building a secure performant network fabric for
play

Building a Secure, Performant Network Fabric for Microservice - PowerPoint PPT Presentation

Dec 14, 2022 •315 likes •774 views

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM Agenda Agenda A little NGINX History The

  1. Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

  2. Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM

  3. Agenda Agenda • A little NGINX History • The Big Shift • The Networking Problem • Service Discovery • Load Balancing • Secure & Fast Intercommunication • Architectures • Issues MORE INFORMATION AT NGINX.COM

  4. NGINX History and NGINX History and Products Products MORE INFORMATION AT NGINX.COM

  5. • First team to crack C10K • OSS NGINX released in 2004 • Company founded in 2011 • Launched product late 2013 • 3x bookings growth last year Igor Sysoev, NGINX creator and founder MORE INFORMATION AT NGINX.COM

  6. NGINX, Inc. Con fi dential Information 6

  7. 170+ 170+ million million total sites running on NGINX Source: 7 http://news.netcraft.com/archives/category/web-server-survey/

  8. 50% of the Top 10,000 most visited websites Source: W3Techs Web Technology Survey 8

  9. 750+ 750+ Commercial Customers on NGINX Plus 9

  10. Web Server High Performance Webserver MORE INFORMATION AT NGINX.COM 10

  11. Monitoring & Load Balancer Content Cache Web Server Security Controls Management Flawless Application Delivery for the Modern Web MORE INFORMATION AT NGINX.COM 11

  12. Small Small Binary is 1.2 MBs 12

  13. Fast Fast 100,000’s of connections/sec 13

  14. Reliable Reliable Stablest part of the stack. 14

  15. The Big Shift The Big Shift MORE INFORMATION AT NGINX.COM

  16. Architectural Changes: Monolith to Microservices MORE INFORMATION AT NGINX.COM

  17. Architectural Changes: Monolith to Microservices MORE INFORMATION AT NGINX.COM

  18. An Anecdote An Anecdote MORE INFORMATION AT NGINX.COM

  19. The tight loop problem • Rest calls • 1000’s of requests • Looped data MORE INFORMATION AT NGINX.COM

  20. Mitigation • Group requests • Cache data • Optimize the network MORE INFORMATION AT NGINX.COM

  21. NGINX NGINX Microservices Microservices MORE INFORMATION AT NGINX.COM

  22. Microservices Reference Architecture • Docker containers • Polyglot services • 12-Factor App(-esque) design MORE INFORMATION AT NGINX.COM

  23. The Networking The Networking Problem Problem MORE INFORMATION AT NGINX.COM

  24. Service Discovery • Services needs to know where other services are • Service registries work in many different ways • Register and read service information MORE INFORMATION AT NGINX.COM

  25. Load-balancing • High Quality Load Balancing • Developer Configurable MORE INFORMATION AT NGINX.COM

  26. Secure & Fast Communication • Encryption at the transmission layer is becoming standard • SSL communication is slow • Encryption is CPU intensive MORE INFORMATION AT NGINX.COM

  27. Solution • Service discovery • Robust load balancing • Fast encryption MORE INFORMATION AT NGINX.COM

  28. Network Network Architectures Architectures MORE INFORMATION AT NGINX.COM

  29. Proxy Model • In bound traffic is managed through a reverse proxy/load balancer • Services are left to themselves to connect to each other. • Often through round-robin DNS MORE INFORMATION AT NGINX.COM

  30. Proxy Model • Focus on internet traffic • A shock absorber for your app • Dynamic connectivity MORE INFORMATION AT NGINX.COM

  31. Router Mesh Model • In-bound routing through reverse proxy • Centralized load balancing through a separate load balancing service • Deis Router work like this. MORE INFORMATION AT NGINX.COM

  32. Circuit Breakers • Active health checks • Retry • Caching MORE INFORMATION AT NGINX.COM

  33. Router Mesh • Robust service discovery • Advanced load balancing • Circuit breaker pattern MORE INFORMATION AT NGINX.COM

  34. Inter-Process Communication • Routing is done at the container level • Services connect to each other as needed • NGINX Plus acts as the forward and reverse proxy for all requests MORE INFORMATION AT NGINX.COM

  35. Normal Process • DNS service discovery • Relies on round robin DNS • Each request creates a new SSL connection which fully implemented is 9 requests MORE INFORMATION AT NGINX.COM

  36. Detail • NGINX Plus runs in each container • Application code talks to NGINX locally • NGINX talks to NGINX • NGINX queries the service registry MORE INFORMATION AT NGINX.COM

  37. Service Discovery • DNS is a clear way to manage service discovery • NGINX Plus Asynchronous Resolver • SRV records allow you to effectively use your resources MORE INFORMATION AT NGINX.COM

  38. Load-balancing • Proper request distribution • Flexibility based on the backing service • Different load-balancing schemes MORE INFORMATION AT NGINX.COM

  39. Persistent SSL Connections • Applications generate thousands of connections • 9 steps in SSL negotiation • Persistent SSL upstream keepalive MORE INFORMATION AT NGINX.COM

