Computer Science Visiting Speaker Talk

  • Gates Hillman Centers
  • McWilliams Classroom 4303
Talks

Istio Service Mesh – A network for services, not bytes

For the last two decades, the kernel has abstracted low-level networking concepts and TCP/IP interactions from user level applications, in an attempt to simplify application layer code. However, developers today still have to deal with the network when building distributed applications. Reasoning about failures, reliability, routing, discovery and load balancing, in addition to uniform telemetry, ensuring fleet-wide security across 1000s of VMs or containers is a daunting task for any application development team. Istio, a joint effort from several companies, aims to abstract networking, security, and telemetry from applications such that applications can offload service discovery, load balancing, monitoring, resilience, and authorization/authentication to a programmable L7 substrate called the service mesh. Having control over the L7 traffic allows the mesh to do some interesting things that was previously harder to achieve in a polyglot application environment that exists today. This talk will describe some initial operational experiences and some lessons learned from the community. Towards the end, we will look at an interesting problem domains that can be tackled with the help of the service mesh: tracking sensitive data flows across services and enforcing data-centric access control policies.    

Faculty Host: Justine Sherry

For More Information, Please Contact: 
Keywords: