SlideShare a Scribd company logo

Traffic Control with Envoy Proxy

M
Mark McBride

The document discusses traffic control improvements using Envoy, emphasizing easier service creation and deployment while addressing reliability challenges in distributed systems. Key goals include resilience and straightforward routing for integrating new code into request flows, with features like configurable retries, load shedding, and circuit breakers to manage traffic effectively. Advanced routing techniques like probabilistic distribution and dynamic configuration through xDS APIs are highlighted to enhance traffic management across multiple clusters.

Software
Related topics:
cloud-native
1 of 29
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Better Traffic Control with Envoy Mark McBride 1/31/2018
Why Care about Traffic Control Generaliza5ons: Kubernetes leads to a bunch of good things. • Crea5ng new services is easier. • Deploying new service versions is easier. • Deploying smaller services is easier.
Why Care about Traffic Control But the good things aren’t free. • New code needs to be (safely!) integrated with your request flow. • Addi5onal abstrac5ons have < 100% reliability. • Longer call chains introduce more chances for failure.
Goals of Traffic Control • Resilience • Distributed systems are never “up”1. Dealing with failures should be straighTorward. • Rou5ng • Introducing a new code to the call chain is a common opera5on. It should be straighTorward. 1. Charity Majors, hYps://opensource.com/ar5cle/17/7/state-systems-administra5on
The Setup • Create scenarios using augmented Envoy examples • Use wrk to drive load against the system and measure results • Curl, because no demo is complete without some curl • A preview of envoy-tools to observe Envoy stats directly
Control Requires Visibility • Making unobservable changes is not advised. • Envoy comes with great tools out of the box. • Stats on listeners, clusters, protocols, and more. • An admin server for direct observa5on and control. • envoy-tools (coming soon!) – a repository of tools that provide a more approachable interface.
The Examples
Adding Reality to Examples • Add configurable latency and success rate
Adding Reality to Examples
Retries Envoy supports retry policies aYached to routes • Select error codes to retry on. • Configure 5meouts for each retry. • Configure number of retries.
Retries • No failures!
Retries—a Closer Look Failures when calling service1 No failures returned to client
Safe Retries • Usually you don’t want to retry all requests. • Side effects are important to consider. • Atomicity is important to consider. • Computa5onal expense is important to consider. • Add more routes, and configure retries accordingly.
Load Shedding • Some5mes you get more traffic than you can handle. • Envoy supports request limits on a per-cluster basis. • Envoy also supports two priority groups, allowing you to save slots for important traffic.
Without Circuit Breakers Failures are fine, but 99% latency is slowwwwww as requests just back up Also, POST requests are totally offline because we’re swamped with GETs
Without Circuit Breakers Retries overflow, which is slow
With Circuit Breakers Gobs of failures, but p99 latency is s5ll good. Also, POST requests are available. Also, we told clients to back off with the x-envoy-overloaded response header.
With Circuit Breakers Pending requests overflow, which is fast!
An Overview of Rou5ng • Endpoint metadata for richer rou5ng primi5ves • Probabilis5c distribu5on of traffic across mul5ple clusters • 1% of traffic to my-great-rewrite, 99% to legacy • 1% of traffic to v2 of my service, 99% to v1 • Header based rou5ng to cluster subsets • If “x-canary” is set route to endpoints with a version label of v2 • Priority rou5ng, which we saw in the circuit breaking example • Zone aware rou5ng
Traffic Shioing the Hard Way • Mul5ple clusters • Mul5ple routes
Header-based Canary • When we specify the canary header, the route matches and we (and only we) are routed to service1a • When header is not present, the route doesn’t match and we go on to the next route, sending traffic to service1
Probabilis5c Rollout • With the run5me match, we choose this route 25% of the 5me, sending 25% of our traffic to service1
Traffic Shioed 25% of traffic to service1a
The Easy Way • Restar5ng servers on every config change is tedious in this demo. • It’s even more tedious in produc5on. • Envoy provides a beYer way—the xDS APIs.
xDS APIs • CDS - discover clusters, which are logical groupings of endpoints. • A cluster defini5on can have a reference to an EDS endpoint • EDS - discover endpoints for a cluster. • LDS - discover listeners for an Envoy • A listener’s filter chain can have a reference to an RDS endpoint • RDS - discover routes for a filter chain
Dynamic Config • The xDS APIs give you a central point-of-control to manage a fleet of Envoys • Bridge service discovery (e.g. from Kubernetes) to Envoy • Bridge rou5ng config (e.g. from Houston) to Envoy
Advanced Rou5ng with EDS • CDS (cluster discovery service) defines groups of endpoints. • EDS (endpoint discovery service) discovers the actual endpoints for clusters. • EDS allows you to aYach metadata to an endpoint. • Our mul5-cluster example can be collapsed to a metadata based approach on a single cluster.
Even Easier with Houston • An CDS/EDS server with integra5ons to EC2, ECS, Kubernetes, Consul, DC/OS, or JSON files • An LDS/RDS server with an intui5ve route configura5on UI • Stats parsing, forwarding, and change tracking
Ques5ons/Contact Mark McBride mark@turbinelabs.io Twitter - @mccv http://www.turbinelabs.io

