1

NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

  • Upload
    others

  • View
    17

  • Download
    0

Embed Size (px)

Citation preview

Page 1: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

Containers TodayAnton Gyllenhammar DevOps SE – Northeastern Europe

Page 2: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F52

A trip through time

Eli WhitneyReplaceable Parts

Henry FordAssembly Lines

Toyota“Just in Time”

The history of …?The history of lean

Page 3: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F53

Lean is creating the most value at the minimum cost, achieved by minimizing

resources, time, energy and effort

Page 4: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F54

A trip through time

Eli WhitneyReplaceable Parts

Henry FordAssembly Lines

Toyota“Just in Time”

Lean Manufacturing

Lean Enterprises

Lean IT

Page 5: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F55

Application Capital

No material capital expenses~5500 employees

$175 billion

Iconic brandsOperator of massive theme parksOwner of a vast media empire

$160 billion

Source: https://www.f5.com/company/blog/application-capital

Page 6: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F56

MONTHS DAYS HOURS

Application Lifecycle ChallengesClassic enterprise Transforming enterprise Web scale

PEOPLE AUTOMATION AI-ASSISTED

Visibility / Security & Privacy / Customer Experience / Data & Intelligence

3-tier or Monolithic 3-tier or Monolithic + Microservices

10s 100s 1000s

Microservices

How fast can you go from code to customer?

How many apps are you able to take from code to customer in the next year?

How do you secure & govern your application portfolio?

Presenter
Presentation Notes
So, when it comes to reducing the time it takes to deliver code to your customer, we first need to consider the cycle time for ONE CYCLE and what that looks like for different types companies. We’ll start with a CLASSIC ENTERPRISE—where, hopefully, the company knows they need to change but where they actually haven’t started to change yet. One cycle is measured in months and, sometimes, years. For a TRANSFORMING ENTERPRISE—where we see most of our customers sitting—they know they need to change and are working toward a cycle time measured in days. And for a WEB SCALE company—so think: Facebook, Google, or Amazon—we know that they can move fast, but they’ve had the luxury of starting off with a cycle time measured in hours. Next, your ability to scale isn’t just about scaling the number of applications. It actually has to do with how many times you can scale the application, its underlying architecture, AND the number of these lifecycles you can implement. In the Classic Enterprise—with a traditional, three-tier or monolithic app architecture—you can scale up the number of times you execute this lifecycle tens of times. In the Transforming Enterprise—using a mix of the old (three-tier/monolithic) and new (microservice) architectures—we want to be able to scale hundreds of times. And in the Web Scale company—using predominantly microservice architectures—you can scale up this lifecycle thousands of times. The interesting thing about the Transforming Enterprise is that you have a complicated mix of both the Classic and the Web Scale, a bit of the old and the new. This is where the majority of our customers sit—here in the “messy middle”—so we understand the unique challenges that come with straddling both worlds. We’re designing—and looking for feedback about—our products and solutions so that we can address your specific challenges and really understand how best to tidy up the messy middle. Now, let’s look at the governance challenges. It’s easy to implement architecture, security, data, scale, etc., if you’re a Classic Enterprise and have months to years to get it done. That’s not a hard problem to solve. You can solve that problem with people. But to make the jump from Classic to Transforming, you have an exponential increase in difficulty because your cycle time decreases (from months or years, to days or months) and your scale increases (from 10s to 100s). This step is really hard and really important to get right, because if you don’t you won’t succeed at making the transition from the old to the middle. Now, going from Transforming to Web Scale is a little bit different. You can see that the level of difficulty does not increase nearly as much as going from Classic to Transforming, which is a huge leap. That’s because once you solve for the middle, you’ve solved the bigger problem. In other words, once you’ve solved for the decrease in cycle time and the increase in scale, the step from Transforming to Web Scale is incremental rather than exponential. <next slide>
Page 7: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F57

APPLICATIONSDEVELOPER

Speed to market creates a divide

• Containers and microservices• Open source CI/CD tooling• Freedom to choose a cloud

Code Customer

Presenter
Presentation Notes
Customer’s tell us there is a divide between developers and operations, between apps and infrastructure. It creates a rift in delivering services that spans from code to customer. Both developers and operations have their own priorities and requirements to be successful. Developers care about moving fast to build and deploy apps that deliver customer value. But moving fast is at odds with operations, who care about ensuring reliability, security and performance to ensure those apps meet customer expectations. But this divide creates challenges for both developers and operations that diminishes customer value.
Page 8: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F58

