Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Service Mesh [clear filter]
Tuesday, November 19

10:55am PST

Service Mesh: There and Back Again - Hema Lee & Cody Vandermyn, Nordstrom
You might have heard about service mesh and its amazing benefits. Maybe you believe it’s the next big thing, but will it truly meet expectations? As any start to a relationship, things look fun and easy but once we talk performance at scale, compliance with internal security policies, and seamless onboarding, you might reconsider taking it home to meet your parents!

With a highly distributed system that includes services running on Kubernetes clusters along with VM and Serverless workloads, vanilla service mesh would not work for us. In this talk, Hema & Cody will cover how Nordstrom’s relationship with service mesh evolved, what initial results revealed, what surprised us, and the open source contributions and adaptations we made to get to production readiness. We will share lessons learned and hopefully help with your service mesh relationship.

avatar for Hema Lee

Hema Lee

Senior Software Engineer, Nordstrom
Hema is a Senior Engineer at Nordstrom and a member of the Engineering Platform organization. Currently, she's deep in the world of securing service to service communications across all of Nordstrom's compute infrastructure. Previously, her work spanned developing components for distributed... Read More →
avatar for Cody Vandermyn

Cody Vandermyn

Sr. Software Engineer, Nordstrom
Cody Vandermyn works as a Senior Engineer at Nordstrom. He is an active contributor to open source including the Linkerd project. As an avid software geek, Cody enjoys building cloud native applications using new technology, ensuring they are easy to maintain and educating others... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Service Mesh

11:50am PST

How the Department of Defense Moved to Kubernetes and Istio - Nicolas Chaillan, Department of Defense
This session will showcase the DoD Enterprise DevSecOps initiative and its architecture. It describes how the Department of Defense is securing OCI compliant containers, moving to Kubernetes and Istio, ensuring abstraction and scale across hundreds of environments, including Clouds, on-premise and classified environments. It will particularly focus on the sidecar security stack leveraging Envoy and sidecar containers to ensure zero trust security and baked-in multi-layer security.

avatar for Nicolas Chaillan

Nicolas Chaillan

Chief Software Officer, U.S. Air Force, USAF
Mr. Nicolas Chaillan, a highly qualified expert, is appointed as the first Air Force Chief Software Officer, under Dr. William Roper, the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, Arlington, Virginia. He is also the co-lead for the Department... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Service Mesh

2:25pm PST

Porting Envoy to Windows; A Progress Report - Yechiel Kalmenson & William A. Rowe, Jr., Pivotal
Envoy is a high-performance open source edge and service proxy that makes the network transparent to applications. As of now Envoy is only available on Linux, and that’s a big blocker for Windows teams who want to migrate their monolithic apps to more service-oriented architectures.

Last year a team at Pivotal started working with Microsoft on making Envoy on Windows a reality. This talk will give a progress report on the work being done:

* An overview of the history of the project. Starting with the work done by Microsoft, contributions to upstream so far, and what we have left.

* Some of the challenges the team faced and how they overcame them. For example, the workarounds we employed to get a working Windows environment for Envoy, and some of the performance issues which still need to be solved.

* What the team is currently working on and what the outlook for the future is like.

avatar for William A. Rowe, Jr.

William A. Rowe, Jr.

Principal Software Engineer, Pivotal
William is a veteran of the Apache HTTP Server and APR projects, establishing Windows as a first class platform at these projects. He's applying this experience at Pivotal to help the Envoy Proxy project crew bring Envoy to native Windows OS.
avatar for Yechiel Kalmenson

Yechiel Kalmenson

Software Engineer, Pivotal
Yechiel Kalmenson was born and raised in Brooklyn. He got his rabbinical training in Israel and spent a few years teaching both children and adults. After a brief stint in Tech Support, he found his next calling and went on to study software development. He currently works as a... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 32AB - San Diego Convention Center Upper Level
  Service Mesh

