building a secure performant network fabric for
play

Building a Secure, Performant Network Fabric for Microservice - PowerPoint PPT Presentation

Dec 14, 2022 •315 likes •774 views

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM Agenda Agenda A little NGINX History The

  1. Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

  2. Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM

  3. Agenda Agenda • A little NGINX History • The Big Shift • The Networking Problem • Service Discovery • Load Balancing • Secure & Fast Intercommunication • Architectures • Issues MORE INFORMATION AT NGINX.COM

  4. NGINX History and NGINX History and Products Products MORE INFORMATION AT NGINX.COM

  5. • First team to crack C10K • OSS NGINX released in 2004 • Company founded in 2011 • Launched product late 2013 • 3x bookings growth last year Igor Sysoev, NGINX creator and founder MORE INFORMATION AT NGINX.COM

  6. NGINX, Inc. Con fi dential Information 6

  7. 170+ 170+ million million total sites running on NGINX Source: 7 http://news.netcraft.com/archives/category/web-server-survey/

  8. 50% of the Top 10,000 most visited websites Source: W3Techs Web Technology Survey 8

  9. 750+ 750+ Commercial Customers on NGINX Plus 9

  10. Web Server High Performance Webserver MORE INFORMATION AT NGINX.COM 10

  11. Monitoring & Load Balancer Content Cache Web Server Security Controls Management Flawless Application Delivery for the Modern Web MORE INFORMATION AT NGINX.COM 11

  12. Small Small Binary is 1.2 MBs 12

  13. Fast Fast 100,000’s of connections/sec 13

  14. Reliable Reliable Stablest part of the stack. 14

  15. The Big Shift The Big Shift MORE INFORMATION AT NGINX.COM

  16. Architectural Changes: Monolith to Microservices MORE INFORMATION AT NGINX.COM

  17. Architectural Changes: Monolith to Microservices MORE INFORMATION AT NGINX.COM

  18. An Anecdote An Anecdote MORE INFORMATION AT NGINX.COM

  19. The tight loop problem • Rest calls • 1000’s of requests • Looped data MORE INFORMATION AT NGINX.COM

  20. Mitigation • Group requests • Cache data • Optimize the network MORE INFORMATION AT NGINX.COM

  21. NGINX NGINX Microservices Microservices MORE INFORMATION AT NGINX.COM

  22. Microservices Reference Architecture • Docker containers • Polyglot services • 12-Factor App(-esque) design MORE INFORMATION AT NGINX.COM

  23. The Networking The Networking Problem Problem MORE INFORMATION AT NGINX.COM

  24. Service Discovery • Services needs to know where other services are • Service registries work in many different ways • Register and read service information MORE INFORMATION AT NGINX.COM

  25. Load-balancing • High Quality Load Balancing • Developer Configurable MORE INFORMATION AT NGINX.COM

  26. Secure & Fast Communication • Encryption at the transmission layer is becoming standard • SSL communication is slow • Encryption is CPU intensive MORE INFORMATION AT NGINX.COM

  27. Solution • Service discovery • Robust load balancing • Fast encryption MORE INFORMATION AT NGINX.COM

  28. Network Network Architectures Architectures MORE INFORMATION AT NGINX.COM

  29. Proxy Model • In bound traffic is managed through a reverse proxy/load balancer • Services are left to themselves to connect to each other. • Often through round-robin DNS MORE INFORMATION AT NGINX.COM

  30. Proxy Model • Focus on internet traffic • A shock absorber for your app • Dynamic connectivity MORE INFORMATION AT NGINX.COM

  31. Router Mesh Model • In-bound routing through reverse proxy • Centralized load balancing through a separate load balancing service • Deis Router work like this. MORE INFORMATION AT NGINX.COM

  32. Circuit Breakers • Active health checks • Retry • Caching MORE INFORMATION AT NGINX.COM

  33. Router Mesh • Robust service discovery • Advanced load balancing • Circuit breaker pattern MORE INFORMATION AT NGINX.COM

  34. Inter-Process Communication • Routing is done at the container level • Services connect to each other as needed • NGINX Plus acts as the forward and reverse proxy for all requests MORE INFORMATION AT NGINX.COM

  35. Normal Process • DNS service discovery • Relies on round robin DNS • Each request creates a new SSL connection which fully implemented is 9 requests MORE INFORMATION AT NGINX.COM

  36. Detail • NGINX Plus runs in each container • Application code talks to NGINX locally • NGINX talks to NGINX • NGINX queries the service registry MORE INFORMATION AT NGINX.COM

  37. Service Discovery • DNS is a clear way to manage service discovery • NGINX Plus Asynchronous Resolver • SRV records allow you to effectively use your resources MORE INFORMATION AT NGINX.COM

  38. Load-balancing • Proper request distribution • Flexibility based on the backing service • Different load-balancing schemes MORE INFORMATION AT NGINX.COM

  39. Persistent SSL Connections • Applications generate thousands of connections • 9 steps in SSL negotiation • Persistent SSL upstream keepalive MORE INFORMATION AT NGINX.COM