Application services along the data path

Code Load balancer

DNSAPI gateway

App Security

DDoS CDNIngress Controller

App / webserver

Customer

App Dev DevOps NetOps SecOps Business Owner

Page 9: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F59

API gateway

CDNIngress Controller

App / webserver

CustomerLoad balancer

DNSApp Security

DDoSCode

Containers Purpose-builthardware

Public cloud

Virtual machines

Softwareas a Service

Commodityhardware

EcosystemsNGINX Controller BIG-IQ

PLATFORM CONTROL PLANES

All-encompassing application platform

BIG-IP NGINX

ECOSYSTEM INTEGRATIONS

Page 10: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F510

API gateway

CDNIngress Controller

App / webserver

CustomerLoad balancer

DNSApp Security

DDoSCode

Containers Purpose-builthardware

Public cloud

Virtual machines

Softwareas a Service

Commodityhardware

EcosystemsNGINX Controller BIG-IQ

PLATFORM CONTROL PLANES

What about containers?

BIG-IP NGINX

ECOSYSTEM INTEGRATIONS

Page 11: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS11

What direction?

North – South Load Balancing and Ingress

• Nginx Plus

• Big-IP LTM (CIS)

East – West & North – SouthService Mesh

• Aspen Mesh

• Nginx Plus & Unit

Page 12: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F512

Ingress

CONFIDENTIAL

Page 13: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F513

Service Type Load Balancer

• Available on AWS, Azure, GCP, VMWare and OpenStack

• Any traffic type: HTTP, TCP, UDP, Web Sockets, gRPC, Kafka, …

• Each service get its own Edge LB ($$$)

Load Balancer vs IngressGETTING THE DEFINITIONS RIGHT

Page 14: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F514

Services over Ingress / Route

• Many type of ingress controllers

• HTTP(s) focused: URL or Path

• SSL, Routing, Authentication, …

• You only pay for one Edge LB

Load Balancer vs IngressGETTING THE DEFINITIONS RIGHT

Page 15: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F515

Our Ingress Controller landscape

Default community options:

NGINX Ingress Controller for Kubernetes

Standalone Ingress Controllers:

NGINX’s Kubernetes Ingress Controller (OSS)

NGINX’s Kubernetes Ingress Controller (Plus)

F5 K8s BIGIP Ctlr (aka CIS)

Presenter
Presentation Notes
https://medium.com/flant-com/comparing-ingress-controllers-for-kubernetes-9b397483b46b
Page 16: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F516

AWS ALB + NGINX PLUS INGRESS CONTROLLERExample scenario

Page 17: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F517

Summary: What makes NGINX KIC Different?

• Long-term stability and consistency

• Avoid breaking backward compatibility

Development Philosophy• Every release built and

maintained to a supportable, production standard.

• Enterprise grade focus

Continual Production Readiness

• NGINX is the authoritative source for all components of Ingress Controller.

Security

• Based on native NGINX capabilities and directives

• No reliance on 3rd party Lua modules

Integrated codebase

• Award winning support available

Support

Presenter
Presentation Notes
Attach pre-existing virtual server configs. for OpenShift Routes - resources for whitelisting BIG-IP objects. This gives you the flexibility needed to attach policies, profiles, etc that you desire on the virtual, and then have those be applied on the Routes. Add metadata via TMOS Shell Manage a Pre-Existing Virtual Server Create a Kubernetes Deployment using valid YAML or JSON. Define the BIG-IP Controller Route configuration parameters as appropriate to suit your needs. Provide the name of the BIG-IP virtual server to which you want to attach the Route to the BIG-IP Controller Deployment. The config parameter to use depends on the type of virtual server (HTTP or HTTPS) route-http-vserver – HTTP virtual server. route-https-vserver – HTTPS virtual server. Example k8s-bigip-ctlr args: args: [ "--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=10.10.10.10", "--bigip-partition=myPartition", "--pool-member-type=cluster", "--openshift-sdn-name=/Common/openshift_vxlan", "--manage-routes=true", "--route-http-vserver=myVirtual” ]
Page 18: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F518

F5 BIG-IP + F5 CONTAINER INGRESS SERVICE (CIS)Example scenario

Page 19: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS19

CONTAINER INGRESS SERVICEBig-IP + CIS

• No daisy chaining of LB and Ingress solutions = easier to configure and debug

• Multi-cloud consistent security policies

• Access on the POD level to other Big-IP modules/features

• LTM

• ASM

• AFM

• APMhttps://github.com/F5Networks/k8s-bigip-ctlr

Presenter
Presentation Notes
What do we mean by "dynamic"? When operators want to make a change, with old servers they had to edit the config file, then reload the service. Sometimes they added agents and sidecar software to assist with reloading. A truly dynamic server, Unit, does it differently: It accepts API calls by itself, not with the help of agents It performs changes in memory It does not reload the processes unless required
Page 20: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F520