More Related Content

PPTX
Microservices With Istio Service Mesh
Natanael Fonseca
 
PDF
CNCF Singapore - Introduction to Envoy
Harish
 
PPTX
Introduction to the Container Network Interface (CNI)
Weaveworks
 
PPTX
Keeping a Secret with HashiCorp Vault
Mitchell Pronschinske
 
PDF
Observability, Distributed Tracing, and Open Source: The Missing Primer
VMware Tanzu
 
PDF
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
Yahoo!デベロッパーネットワーク
 
PPTX
OpenTelemetry For Operators
Kevin Brockhoff
 
PDF
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Henning Jacobs
 
Microservices With Istio Service Mesh
Natanael Fonseca
 
CNCF Singapore - Introduction to Envoy
Harish
 
Introduction to the Container Network Interface (CNI)
Weaveworks
 
Keeping a Secret with HashiCorp Vault
Mitchell Pronschinske
 
Observability, Distributed Tracing, and Open Source: The Missing Primer
VMware Tanzu
 
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
Yahoo!デベロッパーネットワーク
 
OpenTelemetry For Operators
Kevin Brockhoff
 
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Henning Jacobs
 

What's hot (20)

PDF
The RED Method: How to monitoring your microservices.
Grafana Labs
 
PPTX
Envoy and Kafka
Adam Kotwasinski
 
PDF
Model driven telemetry
Cisco Canada
 
PPTX
Docker Kubernetes Istio
Araf Karsh Hamid
 
PPSX
Service Mesh - Observability
Araf Karsh Hamid
 
PDF
Shift left Observability
Eric D. Schabell
 
PDF
Topic 3: Large-scale Distributed Systems
Zubair Nabi
 
PDF
Grafana Loki: like Prometheus, but for Logs
Marco Pracucci
 
PPTX
Istio a service mesh
Chandresh Pancholi
 
PPTX
あなたのところに専用線が届くまで
Tomohiro Sakamoto(Onodera)
 
PDF
Monitoring Microservices
Weaveworks
 
PDF
Real-time Analytics with Upsert Using Apache Kafka and Apache Pinot | Yupeng ...
HostedbyConfluent
 
PPTX
Service Mesh - Why? How? What?
Orkhan Gasimov
 
PDF
Introduction to Istio Service Mesh
Georgios Andrianakis
 
PDF
Why Microservice
Kelvin Yeung
 
PDF
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Thomas Graf
 
PPTX
Containers and workload security an overview
Krishna-Kumar
 
PDF
Apache Druid 101
Data Con LA
 
PPTX
Hashicorp Vault ppt
Shrey Agarwal
 
PDF
FreeSWITCH Monitoring
Moises Silva
 
The RED Method: How to monitoring your microservices.
Grafana Labs
 
Envoy and Kafka
Adam Kotwasinski
 
Model driven telemetry
Cisco Canada
 
Docker Kubernetes Istio
Araf Karsh Hamid
 
Service Mesh - Observability
Araf Karsh Hamid
 
Shift left Observability
Eric D. Schabell
 
Topic 3: Large-scale Distributed Systems
Zubair Nabi
 
Grafana Loki: like Prometheus, but for Logs
Marco Pracucci
 
Istio a service mesh
Chandresh Pancholi
 
あなたのところに専用線が届くまで
Tomohiro Sakamoto(Onodera)
 
Monitoring Microservices
Weaveworks
 
Real-time Analytics with Upsert Using Apache Kafka and Apache Pinot | Yupeng ...
HostedbyConfluent
 
Service Mesh - Why? How? What?
Orkhan Gasimov
 
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Why Microservice
Kelvin Yeung
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Thomas Graf
 
Containers and workload security an overview
Krishna-Kumar
 
Apache Druid 101
Data Con LA
 
Hashicorp Vault ppt
Shrey Agarwal
 
FreeSWITCH Monitoring
Moises Silva
 
Ad

Similar to Traffic Control with Envoy Proxy (20)

PPTX
Embracing Failure - Fault Injection and Service Resilience at Netflix
Josh Evans
 
PPTX
Service Stampede: Surviving a Thousand Services
Anil Gursel
 
PDF
Client Drivers and Cassandra, the Right Way
DataStax Academy
 
PDF
Impala Performance Update
Cloudera, Inc.
 
