SlideShare a Scribd company logo

Introducing envoy-based service mesh at Booking.com

Download as PPTX, PDF
I
Ivan Kruglov

The document discusses the implementation of an envoy-based service mesh at Booking.com, outlining its purpose, setup, and lessons learned. Key aspects include routing rules, service discovery, and performance metrics after six months of production use with 30 projects and about 10k servers. The conclusion emphasizes that service mesh acts as a foundational element for transitioning to a service-oriented architecture (SOA).

Technology
1 of 42
Downloaded 28 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Introducing Envoy-based service mesh at Booking.com Ivan Kruglov KubeCon Europe 2018 02.05.2018
based in Amsterdam 28M listings 1,5M room nights per day 1700 IT staff
Agenda • what is service mesh? • why did we start the project? • our setup • learnings • conclusion
What is service mesh*? * the way I understand it
application provider service consumer service provider
application provider service consumer service provider communication infra
application provider service consumer service provider proxy proxy control plane
Why did we start service mesh project?
monolith
service service service service service service service service service service service
Introducing envoy-based service mesh at Booking.com
Introducing envoy-based service mesh at Booking.com
Consistency & Visibility in communications
Our setup
application provider proxy service consumer service provider data plane HTTP(S) HTTP
• graceful restart • TCP proxy
application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery
control plane • in-house (v1/v2 API) • started in August 2017; Istio is around 0.2 • one complex system at a time • start with bare-metal support • minimal abstraction • yup, just write Envoy config (partially) • fine with Envoy’s set of features • self-service for service owners
application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) Kubernetes (service discovery) ZooKeeper (configuration)
configuration • Envoy configuration is quite rich • power vs. usability: • cluster specification • virtual host specification
kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true envoy cluster spec envoy virtual host spec
kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true envoy cluster spec envoy virtual host spec bootstrap wizard
control plane ZooKeeper VC VC VC service A expose to service D service C expose to service Dservice B envoy I’m service D here is service A and service C specs
application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) Kubernetes (service discovery) ZooKeeper (configuration) configuration changes
Deploying changes • integration with existent infrastructure • git-deploy • vanguard (canary) deployment • syntax and semantic validation • fast rollback
application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) ZooKeeper (configuration) configuration changes metrics Kubernetes (service discovery)
Monitoring • approach #1 – graphite • excellent in-house facilities • aggregations is too heavy at scale • approach #2 – prometheus • statsd support • statsd_exporter • still iterating • standard dashboard envoy statsd_exporter envoy…
Introducing envoy-based service mesh at Booking.com
application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) ZooKeeper (configuration) configuration changes metrics Kubernetes (service discovery)
Production
Some numbers • ~ 6 months in production • ~ 30 projects • ~ 10K servers • hundreds of thousands RPS • overheads…
p50 p75 p90 p95 p99 HTTP perceived latency 0ms 5ms 10ms 15ms + 1ms
HTTPS perceived latency p50 p75 p90 p95 p99 10ms + 1ms 15ms 20ms 25ms 30ms 40ms
Some findings • graceful restart works, but not always! • (major) Envoy upgrades may not be graceful • ”x-envoy-retry-on = connect-failure” – too few “x-envoy-retry-on = 5xx” – too much • gateway-error – HTTP 502, 503, 504 • absence of TCP keepalive => stale connections • coming in 1.7 • idle_timeout in TCP proxy in 1.6 • cluster_name (1.5) -> cluster_names (1.6)
Conclusion
service mesh* is a building block on the path to SOA technically & organizationally * the way I understand it
Andrei Vereha Envoy production stories Friday, May 4th 14:00 Envoy Deep Dive
Thank you! Ivan Kruglov ivan.kruglov@booking.com

More Related Content

PPTX
Introduction to Public Key Infrastructure
Theo Gravity
 
PPT
Kerberos
Mohanasundaram Nattudurai
 
PPTX
Kafka at Peak Performance
Todd Palino
 
PDF
stackconf 2021 | Setup Min.io and Open Policy Agent for a multi purpose scien...
NETWAYS
 
KEY
Introduction to Cassandra: Replication and Consistency
Benjamin Black
 
PDF
MultiChain – Private multicurrency blockchain platform
Coin Sciences Ltd
 
PPT
Secure shell ppt
sravya raju
 
PDF
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Edureka!
 