3:20pm PST

Airbnb Service Discovery: Past, Present, Future (Challenges of Change) - Chase Childers, Airbnb
In 2013, Airbnb released an open source service discovery solution (SmartStack) and has functioned on the same framework for years. Historically our infrastructure ran on AWS EC2 instances and utilized HAProxy (within Smartstack) for proxying traffic. With a migration to Service Oriented Architecture and Kubernetes, our service discovery must also change. In this presentation we will cover the evolution of our service discovery framework starting with where we started, where we’ve been, where we’ve failed, and where we’re going (hint: Envoy) at Airbnb. This includes both our missteps and our learnings from migrating within a hybrid EC2/Kubernetes world. We’ll dive deep into topics such as challenges of managing and migrating your own service discovery stack, migrating ingress and egress traffic independently, and rolling out infrastructure changes across a massive fleet of services.

avatar for Chase Childers

Chase Childers

Site Reliability Engineer, Airbnb
Chase Childers is on the Site Reliability Engineering Team at Airbnb. He has collaborated with the Service Orchestration and Traffic teams to focus on service discovery migrations in the EC2 and Kubernetes context. Outside of this collaboration, his related work includes preparing... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 28ABCDE - San Diego Convention Center Upper Level
  Service Mesh

4:25pm PST

Panel: Is Service Mesh Ready for Edge-Native Applications? - Wendy Cartee, Ramki Krishnan, VMware; Srini Addepalli, Intel; Parveen Patel, Google; & Ravi Chunduru, Verizon
Edge deployments, in contrast to large public clouds, pose interesting demands since they are physically insecure & capacity constrained. Also, Edge Computing Apps such as AR-VR, have low-latency characteristics with RTT typically few msec and pose further demands to edge deployments.

Edge Computing Apps like to use Service Meshes (SM) such as Istio/Envoy, Linkerd etc. to offload infrastructure related activities such as security.

In this panel, we first examine the unique challenges in using SM technologies for Edge Computing Apps - especially the additional latency and resource usage to due to Kernel Networking. Next, we will explore software techniques such as Kernel Bypass, QUIC as an alternative to TCP/IP etc. to alleviate the performance bottlenecks introduced by SM technologies including early results. Last, we will touch upon hardware acceleration techniques for the above.

avatar for Ramki Krishnan

Ramki Krishnan

Lead Technologist, Open Source, VMware
Ramki, with 20+ years of industry experience, has a deep understanding of various technologies and strong business acumen to lead and transform innovation into customer-winning products. Currently, at VMware, he is responsible for Telco/Enterprise open source technology vision, strategy... Read More →
avatar for Wendy Cartee

Wendy Cartee

Senior Director of Marketing, VMware
Wendy Cartee is senior director of product marketing for service mesh, cloud and container networking at VMware. She works on products and open source projects to drive enterprise user adoption. Wendy has been in open source for over a decade and helped form the Linux Foundation’s... Read More →
avatar for Srinivasa Addepalli

Srinivasa Addepalli

Sr. Principal Engineer, Intel Corporation
Srini Addepalli is a Sr. Principal Engineer in NEX/NPG business unit of Intel Corporation. He is one of the principal architects of networking, security & Edge technologies for the Network Function Virtualization/Containerization (NFV/NFC) and Software Defined Networks (SDN). Srini... Read More →
avatar for Ravi Chunduru

Ravi Chunduru

Associate Fellow, Verizon
Ravi Chunduru is a Senior Architect at Verizon responsible for Product strategy and thought leadership in the domain of Virtual Network Services and MEC solutions. Ravi has been a key player in conceptualizing and delivering various products at Verizon such as VNS Application Edge... Read More →

Parveen K Patel

Director, Cloud Software Engineering, Google

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Service Mesh
Wednesday, November 20

