building a secure, performant network fabric for ... a secure, performant network fabric for...
TRANSCRIPT
![Page 1: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/1.jpg)
Building a Secure, Performant Network Fabric for Microservice Applications
August 24, 2016
![Page 2: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/2.jpg)
MORE INFORMATION AT NGINX.COM
Christopher Stetson
Chief Architect,
Professional Services NGINX
![Page 3: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/3.jpg)
MORE INFORMATION AT NGINX.COM
Agenda
• A little NGINX History • The Big Shift • The Networking Problem
• Service Discovery • Load Balancing • Secure & Fast Intercommunication
• Architectures • Issues
![Page 4: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/4.jpg)
MORE INFORMATION AT NGINX.COM
NGINX History and Products
![Page 5: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/5.jpg)
MORE INFORMATION AT NGINX.COM
• First team to crack C10K • OSS NGINX released in 2004 • Company founded in 2011 • Launched product late 2013 • 3x bookings growth last year
Igor Sysoev, NGINX creator and founder
![Page 6: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/6.jpg)
NGINX, Inc. Confidential Information 6
![Page 7: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/7.jpg)
170+ million total sites
running on NGINX
7 Source: http://news.netcraft.com/archives/category/web-server-survey/
![Page 8: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/8.jpg)
50% of the Top 10,000
most visited websites
8 Source: W3Techs Web Technology Survey
![Page 9: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/9.jpg)
750+ Commercial Customers
on NGINX Plus
9
![Page 10: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/10.jpg)
MORE INFORMATION AT NGINX.COM
High Performance Webserver
10
Web Server
![Page 11: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/11.jpg)
MORE INFORMATION AT NGINX.COM
Flawless Application Delivery for the Modern Web
11
Load Balancer Monitoring & Management
Web Server Content Cache Security Controls
![Page 12: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/12.jpg)
Small Binary is 1.2 MBs
12
![Page 13: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/13.jpg)
Fast 100,000’s of connections/sec
13
![Page 14: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/14.jpg)
Reliable Stablest part of the stack.
14
![Page 15: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/15.jpg)
MORE INFORMATION AT NGINX.COM
The Big Shift
![Page 16: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/16.jpg)
MORE INFORMATION AT NGINX.COM
Architectural Changes: Monolith to Microservices
![Page 17: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/17.jpg)
MORE INFORMATION AT NGINX.COM
Architectural Changes: Monolith to Microservices
![Page 18: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/18.jpg)
MORE INFORMATION AT NGINX.COM
An Anecdote
![Page 19: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/19.jpg)
MORE INFORMATION AT NGINX.COM
The tight loop problem • Rest calls • 1000’s of requests • Looped data
![Page 20: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/20.jpg)
MORE INFORMATION AT NGINX.COM
Mitigation • Group requests • Cache data • Optimize the network
![Page 21: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/21.jpg)
MORE INFORMATION AT NGINX.COM
NGINX Microservices
![Page 22: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/22.jpg)
MORE INFORMATION AT NGINX.COM
Microservices Reference Architecture • Docker containers • Polyglot services • 12-Factor App(-esque)
design
![Page 23: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/23.jpg)
MORE INFORMATION AT NGINX.COM
The Networking Problem
![Page 24: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/24.jpg)
MORE INFORMATION AT NGINX.COM
Service Discovery • Services needs to know
where other services are • Service registries work in
many different ways • Register and read service
information
![Page 25: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/25.jpg)
MORE INFORMATION AT NGINX.COM
Load-balancing
• High Quality Load Balancing
• Developer Configurable
![Page 26: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/26.jpg)
MORE INFORMATION AT NGINX.COM
Secure & Fast Communication • Encryption at the
transmission layer is becoming standard
• SSL communication is slow
• Encryption is CPU intensive
![Page 27: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/27.jpg)
MORE INFORMATION AT NGINX.COM
Solution • Service discovery • Robust load balancing • Fast encryption
![Page 28: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/28.jpg)
MORE INFORMATION AT NGINX.COM
Network Architectures
![Page 29: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/29.jpg)
MORE INFORMATION AT NGINX.COM
Proxy Model • In bound traffic is
managed through a reverse proxy/load balancer
• Services are left to themselves to connect to each other.
• Often through round-robin DNS
![Page 30: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/30.jpg)
MORE INFORMATION AT NGINX.COM
Proxy Model • Focus on internet traffic • A shock absorber for your app • Dynamic connectivity
![Page 31: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/31.jpg)
MORE INFORMATION AT NGINX.COM
Router Mesh Model • In-bound routing through
reverse proxy • Centralized load
balancing through a separate load balancing service
• Deis Router work like this.
![Page 32: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/32.jpg)
MORE INFORMATION AT NGINX.COM
Circuit Breakers • Active health checks • Retry • Caching
![Page 33: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/33.jpg)
MORE INFORMATION AT NGINX.COM
Router Mesh • Robust service discovery • Advanced load balancing • Circuit breaker pattern
![Page 34: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/34.jpg)
MORE INFORMATION AT NGINX.COM
Inter-Process Communication • Routing is done at the
container level • Services connect to each
other as needed • NGINX Plus acts as the
forward and reverse proxy for all requests
![Page 35: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/35.jpg)
MORE INFORMATION AT NGINX.COM
Normal Process • DNS service discovery • Relies on round robin
DNS • Each request creates a
new SSL connection which fully implemented is 9 requests
![Page 36: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/36.jpg)
MORE INFORMATION AT NGINX.COM
Detail • NGINX Plus runs in each
container • Application code talks to
NGINX locally • NGINX talks to NGINX • NGINX queries the
service registry
![Page 37: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/37.jpg)
MORE INFORMATION AT NGINX.COM
Service Discovery • DNS is a clear way to
manage service discovery • NGINX Plus
Asynchronous Resolver • SRV records allow you to
effectively use your resources
![Page 38: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/38.jpg)
MORE INFORMATION AT NGINX.COM
Load-balancing • Proper request
distribution • Flexibility based on the
backing service • Different load-balancing
schemes
![Page 39: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/39.jpg)
MORE INFORMATION AT NGINX.COM
Persistent SSL Connections • Applications generate
thousands of connections • 9 steps in SSL
negotiation • Persistent SSL upstream
keepalive
![Page 40: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/40.jpg)
MORE INFORMATION AT NGINX.COM
Circuit Breaker Plus • Active health checks • Retry • Caching
![Page 41: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/41.jpg)
MORE INFORMATION AT NGINX.COM
The solution • Service discovery • Container-based load-
balancing • Persistent SSL
connections • Circuit-breaker
functionality
![Page 42: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/42.jpg)
MORE INFORMATION AT NGINX.COM
Issues
![Page 43: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/43.jpg)
MORE INFORMATION AT NGINX.COM
Docker Recommendation: 1 service per container • Keeps docker images
simple • Process failure means
container failure • Only a recommendation
1 *
![Page 44: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/44.jpg)
MORE INFORMATION AT NGINX.COM
Complexity • Adding another layer to
the stack • Lots of power to give to
dev team • Tooling to make the
Fabric Model simple to create and deploy
![Page 45: Building a Secure, Performant Network Fabric for ... a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 MORE INFORMATION AT NGINX.COM Christopher Stetson](https://reader030.vdocuments.site/reader030/viewer/2022021515/5b1bc1f67f8b9a19258f120e/html5/thumbnails/45.jpg)
MORE INFORMATION AT NGINX.COM
Conclusion