8. PAGE8
DEVOPS INDONESIA
Fallacies of Distributed Computing
1. The network is reliable
2. Latency is zero
3. Bandwidth is infinite
4. The network is secure
5. Topology doesn’t change
6. There is one administrator
7. Transport cost is zero
8. The network is homogeneous
source: https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing
12. PAGE12
DEVOPS INDONESIA
Why Not Traditional Enterprise Service Bus?
source: https://www.ains.com/enterprise-service-bus-esb/
13. PAGE13
DEVOPS INDONESIA
The Solution?
• A service mesh platform originally
developed by Google, IBM, and Lyft on
May 2017
• Built using battle-tested Envoy Proxy
from Lyft
• Just turned v1.0 this August 2018!
• Deploys on Kubernetes and Consul-
based deployment
14. PAGE14
DEVOPS INDONESIA
What is a Service Mesh?
A service mesh is a dedicated infrastructure layer for handling service-to-service
communication. It’s responsible for the reliable delivery of requests through the
complex topology of services that comprise a modern, cloud native application. In
practice, the service mesh is typically implemented as an array of lightweight network
proxies that are deployed alongside application code, without the application
needing to be aware.
source: https://blog.buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/
15. PAGE15
DEVOPS INDONESIA
What is a Service Mesh?
A configurable infrastructure layer for a microservices application. It makes
communication between service instances flexible, reliable, and fast. The mesh
provides service discovery, load balancing, encryption, authentication and
authorization, support for the circuit breaker pattern, and other capabilities.
source: https://www.nginx.com/blog/what-is-a-service-mesh/
16. PAGE16
DEVOPS INDONESIA
Istio Approach of Service Mesh
• Deploys EnvoyProxy as the default
Istio Proxy as a sidecar container for
each service deployed
• The Istio Proxy sidecars are injected
(automatically or manually)
• No more single point of failure,
since the proxies are distributed
and have cache mechanism
• Istio Proxy obtain rules and
configuration from Istio Pilot
17. PAGE17
DEVOPS INDONESIA
Why Istio Choose EnvoyProxy?
• Originally developed by Lyft
• High performance distributed C++
based proxy
• Understands HTTP, HTTP/2, Kafka,
TCP, gRPC, etc.
• Robust API
• Open source and donated to CNCF
18. PAGE18
DEVOPS INDONESIA
Istio Architecture
● Control Plane
○ Pilot
○ Mixer
○ Citadel
● Data Plane
○ Proxy
● Gateway
○ Ingress
○ Egress
● Addons
○ Prometheus
○ Jaeger
○ ServiceGraph
○ Grafana
source: https://istio.io
19. PAGE19
DEVOPS INDONESIA
Pilot & Proxy Relationship
● Pilot is responsible for
the lifecycle of Proxy
● Rules are defined in the
Pilot
● Pilot hides the platform
complexity from Proxy
● Service discovery and
rules are pushed and
cached from Pilot to
Proxy
source: https://istio.io
20. PAGE20
DEVOPS INDONESIA
Mixer & Proxy Relationship
● Mixer provides policy
control
● Mixer collects
telemetry
source: https://istio.io
21. PAGE21
DEVOPS INDONESIA
Mixer & Proxy Relationship
● Proxy calls Mixer to
check policy before
each request
● Proxy calls Mixer to
report telemetry after
each request
● Proxy and Mixer cached
information to reduce
latency
source: https://istio.io