building a secure, performant network fabric for microservice applications
TRANSCRIPT
![Page 1: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/1.jpg)
Building a Secure,
Performant Network Fabric
for Microservice
Applications
Paris, September 14th, 2017
Leif Beaton – Solutions Architect
![Page 2: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/2.jpg)
MORE INFORMATION AT NGINX.COM
Agenda
• The Big Shift
• The Networking Problem• Service Discovery
• Load Balancing
• Secure & Fast Intercommunication
• Architectures
• Issues
![Page 3: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/3.jpg)
The Big Shift
1
![Page 4: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/4.jpg)
MORE INFORMATION AT
NGINX.COM
Architectural
Changes:
Monolith to
Microservices
![Page 5: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/5.jpg)
MORE INFORMATION AT
NGINX.COM
Architectural
Changes:
Monolith to
Microservices
![Page 6: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/6.jpg)
MORE INFORMATION AT
NGINX.COM
NGINX Microservices
![Page 7: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/7.jpg)
MORE INFORMATION AT
NGINX.COM
The Networking
Problem
![Page 8: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/8.jpg)
MORE INFORMATION AT
NGINX.COM
Service
Discovery
• Services needs to know
where other services are
• Service registries work in
many different ways
• Register and read service
information
![Page 9: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/9.jpg)
MORE INFORMATION AT
NGINX.COM
Load-balancing
• High Quality Load
Balancing
• Developer Configurable
![Page 10: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/10.jpg)
MORE INFORMATION AT
NGINX.COM
Secure & Fast
Communication
• Encryption at the
transmission layer is
becoming standard
• SSL communication is
slow
• Encryption is CPU
intensive
![Page 11: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/11.jpg)
MORE INFORMATION AT
NGINX.COM
Solution
• Service discovery
• Robust load balancing
• Fast encryption
![Page 12: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/12.jpg)
MORE INFORMATION AT
NGINX.COM
Network
Architectures
![Page 13: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/13.jpg)
MORE INFORMATION AT
NGINX.COM
Proxy Model
• In bound traffic is
managed through a
reverse proxy/load
balancer
• Services are left to
themselves to connect to
each other.
• Often through round-robin
DNS
![Page 14: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/14.jpg)
MORE INFORMATION AT
NGINX.COM
Router Mesh
Model
• In-bound routing through
reverse proxy
• Centralized load
balancing through a
separate load balancing
service
![Page 15: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/15.jpg)
MORE INFORMATION AT
NGINX.COM
Inter-Process
Communication
• Routing is done at the
container level
• Services connect to each
other as needed
• NGINX Plus acts as the
forward and reverse
proxy for all requests
![Page 16: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/16.jpg)
MORE INFORMATION AT
NGINX.COM
Normal Process
• DNS service discovery
• Relies on round robin
DNS
• Each request creates a
new SSL connection
which fully implemented
is 9 requests
![Page 17: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/17.jpg)
MORE INFORMATION AT
NGINX.COM
Detail
• NGINX Plus runs in each
container
• Application code talks to
NGINX locally
• NGINX talks to NGINX
• NGINX queries the
service registry
![Page 18: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/18.jpg)
MORE INFORMATION AT
NGINX.COM
Service
Discovery
• DNS is a clear way to
manage service discovery
• NGINX Plus
Asynchronous Resolver
• SRV records allow you to
effectively use your
resources
![Page 19: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/19.jpg)
MORE INFORMATION AT
NGINX.COM
Load-balancing
• Proper request
distribution
• Flexibility based on the
backing service
• Different load-balancing
schemes
![Page 20: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/20.jpg)
MORE INFORMATION AT
NGINX.COM
Persistent SSL
Connections
• Applications generate
thousands of connections
• 9 steps in SSL
negotiation
• Persistent SSL upstream
keepalive
![Page 21: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/21.jpg)
MORE INFORMATION AT
NGINX.COM
Circuit Breaker
Plus
• Active health checks
• Retry
• Caching
![Page 22: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/22.jpg)
MORE INFORMATION AT
NGINX.COM
The solution
• Service discovery
• Container-based load-
balancing
• Persistent SSL
connections
• Circuit-breaker
functionality
• Status data on both sides
of the equation
![Page 23: Building a Secure, Performant Network Fabric for Microservice Applications](https://reader031.vdocuments.site/reader031/viewer/2022022415/5a6d4d9c7f8b9ab3418b6889/html5/thumbnails/23.jpg)
Merci Beaucoup!
23