Introduction to Public Key Infrastructure
Theo Gravity
 
Kerberos
Mohanasundaram Nattudurai
 
Kafka at Peak Performance
Todd Palino
 
stackconf 2021 | Setup Min.io and Open Policy Agent for a multi purpose scien...
NETWAYS
 
Introduction to Cassandra: Replication and Consistency
Benjamin Black
 
MultiChain – Private multicurrency blockchain platform
Coin Sciences Ltd
 
Secure shell ppt
sravya raju
 
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Edureka!
 

What's hot (20)

ODP
Big table
Manuel Correa
 
PDF
Achieve Extreme Simplicity and Superior Price/Performance with Greenplum Buil...
VMware Tanzu
 
PDF
Serverless Computing
Rushi Namani
 
PPT
Secure Socket Layer
Naveen Kumar
 
PPT
Secure Socket Layer (SSL)
amanchaurasia
 
PDF
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 
PDF
How does blockchain work
Shishir Aryal
 
PDF
June OpenNTF Webinar - Domino V12 Certification Manager
Howard Greenberg
 
PPTX
Multi Tenancy In The Cloud
rohit_ainapure
 
PPTX
cryptography ppt free download
Twinkal Harsora
 
PPTX
key management
VIRAJRATHOD8
 
PPTX
Storage Area Network(SAN)
Krishna Kahar
 
PPTX
Secure Socket Layer (SSL)
Samip jain
 
PPTX
Stability Patterns for Microservices
pflueras
 
PDF
JavaCard development Quickstart
Martin Paljak
 
PPT
Memcache
Abhinav Singh
 
PPTX
Hyperledger Fabric
Murughan Palaniachari
 
PPTX
Cloud computing and data security
Mohammed Fazuluddin
 
PDF
Integration Patterns and Anti-Patterns for Microservices Architectures
Apcera
 
PPTX
Virtualization- Cloud Computing
NIKHILKUMAR SHARDOOR
 
Big table
Manuel Correa
 
Achieve Extreme Simplicity and Superior Price/Performance with Greenplum Buil...
VMware Tanzu
 
Serverless Computing
Rushi Namani
 
Secure Socket Layer
Naveen Kumar
 
Secure Socket Layer (SSL)
amanchaurasia
 
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 
How does blockchain work
Shishir Aryal
 
June OpenNTF Webinar - Domino V12 Certification Manager
Howard Greenberg
 
Multi Tenancy In The Cloud
rohit_ainapure
 
cryptography ppt free download
Twinkal Harsora
 
key management
VIRAJRATHOD8
 
Storage Area Network(SAN)
Krishna Kahar
 
Secure Socket Layer (SSL)
Samip jain
 
Stability Patterns for Microservices
pflueras
 
JavaCard development Quickstart
Martin Paljak
 
Memcache
Abhinav Singh
 
Hyperledger Fabric
Murughan Palaniachari
 
Cloud computing and data security
Mohammed Fazuluddin
 
Integration Patterns and Anti-Patterns for Microservices Architectures
Apcera
 
Virtualization- Cloud Computing
NIKHILKUMAR SHARDOOR
 
Ad

Similar to Introducing envoy-based service mesh at Booking.com (20)

PDF
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
TinaCondrache1
 
PDF
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
ALVAROEMMANUELSOCOPP
 
PPTX
Multicluster Kubernetes and Service Mesh Patterns
Christian Posta
 
PPTX
How Yelp does Service Discovery
John Billings
 
PPTX
Api service mesh and microservice tooling
Red Hat
 
PDF
Istio presentation jhug
Georgios Andrianakis
 
PDF
What is a Service Mesh and what can it do for your Microservices
Matt Turner
 
PDF
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
PDF
Comparing ZooKeeper and Consul
Ivan Glushkov
 
PPTX
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
PPTX
CON411-R - Advanced network resource management on Amazon EKS
Claes Mogren
 
