloud Control PlaneAPI Envo y svc Envo y svc Envo y svc Public Cloud Private Cloud Edge
- 19. Using a service mesh is radically different • Abstracts away details of service-to-service communications • Consistent policy, load balancing, encryption, authentication, traffic steering across services • Easy way to connect, manage and secure microservices without changes in the service code • Easier IT-Ops with better observability, monitoring of traffic between microservices • Kubernetes orchestrates containers, Istio orchestrates communication between services.
- 20. Biggest Impact: Changing the way we think about application/service development Bring application development becomes assembly of ready-made, highly-scalable, proven services running anywhere from the edge to the cloud.