10:55am PST

Stitching a Service Mesh Across Hundreds of Discrete Networks - Jason Webb & Anil Attuluri, Intuit
Intuit has experienced large growth in its microservices ecosystem over the last few years, which was primarily using a hub and spoke API Gateway for service communication. As the ecosystem expanded, the increased latency and data transfer costs became significant. To facilitate future growth efficiently, Intuit needed a better model. Moving to a distributed Service Mesh running on k8s to enable secure service-to-service communication was the solution. As Intuit was building a migration path for hundreds of services communicating across discrete networks, they faced a host of challenges. While developing a platform to provide end-to-end encryption, they defined a pattern for federated workload identities and learned to manage a federated set of mesh control planes. Jason and Anil will share these learnings and Admiral, a project they are open-sourcing that enabled the migration path.


AnilKumar Attuluri

Software Engineer, Intuit, Inc.
Anil is a Software Engineer at Intuit working on some of the key challenges to move Intuit's microservices onto Service Mesh. His other areas of work at Intuit include distributed and scalable rate limiting algorithm, orchestration layer in API Gateway for Graphql and designing OSGi... Read More →
avatar for Jason Webb

Jason Webb

Principle Engineer, Intuit
Jason is the Services Fabric Chief Architect at Intuit. Where he works on building tools and platforms to enable Intuit’s microservices ecosystem. Jason is passionate about cloud-native infrastructure, developer tools & experience, and open source. Prior to Intuit, Jason worked... Read More →

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level
  Service Mesh

11:50am PST

From Brownfield to Greenfield: Istio Service Mesh Journey at Freddie Mac - Shriram Rajagopalan, Tetrate & Lixun Qi, Freddie Mac
Freddie Mac is one of the two mortgage loan corporations in the United States managing trillions of dollars of assets across the country. Our infrastructure is spread across different Kubernetes providers, hardware load balancers, and large swaths of virtual machines. In this talk, we describe our service mesh adoption journey in a highly regulated financial compliance environment. We will discuss both greenfield and brownfield environments, to gain full visibility and traffic management capabilities using Istio/Envoy. We will highlight the changes to our GitOps development workflow, changes to our age old organizational practices, and how the service mesh journey forced us to foster deeper co-operation between traditionally siloed security, platform and application development teams as we tried to weave a mesh over the old and new.

avatar for Shriram Rajagopalan

Shriram Rajagopalan

Unprincipled Engineer, Tetrate
Shriram Rajagopalan is one of the founding engineers behind the Istio service mesh project, and an early contributor to Envoy. He currently maintains the networking subsystem within Istio. Prior to working on Istio/Envoy, he worked on the Xen hypervisor, the Linux kernel, network... Read More →
avatar for Lixun Qi

Lixun Qi

Sr Tech Lead, Freddie Mac
Lixun Qi is a Sr Tech Lead at Freddie Mac, focused on building company-wide cloud native computing platforms. His responsibilities include Kubernetes, service mesh, software defined networking, information security and all the automation through GitOps. Much of time these days is... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Hall D - San Diego Convention Center
  Service Mesh

2:25pm PST

There's a Bug in My Service Mesh! What Do You Do When the Mesh is At Fault? - Ana Calin, Paybase & Risha Mars, Buoyant
A service mesh is an increasingly necessary tool when running and debugging modern applications. But what do you do when there’s a bug in the mesh itself?

Paybase offers the most flexible, developer-native, API-driven solution for payments, compliance and risk. They use the Linkerd service mesh to process all requests that come through their complex system of microservices, where it is highly useful for out of the box gRPC load balancing which allows Paybase to scale their application.

In this talk, Ana and Risha will talk about different Linkerd bugs that Paybase encountered after deploying Linkerd to their staging environment, and how they worked with the Linkerd maintainers to track them down and squash them.