PPTX
Chapter 05: Eclipse Vert.x - Service Discovery, Resilience and Stability Patt...
Firmansyah, SCJP, OCEWCD, OCEWSD, TOGAF, OCMJEA, CEH
 
PDF
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
Amazon Web Services Korea
 
PPTX
Service Discovery Like a Pro
Eran Harel
 
PDF
Kubernetes from scratch at veepee sysadmins days 2019
🔧 Loïc BLOT
 
PPTX
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
PDF
Building a Service Mesh with Envoy (Kubecon May 2018)
Douglas Jones
 
PPTX
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
PDF
Kubernetes Networking 101 kubecon EU 2022
ssuser1490e8
 
PDF
Bringing it all together
MelissaMcKay15
 
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
TinaCondrache1
 
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
ALVAROEMMANUELSOCOPP
 
Multicluster Kubernetes and Service Mesh Patterns
Christian Posta
 
How Yelp does Service Discovery
John Billings
 
Api service mesh and microservice tooling
Red Hat
 
Istio presentation jhug
Georgios Andrianakis
 
What is a Service Mesh and what can it do for your Microservices
Matt Turner
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
Comparing ZooKeeper and Consul
Ivan Glushkov
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
CON411-R - Advanced network resource management on Amazon EKS
Claes Mogren
 
Chapter 05: Eclipse Vert.x - Service Discovery, Resilience and Stability Patt...
Firmansyah, SCJP, OCEWCD, OCEWSD, TOGAF, OCMJEA, CEH
 
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
Amazon Web Services Korea
 
Service Discovery Like a Pro
Eran Harel
 
Kubernetes from scratch at veepee sysadmins days 2019
🔧 Loïc BLOT
 
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
Building a Service Mesh with Envoy (Kubecon May 2018)
Douglas Jones
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
Kubernetes Networking 101 kubecon EU 2022
ssuser1490e8
 
Bringing it all together
MelissaMcKay15
 
Ad

More from Ivan Kruglov (16)

PPTX
SRE: Site Reliability Engineering
Ivan Kruglov
 
PPTX
Blue-green & canary deployments
Ivan Kruglov
 
PPTX
Обратная сторона сервис-ориентированной архитектуры
Ivan Kruglov
 
PPTX
Kubernetes в Booking.com
Ivan Kruglov
 
PPTX
Тернии контейнеризованных приложений и микросервисов
Ivan Kruglov
 
PPTX
Service mesh для микросервисов
Ivan Kruglov
 
PPTX
SOA: Строим свой service mesh
Ivan Kruglov
 
PDF
Solving some of the scalability problems at booking.com
Ivan Kruglov
 
PDF
Sereal: a view from inside
Ivan Kruglov
 
PPSX
SOA: послать запрос на сервер? Что может быть проще?!
Ivan Kruglov
 
PPSX
Мониторинг, когда не тестируешь
Ivan Kruglov
 
PPTX
Архитектура поиска в Booking.com
Ivan Kruglov
 
PDF
Processing JSON messages in highspeed
Ivan Kruglov
 
PDF
Bringing code to the data: from MySQL to RocksDB for high volume searches
Ivan Kruglov
 
PDF
Optimize sereal
Ivan Kruglov
 
PDF
Sereal and its tooling
Ivan Kruglov
 
SRE: Site Reliability Engineering
Ivan Kruglov
 
Blue-green & canary deployments
Ivan Kruglov
 
Обратная сторона сервис-ориентированной архитектуры
Ivan Kruglov
 
Kubernetes в Booking.com
Ivan Kruglov
 
Тернии контейнеризованных приложений и микросервисов
Ivan Kruglov
 
Service mesh для микросервисов
Ivan Kruglov
 
SOA: Строим свой service mesh
Ivan Kruglov
 
Solving some of the scalability problems at booking.com
Ivan Kruglov
 
Sereal: a view from inside
Ivan Kruglov
 
SOA: послать запрос на сервер? Что может быть проще?!
Ivan Kruglov
 
Мониторинг, когда не тестируешь
Ivan Kruglov
 
Архитектура поиска в Booking.com
Ivan Kruglov
 
Processing JSON messages in highspeed
Ivan Kruglov
 
Bringing code to the data: from MySQL to RocksDB for high volume searches
Ivan Kruglov
 
