Abstract image of a woman sitting on books and studying on a laptop

The Current And Future State Of Service Mesh

Ram Vennam, profile picture
Ram Vennam

This document discusses the current and future state of service mesh. It provides an overview of Solo.io, including its leadership team members and growth. It then discusses key functions of service meshes like Istio including traffic control and policy enforcement. The document outlines considerations for extending the data plane, such as with GraphQL and eBPF. It argues that optimizing the data plane is an area of ongoing innovation and discusses tradeoffs between different data plane architectures.

Technology
1 of 57
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
The Current & Future State of Service Mesh
2 | Copyright © 2022 Idit Levine Founding API gateway WG-Istio Christian Posta Founding community member, Istio Steering Committee, author Istio in Action Lin Sun Founding Istio project maintainer, Technical Oversight Committee (TOC), Steering Committee Neeraj Poddar Istio Steering and TOC member. Co-founded Istio Product Security Working Group. Yuval Kohavi Renowned security researcher, Founding API Gateway WG-Istio, Contributor Envoy Ram Vennam Founding Istio Steering Committee member Nick Nellis First to run Istio in production, current contributor and maintainer Solo Istio/Envoy Community Leadership Founded in 2017 by Idit Levine Based in Cambridge, MA with multiple locations around the globe Industry leaders in application networking, service mesh, and modern API gateway technologies Open-Core, “Enterprise” Subscription model Growing fast with happy customers Well Funded 350+% bookings growth y/y 98%+ renewal rate $171.5M venture financing $1 Billion valuation Solo.io Gloo Application Networking Platform Simplify your application networking with unified control, reliability, observability, extensibility, and security 2 | Copyright © 2022 Greg Hanson Founding Istio Maintainer, Product Security WG Lead, Istio Release Manager
3 | Copyright © 2022 Large deployments of enterprise service mesh
4 | Copyright © 2022 4 | Copyright © 2022 The Current State of Service Mesh… …day 1 and day 2 operations
5 | Copyright © 2022 Service discovery / Load balancing Secure service-to-service communication Traffic control / shaping / shifting Policy / Intention based access control Traffic metric collection Service resilience API / programmable interface Service Mesh Functions
6 | Copyright © 2022 Istio
7 | Copyright © 2022 Install
8 | Copyright © 2022 Performance ● Envoy proxy uses 0.35 vCPU and 40 MB memory per 1000 requests per second going through the proxy. ● Istiod uses 1 vCPU and 1.5 GB of memory. ● The Envoy proxy adds 2.65 ms to the 90th percentile latency.
9 | Copyright © 2022 Upgrade
10 | Copyright © 2022 Gateway API https://gateway-api.sigs.k8s.io/
11 | Copyright © 2022 11 | Copyright © 2022 The Future of Service Mesh… …happens in and around the data plane
12 | Copyright © 2022 Data plane is where the innovation continues to happen ● Web Assembly ● HTTP/3 ● Universal Data Plane API Extending the data plane Optimizing the data plane
13 | Copyright © 2022 13 | Copyright © 2020 Extending the data plane with GraphQL
14 | Copyright © 2022 Clients https://api.yelp.com/v3 /businesses/search
15 | Copyright © 2022 GET https://api.yelp.com/v3/businesses/search { "total": 8228, "businesses": [ { "rating": 4, "price": "$", "phone": "+14152520800", "alias": "four-barrel-coffee-san-francisco", "categories": [ { "alias": "coffee", "title": "Coffee & Tea" } ], // ... ], "region": { "center": { "latitude": 37.767413217936834, "longitude": -122.42820739746094 } } }
16 | Copyright © 2022 Clients Web API /business/{id}/menu /reviews/{id} /events/{name}
17 | Copyright © 2022 GraphQL Returns exactly what we need and nothing more Fetches data across different resources from a single query
18 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name } } { “businesses”: [ { “name”: “solo.io” }, { “name”: “Solo Solar” } ] } Business Info API
19 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102 }, { “name”: “Solo Solar”, “phone”: 2223657814 }, ] } Business Info API
20 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone location { address } } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “address”:“3 Hershey Park” }, }, ] } Business Info API Business Location API
21 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo_query: businesses(search: “solo”) { name phone location { business_address: address } } } { “solo_query”: [ { “name”: “solo.io”, “phone”: 6172213102, “business_address”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “business_address”: { “address”:“3 Hershey Park” }, }, ], }
22 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo: businesses(search: “solo”) { name phone location { state } } software: businesses(search: “software”) { name } } { “solo”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “state”:“MA” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “state”:“CA” }, }, ], “software”: [{...}] }
23 | Copyright © 2022 Query query { businesses(search: “solo”) { name phone location { state } } } type Query { businesses(search: String!): [Business] } type Business { name: String phone: String categories: [String] reviews: [Int] location: Location } type Location { state: String! country: String! street: String! } Schema Definition Language (SDL)
24 | Copyright © 2022
25 | Copyright © 2022
26 | Copyright © 2022
27 | Copyright © 2022 GraphQL Interest - Market Indicators https://trends.google.com https://2020.stateofjs.com/en-US/technologies/datalayer https://smartbear.com/state-of-software-quality/api/tools 24%
28 | Copyright © 2022 GraphQL Adoption Patterns REST
29 | Copyright © 2022 GraphQL Adoption Patterns REST gRPC REST gRPC
30 | Copyright © 2022 GraphQL Adoption Patterns
31 | Copyright © 2022 GraphQL Adoption Patterns
32 | Copyright © 2022 GraphQL Traffic Patterns
33 | Copyright © 2022 Considerations when using GraphQL APIs Application Interface Application Network Client-specific data views Single entry point to entire graph Overfetching data Underfetching data (N+1) Client compatibility with schema evolution Authentication / Authorization Rate Limiting Observability Web Application Firewall Data Loss Prevention
34 | Copyright © 2022 GraphQL Support in Envoy • Web Application Firewall (WAF) • Data Loss Prevention (DLP) • AWS Lambda • Request and Response Transformation • SOAP • GraphQL EXTERNAL AUTH RATE LIMITING ROUTER UPSTREAM CUSTOM gRPC TRANSCODER Gloo Edge Custom Envoy Filter
35 | Copyright © 2022 Extending the service mesh data plane
36 | Copyright © 2022 Extending the data plane
37 | Copyright © 2022 Benefits of GraphQL in Envoy Simplified deployment architecture Optimized data plane performance Declarative configuration for apps and infra Leverage platform capabilities vs. DIY in every application Architecture scales from simple monolith to multi cloud federation
38 | Copyright © 2022 38 | Copyright © 2020 Optimizing the service mesh data plane
39 | Copyright © 2022 What is eBPF? • Linux technology which enables users to run custom programs “sandboxed” in the kernel • extended Berkeley Packet Filter, evolution of “classic BPF” – think tcpdump • Event-based – programs are attached to “hook points” that are triggered by certain events − E.g. ‘kprobe’ type programs are attached to kernel functions and are then executed when that function is called • BPF programs are verified to be “safe” – won’t crash the kernel, guaranteed to return (no infinite loops), can only access specific sections of memory, etc.
40 | Copyright © 2022 petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket Istio sidecar redirection
41 | Copyright © 2022 Networking in Istio Source: https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing
42 | Copyright © 2022 Istio data-path acceleration with eBPF • The Linux kernel has several hookpoints in network stack for BPF programs to be attached • Attach BPF programs to network sockets • Special BPF map (sockmap) that can redirect data from one socket directly to another
43 | Copyright © 2022 Istio data-path acceleration petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket eBPF eBPF Skip the network stack!
44 | Copyright © 2022 Istio data-path acceleration
45 | Copyright © 2022 Can eBPF implement service mesh functions? Service Mesh Functions: • L4 & L7 Observability • Identity Management • Encryption • JWT based Authz/Authn • External Authorization • L7 Traffic Management • Advanced Load Balancing • Session Affinity • ... eBPF: ● eBPF execution paths must be fully known and verified ● eBPF programs cannot have arbitrary loops where the verifier will not know when the program will stop execution. ● eBPF is turing incomplete. ● eBPF is ideal for O(1) complexity ○ inspecting a packet ○ manipulating some bits ○ redirect ● Complex protocols like HTTP/2 and gRPC can be O(n) complexity and very difficult to debug
46 | Copyright © 2022 Data plane as a spectrum From “The Truth About the Service Mesh Data Plane”, November 2019 https://www.slideshare.net/ceposta/the-truth-about-the-service-mesh-data-plane
47 | Copyright © 2022 Data plane: sidecar (service proxy)
48 | Copyright © 2022 Data plane: sidecar (service proxy)
49 | Copyright © 2022 Data plane: shared proxy per node
50 | Copyright © 2022 Data plane: shared proxy per node
51 | Copyright © 2022 Data plane: shared proxy per service account (per node)
52 | Copyright © 2022 Data plane: shared proxy per service account (per node)
53 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
54 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
55 | Copyright © 2022 User Clusters Public cloud Compliance / DMZ
56 | Copyright © 2022 Gloo Application Networking Platform
57 | Copyright © 2022 Solo Istio/Envoy Community Leadership Idit Levine Christian Posta Lin Sun Neeraj Poddar Yuval Kohavi Ram Vennam Nick Nellis “The team Solo has assembled is incredible. They have deep expertise with Envoy and Istio, and they’re extremely receptive to community feedback. The strength of their team gives us confidence in the innovation and support they’re able to provide.” CURRENT CUSTOMER Thank you!! Reach out to us for guidance! CRAWL WALK Access to Expertise and Long-term Support (LTS) Enhanced capabilities for security, observability & collaboration RUN FLY Extend & Scale Across Teams and the World Multi-Cluster, Multi-Mesh on Cloud and Hybrid 57 | Copyright © 2022

More Related Content

PDF
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
JamesAnderson599331
 
PPTX
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
PDF
Cilium + Istio with Gloo Mesh
Christian Posta
 
PPTX
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
PPTX
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
PDF
The Future of Service Mesh
All Things Open
 
PDF
Managing microservices with Istio Service Mesh
Rafik HARABI
 
PPTX
The Truth About the Service Mesh Data Plane
Christian Posta
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
JamesAnderson599331
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
Cilium + Istio with Gloo Mesh
Christian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
The Future of Service Mesh
All Things Open
 
Managing microservices with Istio Service Mesh
Rafik HARABI
 
The Truth About the Service Mesh Data Plane
Christian Posta
 

Similar to The Current And Future State Of Service Mesh (20)

PDF
Service Mesh For Beginner
Mien Dinh
 
PDF
Smart net
Amirhosein Ataei
 
PDF
Istio presentation jhug
Georgios Andrianakis
 
PDF
What is a Service Mesh and what can it do for your Microservices
Matt Turner
 
PPTX
Do You Need A Service Mesh?
NGINX, Inc.
 
PDF
Service Mesh Pain & Gain. Experiences from a client project.
QAware GmbH
 
PPTX
Connecting All Abstractions with Istio
VMware Tanzu
 
PDF
Istio Up Running Using a Service Mesh to Connect Secure Control and Observe 1...
kecketatyz
 
PDF
Bringing it all together
MelissaMcKay15
 
PDF
INTERFACE by apidays 2023 - How APIs are fueling the growth of 5G and MEC
apidays
 
PDF
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays
 
PDF
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
Jitendra Bafna
 
PDF
Don't Assume Your API Gateway is Ready for Microservices
Ambassador Labs
 
PDF
Move Auth, Policy, and Resilience to the Platform
Christian Posta
 
PPTX
The Hardest Part of Microservices: Calling Your Services
Christian Posta
 
PPTX
Your API on Steroids
QAware GmbH
 
PPTX
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
PPTX
Service Mesh in the Real World [Raleigh NC Meetup]
Solo.io
 
PPTX
istio: service mesh for all
Mandar Jog
 
PPTX
Api service mesh and microservice tooling
Red Hat
 
Service Mesh For Beginner
Mien Dinh
 
Smart net
Amirhosein Ataei
 
Istio presentation jhug
Georgios Andrianakis
 
What is a Service Mesh and what can it do for your Microservices
Matt Turner
 
Do You Need A Service Mesh?
NGINX, Inc.
 
Service Mesh Pain & Gain. Experiences from a client project.
QAware GmbH
 
Connecting All Abstractions with Istio
VMware Tanzu
 
Istio Up Running Using a Service Mesh to Connect Secure Control and Observe 1...
kecketatyz
 
Bringing it all together
MelissaMcKay15
 
INTERFACE by apidays 2023 - How APIs are fueling the growth of 5G and MEC
apidays
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays
 
MuleSoft Surat Meetup#43 - Combine Service Mesh With Anypoint API Management ...
Jitendra Bafna
 
Don't Assume Your API Gateway is Ready for Microservices
Ambassador Labs
 
Move Auth, Policy, and Resilience to the Platform
Christian Posta
 
The Hardest Part of Microservices: Calling Your Services
Christian Posta
 
Your API on Steroids
QAware GmbH
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
Service Mesh in the Real World [Raleigh NC Meetup]
Solo.io
 
istio: service mesh for all
Mandar Jog
 
Api service mesh and microservice tooling
Red Hat
 
Ad

Recently uploaded (20)

PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
August Patch Tuesday
Ivanti
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Five Habits of High-Impact Board Members
OnBoard
 
What is a Computer? Input Devices /output devices
GulJan8
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Modernising the Digital Integration Hub
Daniel Toomey
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
August Patch Tuesday
Ivanti
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Ad