This talk also explores the relationship between companies that rely on open source software and their interactions with maintainers in the path to getting bugs fixed.

avatar for Ana Calin

Ana Calin

Systems Engineer, Paybase
Ana is a Systems Engineer at Paybase, an emerging London FinTech. As a Systems Engineer Ana builds the infrastructure of Paybase’s service oriented platform, creates, updates and maintains monitoring and logging systems and incident response management systems. Previously Ana has... Read More →
avatar for Risha Mars

Risha Mars

Software Engineer, Buoyant
Risha is a Software Engineer at Buoyant, and is a core contributor to the Linkerd project. She worked on the CLI and controller (Golang) as well as the Linkerd dashboard (React). Currently Risha is working on Dive, Buoyant’s newest product. Previously, Risha worked on the Ads team... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Hall D - San Diego Convention Center
  Service Mesh
Thursday, November 21

10:55am PST

Life Outside the Cluster: Adding Virtual Machines to an Envoy Service Mesh - Megan O'Keefe & Ameer Abbas, Google
Service mesh tools add lots of functionality for Kubernetes-based applications, including policy automation and telemetry. But what if you're halfway through a migration to Kubernetes, and you still have applications running in virtual machines? In this talk, Megan O'Keefe and Ameer Abbas will demonstrate how to use Istio, an Envoy-based service mesh, to connect Kubernetes services with applications running in VMs. Demos will include: encrypting gRPC traffic between Pods and VMs, using Prometheus to view application metrics across both environments, and load balancing traffic between Kubernetes and VM instances. You will leave this talk understanding exactly how to integrate virtual machines with an Envoy-based service mesh.

avatar for Megan O'Keefe

Megan O'Keefe

Developer Relations Engineer, Google Cloud
Megan O’Keefe is a Developer Relations Engineer at Google Cloud, where they help platform developers build on top of Kubernetes to accelerate app development and reduce toil. A graduate of Wellesley College, Megan began their career at Cisco, where they built edge computing platforms... Read More →
avatar for Ameer Abbas

Ameer Abbas

Solutions Architect, Google
Ameer Abbas is a Solutions Architect at Google Cloud in San Francisco. In this role, his goal is simple - Make Cloud Easy. Ameer works closely with the business leaders, development and operations teams to identify the right solution for the problem in Google Cloud. He also publishes... Read More →

Thursday November 21, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Service Mesh

11:50am PST

Walk-through: Debugging an RBAC Problem in Istio (But Without the Swearing) - Matt Turner, Native Wave
A few months ago, I lost a whole day to debugging a problem with RBAC in Istio. I swore a lot, but I also learned a lot. I learned new tools, new interfaces, and the rabbit hole took me past most major parts of Istio.

Today I'll recreate that debugging session live, to show you the mental models and techniques I used to methodically follow this issue through a complex distributed system. We'll learn about systems debugging techniques in general, and operating Istio in particular.

avatar for Matt Turner

Matt Turner

Software Engineer, Tetrate
Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over nearly two decades. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's... Read More →

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level
  Service Mesh

2:25pm PST

Bringing the Envoy Service Mesh to Mobile - Jose Nino & Michael Schore, Lyft
99.999% reliability on the server is meaningless if mobile apps are only able to complete the desired product flows a fraction of the time. Learn how Lyft built, and deployed Envoy Mobile (envoy-mobile.github.io) in their Swift/Kotlin apps and is benefitting from a single, consistent Envoy-based network stack across every platform.

Envoy Mobile was created to provide apps with the same network configurability, observability, and transport technologies that Envoy Proxy enables for the server - as if apps are simply another node on a service mesh. This unlocked a new tier of reliability on mobile and paved the way for many enhancements such as QUIC, request prioritization, and low connectivity handling. This talk will cover how this library was built, how Lyft tested it in their mobile apps, and what benefits they’ve already started to see.