  40. Circuit Breaker Plus • Active health checks • Retry • Caching MORE INFORMATION AT NGINX.COM

  41. The solution • Service discovery • Container-based load- balancing • Persistent SSL connections • Circuit-breaker functionality MORE INFORMATION AT NGINX.COM

  42. Issues Issues MORE INFORMATION AT NGINX.COM

  43. Docker 1 Recommendation: 1 service per * container • Keeps docker images simple • Process failure means container failure • Only a recommendation MORE INFORMATION AT NGINX.COM

  44. Complexity • Adding another layer to the stack • Lots of power to give to dev team • Tooling to make the Fabric Model simple to create and deploy MORE INFORMATION AT NGINX.COM

  45. Conclusion Conclusion MORE INFORMATION AT NGINX.COM

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Kaizen: Building a Performant Blockchain System Verified for Consensus and Integrity Faria Kalim

Kaizen: Building a Performant Blockchain System Verified for Consensus and Integrity Faria Kalim

Kaizen: Building a Performant Blockchain System Verified for Consensus and Integrity Faria Kalim , Karl Palmskog , Jayasi Mehar , Adithya Murali , P. Madhusudan and Indranil Gupta University of Illinois at

423 views • 21 slides
IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh

IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh

IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh 802.1X networks Leonardo Maccari - maccari@lenst.det.unifi.it Romani Fantacci - fantacci@lenst.det.unifi.it Tommaso Pecorella -

714 views • 19 slides
GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving application FOSDEM20 Martin Schanzenbach 2/2/2020 The Internet is under attack The Internet HTTP, Facebook, Google, Libra ... DNS / X.509 TCP /

631 views • 34 slides
02/22/12 Building a Secure World Through International Education The Matariki Network of

02/22/12 Building a Secure World Through International Education The Matariki Network of

2012 Conference The Matariki Network of Universities A small but beautiful view of partnering for a better world 02/22/12 Building a Secure World Through International Education The Matariki Network of Universities A small but

666 views • 39 slides
Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective measurement Dr Allan De Boos Australian Wool Innovation Lecture in tw o parts Part 1 Fabric quality Can it be measured? Fabric

629 views • 26 slides
CS 6453 Network Fabric Presented by Ayush Dubey Based on: 1. Jupiter Rising: A Decade of Clos

CS 6453 Network Fabric Presented by Ayush Dubey Based on: 1. Jupiter Rising: A Decade of Clos

CS 6453 Network Fabric Presented by Ayush Dubey Based on: 1. Jupiter Rising: A Decade of Clos Topologies and Centralized Control in Googles Datacenter Network. Singh et al. SIGCOMM15. 2. Network Traffic Characteristics of Data Centers in

905 views • 57 slides
Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser advised by Max Helm, Patrick Sattler Monday 8

602 views • 11 slides
Performant Multiplatform Kotlin Serialization Eric Cochran KotlinConf October 5, 2018 Performant

Performant Multiplatform Kotlin Serialization Eric Cochran KotlinConf October 5, 2018 Performant

Performant Multiplatform Kotlin Serialization Eric Cochran KotlinConf October 5, 2018 Performant Multiplatform Kotlin Serialization 0.8 Why? Get Started buildscript { repositories { maven { url 'https://kotlin.bintray.com/kotlinx' } }

758 views • 38 slides
Ivory Dogfish Starfish Fabric Manipulation: Representing the structure the cell research Emily

Ivory Dogfish Starfish Fabric Manipulation: Representing the structure the cell research Emily

Cutting into fabric Building up layers Protective quality- SKIN, animals scales Ivory Dogfish Starfish Fabric Manipulation: Representing the structure the cell research Emily Sladen Colette Wolff raw, textured, metallic, burnished,

280 views • 6 slides
Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective

Optimising fabric quality, finishing processes and machinery through the use of fabric objective measurement Dr Allan De Boos Australian Wool Innovation W hat is this talk all about? Fabric quality. The role of finishing in

466 views • 27 slides
THE EDGE AI FABRIC COMPANY J U L Y 1 6 , 2 0 1 8 Poi ntR Data I nc. 181 2 nd St. San Franci

THE EDGE AI FABRIC COMPANY J U L Y 1 6 , 2 0 1 8 Poi ntR Data I nc. 181 2 nd St. San Franci

THE EDGE AI FABRIC COMPANY J U L Y 1 6 , 2 0 1 8 Poi ntR Data I nc. 181 2 nd St. San Franci sco, CA 94105 POINTR EDGE AI FABRIC FOR APPLIED AI AI is a competitive differentiator Edge AI fabric integrates sensors and cameras in a mesh

150 views • 14 slides
MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. NGHP ORM Town

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. NGHP ORM Town

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. NGHP ORM Town Hall Presentation January 18, 2018 Presentation Goals Provide the CRC stakeholder community with a clear understanding of who Performant is, and

801 views • 14 slides
OpenSoC Fabric An open source, parameterized, CoDEx CoD Ex network generation tool Farzad

OpenSoC Fabric An open source, parameterized, CoDEx CoD Ex network generation tool Farzad

