implementing docker load balancing in microservices infrastructure

1 © 2016 Citrix | Confidential

Implementing Docker Load Balancing in MicroservicesInfrastructure

James LeeSolution Architect, Networking ASEAN

[email protected]

AUG, 2016

© 2014 Citrix. Confidential.2 © 2015 Citrix - Confidential© 2015 Citrix - Confidential

Bimodal IT

Mode 1 Mode 2

Sophistication

Infrastructure

Monolithic

Ops DevOps

Application

Containerization

Ease of getting started

On-prem Cloud

© 2014 Citrix. Confidential.3 © 2015 Citrix - Confidential

Apps are Being Broken Down or Repackaged into Containers

• Monolithic apps are broken down into components, Each component itself becomes an app –typically web apps, consumer apps, data bases

• Or, a monolithic app is repackaged as a container

• DevOps teams can focus on each containerized apps for development and scalability

• These containerized apps can seamlessly move from on-prem to the cloud


Docker Simplifies Building, Shipping in Containers Docker enables Mode 2 IT and DevOps

•Provides components and libraries in a single object

•Extensive versioning management capabilities simplifies committing to new version and rolling back to older version of code

•Provides for component reuse allowing developers to build on top of existing container apps

.


Containerized Apps are Deployed from a Few Tens to Tens of Thousands…

Simple Microservices Highly Complex Microservices: Twitter

Call flows can be simple to complex. Note Death Star like pattern in a complex architecture

.


Implement Hub and Spoke for all Microservices Traffic

CPX

Subnet 1 Subnet 3

Subnet 2

CPX

Rate Limit

Surge Queue

•Takes control of call flows through bridging and ACLs to control which apps can

access which apps and rate limiting to protect apps

.


2007 2009 2011 2016

New AppsTraditional IT

Bimodal IT

Mode 1 Mode 2


Packaged as Docker Container

Investment protection• Same code bits container form factor

• Managed like any other NetScaler platform

• Seamless transition from Development to

Production

You Can Deploy In Seconds!

Server

Linux OS

Docker Engine

App

A

bin/libs

App

B

bin/libs

App

C

bin/libs

C

P

Xbin/libs


L4-L7 Functionality

• CPX provides L4-L7 services for containerized apps:

• Content Switching

• Responder

• Redirect

• Rewrite

• TCP Optimization

• SSL Offloading: Equivalent set of ciphers as VPX for front end and back end, including support for ECC and TLS 1.2

• DDoS

• DNS load balancing


Free Docker and DevOps Friendly ADC: CPX Express

• Free, unlicensed, for developer use

• Same “great taste” as CPX without TCP optimization and Layer 7 DDoS

• Limited to 20 Mbps and 250 SSL connections for US export compliance

NetScaler CPX ExpressContainer

• Licensed, for production

• Full layer 4 to 7 feature set, optimization, security

• 1 Gbps, no limits on SSL connections

NetScaler CPX Container


Architect your Microservices with NetScaler CPX and MAS


NetScaler

[ SDX | MPX | VPX |

CPX ]

NetScaler Management

& Analytics System

Any Orchestration System

NetScaler SD-WAN

[ Physical | VPX ]

any datacenter or cloud

Insights & Alerts

Telemetry

Analysis

W W

AA A

DB DB

Application-centric

Configuration

Policy

Network Functions

Instances


Client

Microservices

RegisterLookupDiscovery Service

Service Discovery and DNS Services

Keep track of dynamic changes through APIs that describe changes in app environment


Client

Microservices





CPX

NetScalerMAS

Client

Microservices


Events


MAS interfaces with

service discovery API

and auto-configures

CPX based on

service discovery

events



CPX

NetScalerMAS

Client

Microservices


Events

Call service Choose Service Instance

Dynamic nature of

VIP hosted by CPX is

abstracted from the

client




Unify North-South and East-West Traffic Handling

MPX/SDX/VPX

CPX CPX

NetScalerMAS

North-South

East-West


Config AdviceRecord

and Play

Configuration

Jobs

Configuration Management

Config Audit Duplicating

Configurations


Configuration Advice Demo


Record and Play Demo


Summary

reports and

alerts

Certificate

renewal

workflow

Discovery of

SSL

Certificates

Set and

Enforce

Policy

Proactive

Monitoring

Certificate Management


Certificate Management Demo


System Wide

RBA

Application

Level

Control

Operational

Control

Group Based

Policies

Across All

Infra

Role Based Access Control


Advance RBAC Demo


Logging and Analytics

Log Streaming

App Insights

Security Insights

Advanced

Analytics

HDX GWWeb

AppFw

Log aggregation at-scale (thousands of instances)

Per-transaction visibility, reporting, and and roll-ups.

Identify security threats and assess protection levels

Machine-driven triage: scan for anomalies

System


CUGC Networking SIG• The place to go for everything related to Networking

• Software-defined networking

• Application delivery controllers

• Next-generation security

• Access exclusive content• Discussion forums, blogs, deployment guides, webinars

• Citrix News sessions

• Connect with peers• Online community within the CUGC

• Open to Citrix customers, partners, employees

Join now: https://www.mycugc.org/page/networking-sig

Google: CUGC Networking SIG

https://www.mycugc.org/page/networking-sig


https://community.spiceworks.com/pages/citrixsystems?tab=18384

Vendor page

3800+ Followers

15th of 254 Vendors

Forum postings

Links to content

Product reviews with contest

Link to events

Links to guides

Spiceworks Community

https://community.spiceworks.com/pages/citrixsystems?tab=18384


Stack Overflow Community

Proposal in process

Technical forumsProduct selection

Product discussions

Ads on tagged discussions link to NetScaler content

Work better. Live better.

implementing docker load balancing in microservices infrastructure

Technology