building a secure performant network fabric for
play

Building a Secure, Performant Network Fabric for Microservice - PowerPoint PPT Presentation

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM Agenda Agenda A little NGINX History The


  1. Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

  2. Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM

  3. Agenda Agenda • A little NGINX History • The Big Shift • The Networking Problem • Service Discovery • Load Balancing • Secure & Fast Intercommunication • Architectures • Issues MORE INFORMATION AT NGINX.COM

  4. NGINX History and NGINX History and Products Products MORE INFORMATION AT NGINX.COM

  5. • First team to crack C10K • OSS NGINX released in 2004 • Company founded in 2011 • Launched product late 2013 • 3x bookings growth last year Igor Sysoev, NGINX creator and founder MORE INFORMATION AT NGINX.COM

  6. NGINX, Inc. Con fi dential Information 6

  7. 170+ 170+ million million total sites running on NGINX Source: 7 http://news.netcraft.com/archives/category/web-server-survey/

  8. 50% of the Top 10,000 most visited websites Source: W3Techs Web Technology Survey 8

  9. 750+ 750+ Commercial Customers on NGINX Plus 9

  10. Web Server High Performance Webserver MORE INFORMATION AT NGINX.COM 10

  11. Monitoring & Load Balancer Content Cache Web Server Security Controls Management Flawless Application Delivery for the Modern Web MORE INFORMATION AT NGINX.COM 11

  12. Small Small Binary is 1.2 MBs 12

  13. Fast Fast 100,000’s of connections/sec 13

  14. Reliable Reliable Stablest part of the stack. 14

  15. The Big Shift The Big Shift MORE INFORMATION AT NGINX.COM

  16. Architectural Changes: Monolith to Microservices MORE INFORMATION AT NGINX.COM

  17. Architectural Changes: Monolith to Microservices MORE INFORMATION AT NGINX.COM

  18. An Anecdote An Anecdote MORE INFORMATION AT NGINX.COM

  19. The tight loop problem • Rest calls • 1000’s of requests • Looped data MORE INFORMATION AT NGINX.COM

  20. Mitigation • Group requests • Cache data • Optimize the network MORE INFORMATION AT NGINX.COM

  21. NGINX NGINX Microservices Microservices MORE INFORMATION AT NGINX.COM

  22. Microservices Reference Architecture • Docker containers • Polyglot services • 12-Factor App(-esque) design MORE INFORMATION AT NGINX.COM

  23. The Networking The Networking Problem Problem MORE INFORMATION AT NGINX.COM

  24. Service Discovery • Services needs to know where other services are • Service registries work in many different ways • Register and read service information MORE INFORMATION AT NGINX.COM

  25. Load-balancing • High Quality Load Balancing • Developer Configurable MORE INFORMATION AT NGINX.COM

  26. Secure & Fast Communication • Encryption at the transmission layer is becoming standard • SSL communication is slow • Encryption is CPU intensive MORE INFORMATION AT NGINX.COM

  27. Solution • Service discovery • Robust load balancing • Fast encryption MORE INFORMATION AT NGINX.COM

  28. Network Network Architectures Architectures MORE INFORMATION AT NGINX.COM

  29. Proxy Model • In bound traffic is managed through a reverse proxy/load balancer • Services are left to themselves to connect to each other. • Often through round-robin DNS MORE INFORMATION AT NGINX.COM

  30. Proxy Model • Focus on internet traffic • A shock absorber for your app • Dynamic connectivity MORE INFORMATION AT NGINX.COM

  31. Router Mesh Model • In-bound routing through reverse proxy • Centralized load balancing through a separate load balancing service • Deis Router work like this. MORE INFORMATION AT NGINX.COM

  32. Circuit Breakers • Active health checks • Retry • Caching MORE INFORMATION AT NGINX.COM

  33. Router Mesh • Robust service discovery • Advanced load balancing • Circuit breaker pattern MORE INFORMATION AT NGINX.COM

  34. Inter-Process Communication • Routing is done at the container level • Services connect to each other as needed • NGINX Plus acts as the forward and reverse proxy for all requests MORE INFORMATION AT NGINX.COM

  35. Normal Process • DNS service discovery • Relies on round robin DNS • Each request creates a new SSL connection which fully implemented is 9 requests MORE INFORMATION AT NGINX.COM

  36. Detail • NGINX Plus runs in each container • Application code talks to NGINX locally • NGINX talks to NGINX • NGINX queries the service registry MORE INFORMATION AT NGINX.COM

  37. Service Discovery • DNS is a clear way to manage service discovery • NGINX Plus Asynchronous Resolver • SRV records allow you to effectively use your resources MORE INFORMATION AT NGINX.COM

  38. Load-balancing • Proper request distribution • Flexibility based on the backing service • Different load-balancing schemes MORE INFORMATION AT NGINX.COM

  39. Persistent SSL Connections • Applications generate thousands of connections • 9 steps in SSL negotiation • Persistent SSL upstream keepalive MORE INFORMATION AT NGINX.COM

  40. Circuit Breaker Plus • Active health checks • Retry • Caching MORE INFORMATION AT NGINX.COM

  41. The solution • Service discovery • Container-based load- balancing • Persistent SSL connections • Circuit-breaker functionality MORE INFORMATION AT NGINX.COM

  42. Issues Issues MORE INFORMATION AT NGINX.COM

  43. Docker 1 Recommendation: 1 service per * container • Keeps docker images simple • Process failure means container failure • Only a recommendation MORE INFORMATION AT NGINX.COM

  44. Complexity • Adding another layer to the stack • Lots of power to give to dev team • Tooling to make the Fabric Model simple to create and deploy MORE INFORMATION AT NGINX.COM

  45. Conclusion Conclusion MORE INFORMATION AT NGINX.COM

Recommend


More recommend