Service meshes and the path to heterogeneous microservices

Maurício Linhares / @mauriciojr / Software Engineer at DigitalOcean

Are we in microservices buzzword bingo?

Not quite, but be careful

What's one of our biggest problems in microservices?

Surviving unreliable networks

Every. Single. One. Of. Them.

First wave

• Twitter's Finagle
• Netflix's Hystrix
• Your own homegrown, organic, free range and gluten free internal library

Library based support

• Load balancing
• Tracing
• Metrics
• Service discovery
• Rate limiting
• Dynamic routing
• Traffic shifting

And this is good...

...until this happens

Platform hell

• Equivalent libraries might just not exist
• They exist but have different or incompatible feature sets

Options?

• Build a compatible library from scratch
• Build layers on top of existing stuff to make it compatible
• Pretend there's nothing wrong and run new apps without any of it
• Never build stuff in different platforms/languages

Nope

We need something that is platform independent

And will easily run in today's container based solutions

Mesh in action

What's a sidecar?

A container that provides a service to your app

Most of the time sidecar and main apps talk over the network

Back!

All traffic flows through the mesh container

And it applies all rules/filters that are configured

Platform independent solution

Your app doesn't even know it's talking to the mesh container

Dynamic configuration

Solutions offer APIs to manage configuration changes without restarts or manually updating files

Deep visibility into L7 traffic

Provide visibility and features even for legacy or apps you don't own or can't update

Gotchas?

• Mesh must support your application protocol
• Optimized for containerized environments
• Another moving piece for your infrastructure
• Still requires some configuration management for service discovery

When should we use it?

Whenever you need the features listed before

Or...

• Request shadowing
• Zone local load balancing
• TLS termination
• Protocol upgrading
• Fault injection
• ...

Buzzword-worthy

Lots of buzzwords but it gets the job done

Contenders

• Lyft's Envoy - https://envoyproxy.github.io/
• Linkerd - https://linkerd.io/
• istio - https://istio.io/ (uses Envoy, kubernetes only for now)

How do we compare them to nginx and haproxy?

• No complex load balancing solutions (unless using nginx plus or extensions)
• Pluggable architecture (not available in haproxy)
• Integration with external service discovery and limiting services

How do we compare them to nginx and haproxy?

• Hot reloading
• Open tracing support
• Better statistics

What's up at DigitalOcean?

• Moving our front proxies out of haproxy and nginx to Envoy
• Preparing to setup Envoy to manage communication between services

Questions?

Thanks!

DigitalOcean is hiring, check https://www.digitalocean.com/company/careers/