OpenSoC Fabric An open source, parameterized, CoDEx CoD Ex network generation tool Farzad Fatollahi-Fard, Dave Donofrio, George Michelogiannakis, John Shalf 8th International Symposium on Networks-on-Chip (NOCS) September 17-19, 2014. Ferrara,

1.1k views • 83 slides
MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. GHP Town Hall

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. GHP Town Hall

MSP Commercial Repayment Center Contractor Transition Performant Recovery, Inc. GHP Town Hall Presentation January 17, 2018 Presentation Goals Provide the CRC stakeholder community with a clear understanding of who Performant is, and its

505 views • 14 slides
Dynamic Network Fabric for NFV Mario A. Snchez , Joon-Myung Kang, Ying Zhang Research

Dynamic Network Fabric for NFV Mario A. Snchez , Joon-Myung Kang, Ying Zhang Research

Dynamic Network Fabric for NFV Mario A. Snchez , Joon-Myung Kang, Ying Zhang Research Scientist, Networking, IoT and Mobility Lab Overlay Virtual Network Fabrics Overlay virtual network fabrics are essential in the evolution and deployment

331 views • 15 slides
The Network Layer Forwarding Tables and Switching Fabric Smith College, CSC 249 February

The Network Layer Forwarding Tables and Switching Fabric Smith College, CSC 249 February

The Network Layer Forwarding Tables and Switching Fabric Smith College, CSC 249 February 27, 2018 1 Network Layer Overview q Network layer services Desired services and tasks v Actual services and tasks v q Forwarding versus routing

336 views • 22 slides
Handling Imperfections in Energy Disaggregation Authors: Angshul Majumdar, Megha

Handling Imperfections in Energy Disaggregation Authors: Angshul Majumdar, Megha

Handling Imperfections in Energy Disaggregation Authors: Angshul Majumdar, Megha Gupta Presenter: Manoj Gula7 Spikes or Surges Short-term increases in the electrical supply

473 views • 20 slides
High Voltage Safety High Voltage Access W. Maes Department of Marine Engineering Antwerp

High Voltage Safety High Voltage Access W. Maes Department of Marine Engineering Antwerp

High Voltage Safety High Voltage Access W. Maes Department of Marine Engineering Antwerp Maritime Academy HV, 2016 Willem Maes High Voltage Safety Outline Willem Maes High Voltage Safety The Use of the High Voltage Access procedure is

677 views • 36 slides
Secure Contingency Prediction and Response for Cyber-Physical Systems Erik Miehling, Cedric

Secure Contingency Prediction and Response for Cyber-Physical Systems Erik Miehling, Cedric

Secure Contingency Prediction and Response for Cyber-Physical Systems Erik Miehling, Cedric Langbort, Tamer Ba ar Coordinated Science Lab University of Illinois at Urbana-Champaign Urbana, IL, 61820 CCTA 2020 August 26, 2020 Some

354 views • 16 slides
Trust as a Unifying Basis for Social Computing Munindar P . Singh North Carolina State

Trust as a Unifying Basis for Social Computing Munindar P . Singh North Carolina State

Trust as a Unifying Basis for Social Computing Munindar P . Singh North Carolina State University August 2011 singh@ncsu.edu (NCSU) Trust for Social Computing August 2011 1 / 23 Abstractions for Social Computing Today, social computing

385 views • 23 slides
Whos In Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems David

Whos In Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems David

Whos In Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems David Formby , Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, Raheem Beyah NDSS 2016 Presented by: Yi Zhang October 18 th , 2016 Cyber Physical

481 views • 20 slides
Site Planning for SGI Products Robert Hoehn Product Support Engineer Global Product Support

Site Planning for SGI Products Robert Hoehn Product Support Engineer Global Product Support

Site Planning for SGI Products Robert Hoehn Product Support Engineer Global Product Support SGI 41st Cray User Group Conference Minneapolis, Minnesota Comparing the facility impacts of Liquid Cooled Supercomputers of the 80s and 90s

343 views • 20 slides
EFFECT OF SFCL ON DISTRIBUTION POWER QUALITY by Shahram Najafi, Prof. Vijay K. Sood , Ahmed

EFFECT OF SFCL ON DISTRIBUTION POWER QUALITY by Shahram Najafi, Prof. Vijay K. Sood , Ahmed

EFFECT OF SFCL ON DISTRIBUTION POWER QUALITY by Shahram Najafi, Prof. Vijay K. Sood , Ahmed Hosny University of Ontario Institute of Technology, Oshawa, Ontario Electrical Power and Energy Conference ( London-Canada) October 2012 1 Outline

556 views • 19 slides
1 A ball is fastened to a string and is swung in a vertical circle. When the ball is at the

1 A ball is fastened to a string and is swung in a vertical circle. When the ball is at the

Slide 1 / 62 1 A ball is fastened to a string and is swung in a vertical circle. When the ball is at the highest point of the circle its velocity and acceleration directions are: A C B D Slide 2 / 62 2 A ball with a mass m is fastened to a

911 views • 62 slides

More recommend