Monday, January 13, 2020

Network Field Day 21 - NGINX - Making Sense of Service Mesh

NGINX presented on their service mesh solution at Network Field Day 21, and you should check out the presentation by Faisal Memon explaining what they have built. He explains what a service mesh is, why you might need it and how it is integrated into NGINX.

If you have spent any significant time as a practitioner in network engineering you will eventually end up helping with a project that involves a distributed publish/subscribe message system - which today we call a service mesh. In earlier times, we might have referred to it as a service or message bus and used technology like the Common Object Request Broker Architecture (CORBA) which is a standard developed by the Object Management Group (OMG) to provide interoperability among distributed objects. Or maybe you installed and used a commercial software solution like Tibco Rendezvous which has been around for 20 years or you were involved in the financial industry and you implemented the FIX protocol.

My point is, the concepts and design ideas for a service mesh have been around for decades and really are nothing new at all. Effectively, they are a distributed message queue with a standard API run over a network. What has changed over time is the ubiquity of their use in many common platforms and architectures today. I believe one of the reasons so many platforms use them is because developers have become increasingly frustrated with the networking NAT/PAT/DNS problems and would prefer to have a more elegant routing and name space than what classic IPv4 and DNS provide. There is a lot to unpack around that last sentence and I likely won't get to it in this post but just accept that the way many enterprises are deploying and running their network are not optimal for application developers trying to deploy new application workloads within the data center environment.

There are many options to choose from for a service mesh. A not so brief list of some options would be:
Istio/Envoy
Console Connect
Linkerd2
Maesh
NGINX Service Mesh
Microsoft Azure Service Fabric
RabbitMQ
Hashicorp Consul
AWS App Mesh

Because of the role that a service mesh provide, it matches very cleanly with application proxy services. This is a natural fit for something like NGINX because that is where it is commonly deployed too. Often NGINX is used as an application delivery controller (ADC) or a classic server load balancer (SLB) along with a proxy for application traffic. This proxy role allow NGINX to have a comprehensive view into the application, even with a distributed application front end. Providing a sidecar proxy function to allow more enhanced services to be managed and run without burdening the application developer is one of the benefits you gain. For example, TLS certificate management, mutual TLS (for secure app to app communication), tracing and monitoring, metrics and reporting, traffic controls and any other services can be coordinated, synchronized and managed separately from the application and not burden the developer with having to know all those specific items to get their application work.

One of the benefits of having a service mesh built into NGINX is the fact that NGINX is now the most widely deployed commercially supported web server in the top 1000 websites. This means that having a service mesh solution integrated into the platform makes adoption and use of a service mesh far more likely to occur because NGINX is used in so many places and in so many deployments. The other interesting part is the fact that many service mesh solutions can be swapped in and out depending on the need requirements of the application developers. That means that other platforms can either leverage with NGINX has build with their service mesh technology or they can swap it out and use Hashicorp Consul or whatever other service mesh technology they are already utilizing. It is very flexible and it is a technology all network engineers should be comfortable helping deploy, operate and support in their environment.

So it is highly likely, at some point, you will be involved with some a project that makes use of a service mesh and you should take the time to learn and understand how it is used and commonly deployed. Because of the popularity and wide scale adoption of NGINX it makes a lot of sense to have a good understanding of what they have built and how to use it.
- Ed

In a spirit of fairness (and also because it is legally required by the FTC), I am posting this Disclosure Statement. It is intended to alert readers to funding or gifts that might influence my writing. My participation in Tech Field Day events was voluntary and I was invited to participate in NFD21. Tech Field Day is hosted by Gestalt IT and my hotel, transportation, food and beverage was/is paid for by Gestalt IT for the duration of the event. In addition, small swag gifts were/are provided by some of the sponsors of the event to delegates. It should be noted that there was/is no requirement to produce content about the sponsors and any content produced does not require review or editing by Gestalt IT or the sponsors of the event.