East - West

CONFIDENTIAL

Page 21: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F521

Modern Apps Require a Modern Architecture

... to Dynamic

Three-tier, J2EE-style architecturesComplex protocols (HTML, SOAP)Persistent deploymentsFixed, static InfrastructureBig-bang releasesSilo’ed teams (Dev, Test, Ops)

MicroservicesLightweight (REST, JSON)Containers, VMs, FunctionsInfrastructure as CodeContinuous deliveryDevOps Culture

From Monolithic ...

Presenter
Presentation Notes
For the last couple of years, evangelizing the benefits of a distributed, cloud native, microservice architecture Positive – talk to the benefits Agility Parallel development Faster code to production Faster problem resolution Developer productivity – use language and stack of choice
Page 22: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F522

Operating a distributed application is hard

Dynamic, Distributed App:

Fast, reliable function callsLocal debuggingLocal profilingCalendared, big-bang upgrades‘Integration hell’ contained in dev

Slow, unreliable API callsDistributed fault findingDistributed tracingIn-place dynamic updates‘Continuous integration’ live in prod

More things can go wrong, it’s harder to find the faults, everything happens live

Static, Predictable Monolith:

Presenter
Presentation Notes
What have we done?! We have replaced our stable, predictable monolith with a distributed networked app Replace one function call (direct) with another (network API) with little regard for the consequences It can go wrong in so many ways Joel Spolsky – “law of leaky abstractions” All non-trivial abstractions, to some degree, are leaky. Abstractions fail. Sometimes a little, sometimes a lot. There’s leakage. Things go wrong.  all abstractions leak… this one leaks a lot Where do we look for a solution?
Page 23: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F523

By controlling communications between pods, Service Meshes can do four main things:

What does a Service Mesh do?

Security: End-to-end encryption (Mutual TLS / mTLS)

Traffic Management: Load Balance, Circuit breaker, BG, Rate Limit…

Instrumentation: Measure and accumulate metrics (Prometheus)

Debugging: Generate transaction traces (OpenTracing)

Page 24: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F524

A service mesh is an invisible, autonomous, L7 routing layer for distributed, multi-service applications.

How is a Service Mesh implemented?

Most commonly implemented as a ‘sidecar proxy’

Implementations:

• Istio/Envoy• Aspen Mesh• Consul Connect• Linkerd2

• Maesh, Kuma• NGINX Service Mesh• … and many others

to followSidecar Proxy

Service A

Sidecar Proxy

Service B

Sidecar Proxy

Service C

Sidecar Proxy

Service D

Control Plane

Presenter
Presentation Notes
How is a service mesh different? Ingress and Egress General purpose Needs a control plane. Every topololgy change needs to be distributed to every sidecar. Much more complex and dynamic
Page 25: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F525

F5 and NGINX solutions

Aspen Mesh provides an easy-to-use distribution of Istio with added enterprise features.

• Enterprise Service Mesh• Observability and Insights• Expert Support

NGINX provides an advanced Ingress Controller, Microservices Proxy and innovative App Server:

• K8s Ingress Controller• NGINX Router• Future service mesh initiatives

Page 26: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F526

Aspen Mesh

CONFIDENTIAL

Page 27: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F527

Full support : ensures users get production-ready Istiodeployment with easy access to experts and safe upgrades

Simple dashboard : surfaces data in a way you don’t have to be an Istio expert to understand

Policy framework : allows specification, measurement and enforcement of business goals instead of nerd knobs

Security and compliance : features make it easy to confidently create a compliant and auditable zero-trust network

Aspen MeshSIMPLIFIES AND IMPROVES ISTIO

https://aspenmesh.iohttps://aspenmesh.io/invite

Presenter
Presentation Notes
What do we mean by "dynamic"? When operators want to make a change, with old servers they had to edit the config file, then reload the service. Sometimes they added agents and sidecar software to assist with reloading. A truly dynamic server, Unit, does it differently: It accepts API calls by itself, not with the help of agents It performs changes in memory It does not reload the processes unless required
Page 28: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F528

Jaeger (CNCF backed) for distributed tracing and microservice plotting

Prometheus (CNCF backed) for metrics collection and alerting

Grafana for metrics dashboarding

Custom Management UI

Aspen MeshINTERNALS

API Server

Presenter
Presentation Notes
What do we mean by "dynamic"? When operators want to make a change, with old servers they had to edit the config file, then reload the service. Sometimes they added agents and sidecar software to assist with reloading. A truly dynamic server, Unit, does it differently: It accepts API calls by itself, not with the help of agents It performs changes in memory It does not reload the processes unless required
Page 29: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F529

Nginx & microservices

Page 30: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F530

In our assessment, you may benefit from a service mesh once:

You have a mature, fully-automated CI/CD pipeline (GitOps-enabled) You are deploying frequently to production (at least once per day) You are fully invested in Kubernetes You have a zero-trust production environment (so need mTLS) Your application is complex

− 20+ different services, a service graph that is 3 levels deep or more

You have operational maturity and an appetite for risk

A checklist for readiness

Presenter
Presentation Notes
If you can’t say “yes” to these six checkpoints, you’ll not benefit from a services mesh yet. Complexity of application: IDC report “Vendors Stake Out Positions in Emerging Istio Service Mesh Landscape" Aspen Mesh believes cloud-native environments with more than 20 services reach a point of complexity at which services meshes, such as Istio, become increasingly necessary IBM believes it becomes difficult to manage a microservices network when customers reach a threshold of 25 microservices.
Page 31: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F531

Production Patterns for MicroservicesTHERE ARE MULTIPLE, PROVEN PRODUCTION PATTERNS FOR NGINX IN A MICROSERVICE APP

NGINX Ingress Controller

NGINX per-Service ProxyNGINX per-Pod Proxy NGINX Simple Mesh Proxy

Presenter
Presentation Notes
There are multiple production patterns for microservices that give you control over the network We’re familiar with NGINX Ingress Controller / router mesh There are more service-mesh like patterns to manage internal service-to-service traffic, coming from within the application Evolutionary journey to service mesh. Let’s focus on the ones most-service-mesh-like
Page 32: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F532

Polyglot app server

• Python, PHP, Go, Perl, Ruby, JavaScript (Node.js), Java

REST API Driven

Uniform App Configuration

App runs on same server (container), no sidecar

Built-in SSL/TLS support

Nginx UnitAPPLICATION SERVER AS CONTROL PLANE

https://unit.nginx.org

Presenter
Presentation Notes
What do we mean by "dynamic"? When operators want to make a change, with old servers they had to edit the config file, then reload the service. Sometimes they added agents and sidecar software to assist with reloading. A truly dynamic server, Unit, does it differently: It accepts API calls by itself, not with the help of agents It performs changes in memory It does not reload the processes unless required
Page 33: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F533

Why the overlap?

CONFIDENTIAL

Page 34: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F534

App Services – Shifting Control

CloudArchitect

DevOps

Consume and monitor app services

TRADITIONAL APP SERVICES DEPLOYMENT

NetOps

SecOps

AppDev

Consult, validate, and review app services

CLOUD-NATIVE APP SERVICES DEPLOYMENT

NetOps

SecOps

CloudArchitect

DevOps AppDev

Page 35: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F535

Broadest portfolio of advanced application services that deliver superior app performance, security and availability across multi-cloud environments.

Lightweight, agile ADC and API software for container-built apps, CI/CD workflows, and microservices, deployed as subscription.

Composable, extensible, and self-serve App Services globally available as a SaaS model.

NGINXF5 Cloud Services

BIG-IP

Overlaying F5’s platform Use Cases

Control Centralized with NetOps

Hybrid

Cloud-native

Application architecture

Decentralized to Developers

Traditional

Page 36: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS36

With each service provided by different vendors

Code Load balancer

DNSAPI gateway

App Security

DDoS CDNIngress Controller

App / webserver

Customer

Page 37: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS37

Code Load balancer

DNSAPI gateway

App Security

DDoS CDNIngress Controller

App / webserver

Customer

Monolithic

3-tier

Microservice

And a different set of vendors foreach application architecture

Page 38: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS38

Code Load balancer

DNSAPI gateway

App Security

DDoS CDNIngress Controller

App / webserver

Customer

Different need for everyone

App Developers App Architects DevOps Cloud Architects NetOps SecOps IT Leadership Support Customer Experience