PPTX
Concurrency at Scale: Evolution to Micro-Services
Randy Shoup
 
PPTX
Making communication across boundaries simple with Azure Service Bus
Particular Software
 
PDF
IBM MQ: Managing Workloads, Scaling and Availability with MQ Clusters
David Ware
 
PPT
Dealing with the Three Horrible Problems in Verification
DVClub
 
PPTX
Deploying at will - SEI
Strongstep - Innovation in software quality
 
PDF
VMworld 2014: Extreme Performance Series
VMworld
 
PPT
Nokia kpi and_core_optimization
debasish goswami
 
PDF
Production Ready Microservices at Scale
Rajeev Bharshetty
 
PPTX
Tokyo azure meetup #12 service fabric internals
Tokyo Azure Meetup
 
PDF
Jeremy Edberg (MinOps ) - How to build a solid infrastructure for a startup t...
Startupfest
 
PDF
Denovo SIP VoIP Termination SBC Session Boarder Controler @ denofolab.com
Anne Kwong
 
PDF
denovolab.com class 4 voip switch
Anne Kwong
 
PDF
5 Steps on the Way to Continuous Delivery
XebiaLabs
 
PDF
[QCon London 2020] The Future of Cloud Native API Gateways - Richard Li
Ambassador Labs
 
PPTX
Database and Public Endpoints redundancy on Azure
Radu Vunvulea
 
PPTX
Planning to Fail #phpuk13
Dave Gardner
 
Embracing Failure - Fault Injection and Service Resilience at Netflix
Josh Evans
 
Service Stampede: Surviving a Thousand Services
Anil Gursel
 
Client Drivers and Cassandra, the Right Way
DataStax Academy
 
Impala Performance Update
Cloudera, Inc.
 
Concurrency at Scale: Evolution to Micro-Services
Randy Shoup
 
Making communication across boundaries simple with Azure Service Bus
Particular Software
 
IBM MQ: Managing Workloads, Scaling and Availability with MQ Clusters
David Ware
 
Dealing with the Three Horrible Problems in Verification
DVClub
 
Deploying at will - SEI
Strongstep - Innovation in software quality
 
VMworld 2014: Extreme Performance Series
VMworld
 
Nokia kpi and_core_optimization
debasish goswami
 
Production Ready Microservices at Scale
Rajeev Bharshetty
 
Tokyo azure meetup #12 service fabric internals
Tokyo Azure Meetup
 
Jeremy Edberg (MinOps ) - How to build a solid infrastructure for a startup t...
Startupfest
 
Denovo SIP VoIP Termination SBC Session Boarder Controler @ denofolab.com
Anne Kwong
 
denovolab.com class 4 voip switch
Anne Kwong
 
5 Steps on the Way to Continuous Delivery
XebiaLabs
 
[QCon London 2020] The Future of Cloud Native API Gateways - Richard Li
Ambassador Labs
 
Database and Public Endpoints redundancy on Azure
Radu Vunvulea
 
Planning to Fail #phpuk13
Dave Gardner
 
Ad

Recently uploaded (20)

PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
AI in Product Development-omnex systems
omnex systems
 
System and Network Administration Chapter 2
jaramharo
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
System and Network Administraation Chapter 3
jaramharo
 