  40. Circuit Breaker Plus • Active health checks • Retry • Caching MORE INFORMATION AT NGINX.COM

  41. The solution • Service discovery • Container-based load- balancing • Persistent SSL connections • Circuit-breaker functionality MORE INFORMATION AT NGINX.COM

  42. Issues Issues MORE INFORMATION AT NGINX.COM

  43. Docker 1 Recommendation: 1 service per * container • Keeps docker images simple • Process failure means container failure • Only a recommendation MORE INFORMATION AT NGINX.COM

  44. Complexity • Adding another layer to the stack • Lots of power to give to dev team • Tooling to make the Fabric Model simple to create and deploy MORE INFORMATION AT NGINX.COM

  45. Conclusion Conclusion MORE INFORMATION AT NGINX.COM

Recommend

Kaizen: Building a Performant Blockchain System Verified for Consensus and Integrity Faria Kalim

Kaizen: Building a Performant Blockchain System Verified for Consensus and Integrity Faria Kalim

Kaizen: Building a Performant Blockchain System Verified for Consensus and Integrity Faria Kalim , Karl Palmskog , Jayasi Mehar , Adithya Murali , P. Madhusudan and Indranil Gupta University of Illinois at

423 views • 21 slides
IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh

IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh

IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh 802.1X networks Leonardo Maccari - maccari@lenst.det.unifi.it Romani Fantacci - fantacci@lenst.det.unifi.it Tommaso Pecorella -

714 views • 19 slides
GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving application FOSDEM20 Martin Schanzenbach 2/2/2020 The Internet is under attack The Internet HTTP, Facebook, Google, Libra ... DNS / X.509 TCP /

631 views • 34 slides
02/22/12 Building a Secure World Through International Education The Matariki Network of

02/22/12 Building a Secure World Through International Education The Matariki Network of

2012 Conference The Matariki Network of Universities A small but beautiful view of partnering for a better world 02/22/12 Building a Secure World Through International Education The Matariki Network of Universities A small but

666 views • 39 slides
Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective measurement Dr Allan De Boos Australian Wool Innovation Lecture in tw o parts Part 1 Fabric quality Can it be measured? Fabric

629 views • 26 slides
CS 6453 Network Fabric Presented by Ayush Dubey Based on: 1. Jupiter Rising: A Decade of Clos

CS 6453 Network Fabric Presented by Ayush Dubey Based on: 1. Jupiter Rising: A Decade of Clos

CS 6453 Network Fabric Presented by Ayush Dubey Based on: 1. Jupiter Rising: A Decade of Clos Topologies and Centralized Control in Googles Datacenter Network. Singh et al. SIGCOMM15. 2. Network Traffic Characteristics of Data Centers in

905 views • 57 slides
Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser advised by Max Helm, Patrick Sattler Monday 8

602 views • 11 slides
Performant Multiplatform Kotlin Serialization Eric Cochran KotlinConf October 5, 2018 Performant

Performant Multiplatform Kotlin Serialization Eric Cochran KotlinConf October 5, 2018 Performant

Performant Multiplatform Kotlin Serialization Eric Cochran KotlinConf October 5, 2018 Performant Multiplatform Kotlin Serialization 0.8 Why? Get Started buildscript { repositories { maven { url 'https://kotlin.bintray.com/kotlinx' } }

758 views • 38 slides
Ivory Dogfish Starfish Fabric Manipulation: Representing the structure the cell research Emily

Ivory Dogfish Starfish Fabric Manipulation: Representing the structure the cell research Emily

Cutting into fabric Building up layers Protective quality- SKIN, animals scales Ivory Dogfish Starfish Fabric Manipulation: Representing the structure the cell research Emily Sladen Colette Wolff raw, textured, metallic, burnished,

280 views • 6 slides
Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective measurement Dr Allan De Boos Australian Wool Innovation W hat is this talk all about? Fabric quality. The role of finishing in

466 views • 27 slides
THE EDGE AI FABRIC COMPANY J U L Y 1 6 , 2 0 1 8 Poi ntR Data I nc. 181 2 nd St. San Franci

THE EDGE AI FABRIC COMPANY J U L Y 1 6 , 2 0 1 8 Poi ntR Data I nc. 181 2 nd St. San Franci

THE EDGE AI FABRIC COMPANY J U L Y 1 6 , 2 0 1 8 Poi ntR Data I nc. 181 2 nd St. San Franci sco, CA 94105 POINTR EDGE AI FABRIC FOR APPLIED AI AI is a competitive differentiator Edge AI fabric integrates sensors and cameras in a mesh

150 views • 14 slides
MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. NGHP ORM Town

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. NGHP ORM Town

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. NGHP ORM Town Hall Presentation January 18, 2018 Presentation Goals Provide the CRC stakeholder community with a clear understanding of who Performant is, and

801 views • 14 slides
OpenSoC Fabric An open source, parameterized, CoDEx CoD Ex network generation tool Farzad

OpenSoC Fabric An open source, parameterized, CoDEx CoD Ex network generation tool Farzad