Optimize sereal
Ivan Kruglov
 
Sereal and its tooling
Ivan Kruglov
 

Recently uploaded (20)

PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Approach and Philosophy of On baking technology
30anthuong17
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 

Introducing envoy-based service mesh at Booking.com

  • 1. Introducing Envoy-based service mesh at Booking.com Ivan Kruglov KubeCon Europe 2018 02.05.2018
  • 2. based in Amsterdam 28M listings 1,5M room nights per day 1700 IT staff
  • 3. Agenda • what is service mesh? • why did we start the project? • our setup • learnings • conclusion
  • 4. What is service mesh*? * the way I understand it
  • 6. application provider service consumer service provider communication infra
  • 7. application provider service consumer service provider proxy proxy control plane
  • 8. Why did we start service mesh project?
  • 13. Consistency & Visibility in communications
  • 15. application provider proxy service consumer service provider data plane HTTP(S) HTTP
  • 17. application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery
  • 18. control plane • in-house (v1/v2 API) • started in August 2017; Istio is around 0.2 • one complex system at a time • start with bare-metal support • minimal abstraction • yup, just write Envoy config (partially) • fine with Envoy’s set of features • self-service for service owners
  • 19. application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) Kubernetes (service discovery) ZooKeeper (configuration)
  • 20. configuration • Envoy configuration is quite rich • power vs. usability: • cluster specification • virtual host specification
  • 21. kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
  • 22. kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
  • 23. kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
  • 24. kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true
  • 25. kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true envoy cluster spec envoy virtual host spec
  • 26. kind: VirtualHostSpec spec: name: api.vhost domains: ["api.service"] routes: - match: prefix: / route: cluster: api.prod.cluster timeout: 10s retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 3s kind: ClusterSpec metadata: annotations: watcher_name: zookeeper.watcher paths: ["/pools/api/dc"] spec: name: api.prod.cluster lb_policy: LEAST_REQUEST connect_timeout: 1s lb_subset_config: subset_selectors: - keys: ["DC"] - keys: ["IsLocal"] fallback_policy: DEFAULT_SUBSET default_subset: IsLocal: true envoy cluster spec envoy virtual host spec bootstrap wizard
  • 27. control plane ZooKeeper VC VC VC service A expose to service D service C expose to service Dservice B envoy I’m service D here is service A and service C specs
  • 28. application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) Kubernetes (service discovery) ZooKeeper (configuration) configuration changes
  • 29. Deploying changes • integration with existent infrastructure • git-deploy • vanguard (canary) deployment • syntax and semantic validation • fast rollback
  • 30. application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) ZooKeeper (configuration) configuration changes metrics Kubernetes (service discovery)
  • 31. Monitoring • approach #1 – graphite • excellent in-house facilities • aggregations is too heavy at scale • approach #2 – prometheus • statsd support • statsd_exporter • still iterating • standard dashboard envoy statsd_exporter envoy…
  • 33. application provider envoy service consumer service provider data plane HTTP(S) HTTP control plane control plane • routing rules • timeout/retry/etc policies • service discovery ZooKeeper (service discovery) ZooKeeper (configuration) configuration changes metrics Kubernetes (service discovery)
  • 35. Some numbers • ~ 6 months in production • ~ 30 projects • ~ 10K servers • hundreds of thousands RPS • overheads…
  • 38. Some findings • graceful restart works, but not always! • (major) Envoy upgrades may not be graceful • ”x-envoy-retry-on = connect-failure” – too few “x-envoy-retry-on = 5xx” – too much • gateway-error – HTTP 502, 503, 504 • absence of TCP keepalive => stale connections • coming in 1.7 • idle_timeout in TCP proxy in 1.6 • cluster_name (1.5) -> cluster_names (1.6)
  • 40. service mesh* is a building block on the path to SOA technically & organizationally * the way I understand it
  • 41. Andrei Vereha Envoy production stories Friday, May 4th 14:00 Envoy Deep Dive