The Current And Future State Of Service Mesh

  • 1. The Current & Future State of Service Mesh
  • 2. 2 | Copyright © 2022 Idit Levine Founding API gateway WG-Istio Christian Posta Founding community member, Istio Steering Committee, author Istio in Action Lin Sun Founding Istio project maintainer, Technical Oversight Committee (TOC), Steering Committee Neeraj Poddar Istio Steering and TOC member. Co-founded Istio Product Security Working Group. Yuval Kohavi Renowned security researcher, Founding API Gateway WG-Istio, Contributor Envoy Ram Vennam Founding Istio Steering Committee member Nick Nellis First to run Istio in production, current contributor and maintainer Solo Istio/Envoy Community Leadership Founded in 2017 by Idit Levine Based in Cambridge, MA with multiple locations around the globe Industry leaders in application networking, service mesh, and modern API gateway technologies Open-Core, “Enterprise” Subscription model Growing fast with happy customers Well Funded 350+% bookings growth y/y 98%+ renewal rate $171.5M venture financing $1 Billion valuation Solo.io Gloo Application Networking Platform Simplify your application networking with unified control, reliability, observability, extensibility, and security 2 | Copyright © 2022 Greg Hanson Founding Istio Maintainer, Product Security WG Lead, Istio Release Manager
  • 3. 3 | Copyright © 2022 Large deployments of enterprise service mesh
  • 4. 4 | Copyright © 2022 4 | Copyright © 2022 The Current State of Service Mesh… …day 1 and day 2 operations
  • 5. 5 | Copyright © 2022 Service discovery / Load balancing Secure service-to-service communication Traffic control / shaping / shifting Policy / Intention based access control Traffic metric collection Service resilience API / programmable interface Service Mesh Functions
  • 6. 6 | Copyright © 2022 Istio
  • 7. 7 | Copyright © 2022 Install
  • 8. 8 | Copyright © 2022 Performance ● Envoy proxy uses 0.35 vCPU and 40 MB memory per 1000 requests per second going through the proxy. ● Istiod uses 1 vCPU and 1.5 GB of memory. ● The Envoy proxy adds 2.65 ms to the 90th percentile latency.
  • 9. 9 | Copyright © 2022 Upgrade
  • 10. 10 | Copyright © 2022 Gateway API https://gateway-api.sigs.k8s.io/
  • 11. 11 | Copyright © 2022 11 | Copyright © 2022 The Future of Service Mesh… …happens in and around the data plane
  • 12. 12 | Copyright © 2022 Data plane is where the innovation continues to happen ● Web Assembly ● HTTP/3 ● Universal Data Plane API Extending the data plane Optimizing the data plane
  • 13. 13 | Copyright © 2022 13 | Copyright © 2020 Extending the data plane with GraphQL
  • 14. 14 | Copyright © 2022 Clients https://api.yelp.com/v3 /businesses/search
  • 15. 15 | Copyright © 2022 GET https://api.yelp.com/v3/businesses/search { "total": 8228, "businesses": [ { "rating": 4, "price": "$", "phone": "+14152520800", "alias": "four-barrel-coffee-san-francisco", "categories": [ { "alias": "coffee", "title": "Coffee & Tea" } ], // ... ], "region": { "center": { "latitude": 37.767413217936834, "longitude": -122.42820739746094 } } }
  • 16. 16 | Copyright © 2022 Clients Web API /business/{id}/menu /reviews/{id} /events/{name}
  • 17. 17 | Copyright © 2022 GraphQL Returns exactly what we need and nothing more Fetches data across different resources from a single query
  • 18. 18 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name } } { “businesses”: [ { “name”: “solo.io” }, { “name”: “Solo Solar” } ] } Business Info API
  • 19. 19 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102 }, { “name”: “Solo Solar”, “phone”: 2223657814 }, ] } Business Info API
  • 20. 20 | Copyright © 2022 https://api.yelp.com/v3/graphql query { businesses(search: “solo”) { name phone location { address } } } { “businesses”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “address”:“3 Hershey Park” }, }, ] } Business Info API Business Location API
  • 21. 21 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo_query: businesses(search: “solo”) { name phone location { business_address: address } } } { “solo_query”: [ { “name”: “solo.io”, “phone”: 6172213102, “business_address”: { “address”:“222 Third St” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “business_address”: { “address”:“3 Hershey Park” }, }, ], }
  • 22. 22 | Copyright © 2022 https://api.yelp.com/v3/graphql query { solo: businesses(search: “solo”) { name phone location { state } } software: businesses(search: “software”) { name } } { “solo”: [ { “name”: “solo.io”, “phone”: 6172213102, “location”: { “state”:“MA” }, }, { “name”: “Solo Solar”, “phone”: 2223657814, “location”: { “state”:“CA” }, }, ], “software”: [{...}] }
  • 23. 23 | Copyright © 2022 Query query { businesses(search: “solo”) { name phone location { state } } } type Query { businesses(search: String!): [Business] } type Business { name: String phone: String categories: [String] reviews: [Int] location: Location } type Location { state: String! country: String! street: String! } Schema Definition Language (SDL)
  • 24. 24 | Copyright © 2022
  • 25. 25 | Copyright © 2022
  • 26. 26 | Copyright © 2022