OpenSoC Fabric An open source, parameterized, CoDEx CoD Ex network generation tool Farzad Fatollahi-Fard, Dave Donofrio, George Michelogiannakis, John Shalf 8th International Symposium on Networks-on-Chip (NOCS) September 17-19, 2014. Ferrara,

1.1k views • 83 slides
MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. GHP Town Hall

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. GHP Town Hall

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. GHP Town Hall Presentation January 17, 2018 Presentation Goals Provide the CRC stakeholder community with a clear understanding of who Performant is, and its

506 views • 14 slides
Dynamic Network Fabric for NFV Mario A. Snchez , Joon-Myung Kang, Ying Zhang Research

Dynamic Network Fabric for NFV Mario A. Snchez , Joon-Myung Kang, Ying Zhang Research

Dynamic Network Fabric for NFV Mario A. Snchez , Joon-Myung Kang, Ying Zhang Research Scientist, Networking, IoT and Mobility Lab Overlay Virtual Network Fabrics Overlay virtual network fabrics are essential in the evolution and deployment

331 views • 15 slides
The Network Layer Forwarding Tables and Switching Fabric Smith College, CSC 249 February

The Network Layer Forwarding Tables and Switching Fabric Smith College, CSC 249 February

The Network Layer Forwarding Tables and Switching Fabric Smith College, CSC 249 February 27, 2018 1 Network Layer Overview q Network layer services Desired services and tasks v Actual services and tasks v q Forwarding versus routing

336 views • 22 slides
Polo: Receiver-Driven Congestion Control for Low Latency over Commodity Network Fabric Chang Ruan

Polo: Receiver-Driven Congestion Control for Low Latency over Commodity Network Fabric Chang Ruan

Central South University Polo: Receiver-Driven Congestion Control for Low Latency over Commodity Network Fabric Chang Ruan , Jianxin Wang, Wanchun Jiang, Tao Zhang Outline Introduction Motivation Design Evaluation INTRODUCATION

191 views • 17 slides
Secure Communications 1. The network employs the IMBE (Improved Multi-Band Excitation),voice

Secure Communications 1. The network employs the IMBE (Improved Multi-Band Excitation),voice

A Uni Unique que an and Po Powerful werful Com ommunications munications Sys ystem tem NETWORK INNOVATIONS SATELLITE RADIO/TELEPHONE ( FORMERLY SKYTERRA, MSV, LIGHT SQUARED ) Secure Communications 1. The network employs the IMBE

910 views • 54 slides
The first institutional-grade global network for digital securities Based on Hyperledger Fabric,

The first institutional-grade global network for digital securities Based on Hyperledger Fabric,

The Blockchain of Ownership The first institutional-grade global network for digital securities Based on Hyperledger Fabric, aimed at institutional financial entities, assets and investors Within 10 years, digital securities will be the standard.

565 views • 31 slides
Paris COLLECTION 40mmx87mmx74mm Description fixed in base fixed in base covered fabric raised

Paris COLLECTION 40mmx87mmx74mm Description fixed in base fixed in base covered fabric raised

Description WITH RIBBON LIFT fixed in base covered fabric FOAM PADDED insert soft roll * BIJ004 bangle case 100mmx100mmx30mm covered fabric LIFT OUT PAD * BIJ003 square flap earring case slit to hold chain covered fabric Internal

228 views • 12 slides
Paris COLLECTION 40mmx87mmx74mm Description fixed in base fixed in base covered fabric raised

Paris COLLECTION 40mmx87mmx74mm Description fixed in base fixed in base covered fabric raised

Description WITH RIBBON LIFT fixed in base covered fabric FOAM PADDED insert soft roll * BIJ004 bangle case 100mmx100mmx30mm covered fabric LIFT OUT PAD * BIJ003 square flap earring case slit to hold chain covered fabric Internal

433 views • 9 slides
WELCOME! Building a Food Systems Network for Niagara April 20, 2017 People working in

WELCOME! Building a Food Systems Network for Niagara April 20, 2017 People working in

WELCOME! Building a Food Systems Network for Niagara April 20, 2017 People working in Niagaras food continuum developing Shared understanding Common language Description of how a healthy, secure, sustainable food landscape

1.15k views • 69 slides
OpenSoC Fabric An On-Chip Network Generator Farzad Fatollahi-Fard , Dave Donofrio, George

OpenSoC Fabric An On-Chip Network Generator Farzad Fatollahi-Fard , Dave Donofrio, George

OpenSoC Fabric An On-Chip Network Generator Farzad Fatollahi-Fard , Dave Donofrio, George Michelogiannakis, John Shalf 2016 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS-2016) April17-19, 2016. Uppsala,

648 views • 32 slides
FPGA fabric is eating the world The rise of the custom computing machines From the eyes of Steve

FPGA fabric is eating the world The rise of the custom computing machines From the eyes of Steve

FPGA fabric is eating the world The rise of the custom computing machines From the eyes of Steve Casselman What is the FABRIC? Fabric is the sum of all the hardware in a computing system In the beginning the Fabric was simple; an ALU and

872 views • 37 slides

More recommend