Traffic Control with Envoy Proxy

  • 1. Better Traffic Control with Envoy Mark McBride 1/31/2018
  • 2. Why Care about Traffic Control Generaliza5ons: Kubernetes leads to a bunch of good things. • Crea5ng new services is easier. • Deploying new service versions is easier. • Deploying smaller services is easier.
  • 3. Why Care about Traffic Control But the good things aren’t free. • New code needs to be (safely!) integrated with your request flow. • Addi5onal abstrac5ons have < 100% reliability. • Longer call chains introduce more chances for failure.
  • 4. Goals of Traffic Control • Resilience • Distributed systems are never “up”1. Dealing with failures should be straighTorward. • Rou5ng • Introducing a new code to the call chain is a common opera5on. It should be straighTorward. 1. Charity Majors, hYps://opensource.com/ar5cle/17/7/state-systems-administra5on
  • 5. The Setup • Create scenarios using augmented Envoy examples • Use wrk to drive load against the system and measure results • Curl, because no demo is complete without some curl • A preview of envoy-tools to observe Envoy stats directly
  • 6. Control Requires Visibility • Making unobservable changes is not advised. • Envoy comes with great tools out of the box. • Stats on listeners, clusters, protocols, and more. • An admin server for direct observa5on and control. • envoy-tools (coming soon!) – a repository of tools that provide a more approachable interface.
  • 8. Adding Reality to Examples • Add configurable latency and success rate
  • 9. Adding Reality to Examples
  • 10. Retries Envoy supports retry policies aYached to routes • Select error codes to retry on. • Configure 5meouts for each retry. • Configure number of retries.
  • 12. Retries—a Closer Look Failures when calling service1 No failures returned to client
  • 13. Safe Retries • Usually you don’t want to retry all requests. • Side effects are important to consider. • Atomicity is important to consider. • Computa5onal expense is important to consider. • Add more routes, and configure retries accordingly.
  • 14. Load Shedding • Some5mes you get more traffic than you can handle. • Envoy supports request limits on a per-cluster basis. • Envoy also supports two priority groups, allowing you to save slots for important traffic.
  • 15. Without Circuit Breakers Failures are fine, but 99% latency is slowwwwww as requests just back up Also, POST requests are totally offline because we’re swamped with GETs
  • 16. Without Circuit Breakers Retries overflow, which is slow
  • 17. With Circuit Breakers Gobs of failures, but p99 latency is s5ll good. Also, POST requests are available. Also, we told clients to back off with the x-envoy-overloaded response header.
  • 18. With Circuit Breakers Pending requests overflow, which is fast!
  • 19. An Overview of Rou5ng • Endpoint metadata for richer rou5ng primi5ves • Probabilis5c distribu5on of traffic across mul5ple clusters • 1% of traffic to my-great-rewrite, 99% to legacy • 1% of traffic to v2 of my service, 99% to v1 • Header based rou5ng to cluster subsets • If “x-canary” is set route to endpoints with a version label of v2 • Priority rou5ng, which we saw in the circuit breaking example • Zone aware rou5ng
  • 20. Traffic Shioing the Hard Way • Mul5ple clusters • Mul5ple routes
  • 21. Header-based Canary • When we specify the canary header, the route matches and we (and only we) are routed to service1a • When header is not present, the route doesn’t match and we go on to the next route, sending traffic to service1
  • 22. Probabilis5c Rollout • With the run5me match, we choose this route 25% of the 5me, sending 25% of our traffic to service1
  • 23. Traffic Shioed 25% of traffic to service1a
  • 24. The Easy Way • Restar5ng servers on every config change is tedious in this demo. • It’s even more tedious in produc5on. • Envoy provides a beYer way—the xDS APIs.
  • 25. xDS APIs • CDS - discover clusters, which are logical groupings of endpoints. • A cluster defini5on can have a reference to an EDS endpoint • EDS - discover endpoints for a cluster. • LDS - discover listeners for an Envoy • A listener’s filter chain can have a reference to an RDS endpoint • RDS - discover routes for a filter chain
  • 26. Dynamic Config • The xDS APIs give you a central point-of-control to manage a fleet of Envoys • Bridge service discovery (e.g. from Kubernetes) to Envoy • Bridge rou5ng config (e.g. from Houston) to Envoy
  • 27. Advanced Rou5ng with EDS • CDS (cluster discovery service) defines groups of endpoints. • EDS (endpoint discovery service) discovers the actual endpoints for clusters. • EDS allows you to aYach metadata to an endpoint. • Our mul5-cluster example can be collapsed to a metadata based approach on a single cluster.
  • 28. Even Easier with Houston • An CDS/EDS server with integra5ons to EC2, ECS, Kubernetes, Consul, DC/OS, or JSON files • An LDS/RDS server with an intui5ve route configura5on UI • Stats parsing, forwarding, and change tracking
  • 29. Ques5ons/Contact Mark McBride mark@turbinelabs.io Twitter - @mccv http://www.turbinelabs.io