  • 27. 27 | Copyright © 2022 GraphQL Interest - Market Indicators https://trends.google.com https://2020.stateofjs.com/en-US/technologies/datalayer https://smartbear.com/state-of-software-quality/api/tools 24%
  • 28. 28 | Copyright © 2022 GraphQL Adoption Patterns REST
  • 29. 29 | Copyright © 2022 GraphQL Adoption Patterns REST gRPC REST gRPC
  • 30. 30 | Copyright © 2022 GraphQL Adoption Patterns
  • 31. 31 | Copyright © 2022 GraphQL Adoption Patterns
  • 32. 32 | Copyright © 2022 GraphQL Traffic Patterns
  • 33. 33 | Copyright © 2022 Considerations when using GraphQL APIs Application Interface Application Network Client-specific data views Single entry point to entire graph Overfetching data Underfetching data (N+1) Client compatibility with schema evolution Authentication / Authorization Rate Limiting Observability Web Application Firewall Data Loss Prevention
  • 34. 34 | Copyright © 2022 GraphQL Support in Envoy • Web Application Firewall (WAF) • Data Loss Prevention (DLP) • AWS Lambda • Request and Response Transformation • SOAP • GraphQL EXTERNAL AUTH RATE LIMITING ROUTER UPSTREAM CUSTOM gRPC TRANSCODER Gloo Edge Custom Envoy Filter
  • 35. 35 | Copyright © 2022 Extending the service mesh data plane
  • 36. 36 | Copyright © 2022 Extending the data plane
  • 37. 37 | Copyright © 2022 Benefits of GraphQL in Envoy Simplified deployment architecture Optimized data plane performance Declarative configuration for apps and infra Leverage platform capabilities vs. DIY in every application Architecture scales from simple monolith to multi cloud federation
  • 38. 38 | Copyright © 2022 38 | Copyright © 2020 Optimizing the service mesh data plane
  • 39. 39 | Copyright © 2022 What is eBPF? • Linux technology which enables users to run custom programs “sandboxed” in the kernel • extended Berkeley Packet Filter, evolution of “classic BPF” – think tcpdump • Event-based – programs are attached to “hook points” that are triggered by certain events − E.g. ‘kprobe’ type programs are attached to kernel functions and are then executed when that function is called • BPF programs are verified to be “safe” – won’t crash the kernel, guaranteed to return (no infinite loops), can only access specific sections of memory, etc.
  • 40. 40 | Copyright © 2022 petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket Istio sidecar redirection
  • 41. 41 | Copyright © 2022 Networking in Istio Source: https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing
  • 42. 42 | Copyright © 2022 Istio data-path acceleration with eBPF • The Linux kernel has several hookpoints in network stack for BPF programs to be attached • Attach BPF programs to network sockets • Special BPF map (sockmap) that can redirect data from one socket directly to another
  • 43. 43 | Copyright © 2022 Istio data-path acceleration petstore pod: "petstore" istio-proxy kernel network stack network stack socket socket eBPF eBPF Skip the network stack!
  • 44. 44 | Copyright © 2022 Istio data-path acceleration
  • 45. 45 | Copyright © 2022 Can eBPF implement service mesh functions? Service Mesh Functions: • L4 & L7 Observability • Identity Management • Encryption • JWT based Authz/Authn • External Authorization • L7 Traffic Management • Advanced Load Balancing • Session Affinity • ... eBPF: ● eBPF execution paths must be fully known and verified ● eBPF programs cannot have arbitrary loops where the verifier will not know when the program will stop execution. ● eBPF is turing incomplete. ● eBPF is ideal for O(1) complexity ○ inspecting a packet ○ manipulating some bits ○ redirect ● Complex protocols like HTTP/2 and gRPC can be O(n) complexity and very difficult to debug
  • 46. 46 | Copyright © 2022 Data plane as a spectrum From “The Truth About the Service Mesh Data Plane”, November 2019 https://www.slideshare.net/ceposta/the-truth-about-the-service-mesh-data-plane
  • 47. 47 | Copyright © 2022 Data plane: sidecar (service proxy)
  • 48. 48 | Copyright © 2022 Data plane: sidecar (service proxy)
  • 49. 49 | Copyright © 2022 Data plane: shared proxy per node
  • 50. 50 | Copyright © 2022 Data plane: shared proxy per node
  • 51. 51 | Copyright © 2022 Data plane: shared proxy per service account (per node)
  • 52. 52 | Copyright © 2022 Data plane: shared proxy per service account (per node)
  • 53. 53 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
  • 54. 54 | Copyright © 2022 Data plane: shared remote proxy with micro-sidecar
  • 55. 55 | Copyright © 2022 User Clusters Public cloud Compliance / DMZ
  • 56. 56 | Copyright © 2022 Gloo Application Networking Platform
  • 57. 57 | Copyright © 2022 Solo Istio/Envoy Community Leadership Idit Levine Christian Posta Lin Sun Neeraj Poddar Yuval Kohavi Ram Vennam Nick Nellis “The team Solo has assembled is incredible. They have deep expertise with Envoy and Istio, and they’re extremely receptive to community feedback. The strength of their team gives us confidence in the innovation and support they’re able to provide.” CURRENT CUSTOMER Thank you!! Reach out to us for guidance! CRAWL WALK Access to Expertise and Long-term Support (LTS) Enhanced capabilities for security, observability & collaboration RUN FLY Extend & Scale Across Teams and the World Multi-Cluster, Multi-Mesh on Cloud and Hybrid 57 | Copyright © 2022