Michael Schore

Software Engineer, Lyft
Michael Schore has nearly a decade of experience working on server and client networking technologies. He was an early implementer of SPDY, and wrote and deployed production stacks for both iOS and Android. Drawing from this experience, he participated in IETF working group discussion... Read More →

Jose Nino

Senior Software Engineer, Lyft
Jose Nino worked on Lyft’s Networking team for 2+ years building out infrastructure that enabled Lyft to scale technically and socially as it developed and rolled out an Envoy-based service-oriented architecture. He was instrumental in building control plane technologies, and resilience... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 33ABC - San Diego Convention Center Upper Level
  Service Mesh

3:20pm PST

Supercharge Your Microservices CI/CD with Service Mesh and Kubernetes - Brian Redmond, Microsoft
We all know by now that Service Mesh provides many benefits to containers on Kubernetes. Linkerd, Istio, and Consul are some great examples. With Service Mesh Interface (SMI), adoption is becoming much easier.

Along with a lot of other features, Service Meshes are great at traffic shifting and observability which are helpful for microservice deployment and CI/CD platforms. Testing new versions in production with strategies such as Blue/Green, A/B, and canary rollouts are key in ensuring that deployments are error-free.

In this session, I will dig deep into how you can integrate Service Mesh into deployment pipelines and automate these kinds of CI/CD methods. I will talk about observability using projects such as Prometheus and how it is key to validate candidate releases with real time latency statistics down to specific paths/methods.

As always, I will include lots of demos!

avatar for Brian Redmond

Brian Redmond

Cloud Architect, Microsoft
I am a Cloud Architect on the Azure Global Black Belt team at Microsoft. I focus on containers, microservices, and cloud native applications in the Azure cloud platform. I have been working in technology for over 20 years and have a mixed background from application development to... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Service Mesh

4:25pm PST

Fine Grained Mesh Metrics for Better Visibility With Native Performance - Mandar Jog & Kuat Yessenov, Google
Knowing granular traffic patterns is crucial in understanding the functioning and health of a service mesh. The existing Envoy extensions collecting metrics are either not granular enough or can consume too many resources.

In this session, attendees will learn about an efficient way of producing granular metrics. This method introduces a new metadata exchange protocol between peer workloads and uses the new Envoy/WASM metrics API to produce richly dimensioned metrics based on the exchanged metadata.

The operator can add arbitrary peer dimensions like availability zones and locality to get additional insights into the traffic. Istio will use this technique to efficiently produce highly dimensioned Istio standard telemetry.

Attendees will see a demo of rich telemetry collection to Prometheus at near native performance.

avatar for Mandar Jog

Mandar Jog

Istio TL/M, Google
Mandar is a co-lead of the Istio extensions and the Istio performance and scalability workgroups. He would like to see adoption of service meshes everywhere so as to realize the full promise of micro services architecture. Mandar has been working on the Isio project since its inception... Read More →

Kuat Yessenov

software engineer, google
Kuat is a maintainer of the envoyproxy/go-control-plane and a contributor to envoy. He has been an integral part of the Istio team at google since the beginning.

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Service Mesh

5:20pm PST

Envoy on Fire: A Practical Look at Debugging a Service Mesh - Lita Cho & Ryan Cox, Lyft
In this talk, presenters will share lessons from several years of experience running Envoy in production at scale. They will explore practical techniques for triaging issues in a service mesh, along with the intuition behind them. The presenters will cover a broad range of topics including traffic capture, issues specific to GRPC, health checks, and techniques useful during incident mitigation. The talk will end with a deep dive into Envoy stats and their use in resolving issues.

avatar for Lita Cho

Lita Cho

Software Engineer, Lyft
Lita is a senior software engineer on the Networking team, building out the service mesh to handle both Kubernetes and legacy systems at Lyft. Before that, she worked on building out the API infrastructure using Protocol Buffers, creating systems that would generate code and bring... Read More →
avatar for Ryan Cox

Ryan Cox

Software Engineer, Lyft
Ryan Cox is a software engineer at Lyft focused on infrastructure resilience. His career includes the creation of large-scale ecommerce platforms and extensive time working on systems and infrastructure. He holds patents related to distributed filesystems and is an active member of... Read More →

Thursday November 21, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Filter sessions
Apply filters to sessions.