Page 39: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS39

Code Load balancer

DNSAPI gateway

App Security

DDoS CDNIngress Controller

App / webserver

Customer

Choose lean tech for each app

• NGINX OSS• NGINX+• NGINX Unit

• NGINX OSS • NGINX+• F5 CIS

• NGINX OSS • NGINX+

• NGINX OSS • NGINX+• BIG-IP LTM• F5 Cloud

Services GSLB

• NGINX / Mod Sec

• NGINX+ App Protect

• BIG-IP ASM• F5 Adv. WAF• F5 Cloud

services

• F5 Cloud Services DNS

• BIG-IP DNS

• BIG-IP AFM• F5 Silverline

• NGINX

Page 40: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS40

API gateway

CDNIngress Controller

App / webserver

CustomerLoad balancer

DNSApp Security

DDoSCode

Containers Purpose-builthardware

Public cloud

Virtual machines

Softwareas a Service

Commodityhardware

EcosystemsNGINX Controller BIG-IQ

PLATFORM CONTROL PLANES

All-encompassing application platform

BIG-IP NGINX

ECOSYSTEM INTEGRATIONS

Page 41: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS41

MICR

OSER

VICE

S AP

PS

This Complexity Is All Too Common…

Web

App

KIC

SP MS

SP MS

SP MS

SP MS

MONO

LOTH

IC A

PPS

Mgr.

RP

Mgr.

DDoSWAF

Mgr.Mgr.Mgr. Mgr.

L4LB

APIGW

L7LB

L4LB

Mgr.

DNS

Mgr.

CDN

Mgr.

CODECUSTOMER

Presenter
Presentation Notes
In fact, given the tool sprawl we just discussed, let’s take a look at what this looks like in a real-life customer example. This is the diagram taken from a large eCommerce site. They don’t use every vendor you see here, but they did use many of them. In fact, to effectively deliver the code their developers are writing all the way out to the customer to drive revenue, they need 13 discrete platforms that include web servers, application servers, and reverse proxies (RP) in their legacy Java application environment. They’re also investing in a modern, microservices-based application environment. This includes microservices (MS) that run in app servers, attached sidecar proxies (SP), a Kubernetes Ingress Controller (KIC) to manage the container orchestration traffic, and Istio to manage the service mesh of sidecar proxies. All of this traffic is then delivered via a complex data path of network/L4 load balancers (LB), API gateways (API GW), application/L7 load balancers, web application firewalls (WAF), distributed denial of service (DDoS) services, DNS servers, and finally out to a content delivery network (CDN) to cache content close to the end customer.
Page 42: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS42

MICR

OSER

VICE

S AP

PS

Together We Make It Much Easier

Web

App

KIC

SP MS

SP MS

SP MS

SP MS

MONO

LOTH

IC A

PPS

Mgr.

WAFL7LB DNS

NGINX PlusReverse proxyL4-7 LBAPI gatewayPer-app WAF

NGINX Controller F5 BIG IQ

NGINX PlusK8s IC

NGINX PlusSidecar proxy

NGINX PlusWeb server

NGINX UnitApp server

F5 Cloud Services & SilverlineDNSDDoSWAFNGINX Plus CDN

Infrastructure & OpsAppDev & DevOps

F5 BIG IPLocal L4-7 LBGlobal L4-7 LBSSL offloadAdvanced WAFAccess mgmt.L4 firewallSSL orchestrationAnti-DDoSBot detectionCGNAT

CODECUSTOMER

Presenter
Presentation Notes
These platforms not only eliminate the cost and complexity associated with all of the discrete tooling, but also provides a way to enable the teams access to the technology they need to quickly bring new applications to market. Infrastructure & operations teams – including the network team – can manage the frontend services from F5. The application development (AppDev) and DevOps teams can manage the backend application stack in monolithic and microservices environments. And there is flexibility to manage the NGINX Plus deployments in between. In some cases, this NGINX cluster is managed by DevOps teams, sometimes by NetOps teams. You have the flexibility to empower your teams with the right tools to do the job, without having to deploy discrete platforms for each team.
Page 43: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| ©2019 F543

Technology principles to guide our design

Platform-independent

API firstIntegratedsecurity

Open source at our core

Analytics built-in and AI enabled

Applicationcentric

Modular and reusable

Page 44: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS44

Page 45: NGINX – The Details - Containers Today · • Containers and microservices • Open source CI/CD tooling • Freedom to choose a cloud. Code. Customer. Customer’s tell us there

| © F5 NETWORKS45

Follow up material

3 Ways to Connect F5 BIG-IP to Istio : https://youtu.be/dSmjY3flIq4

Sorting Kubernetes with Container Ingress Services : https://youtu.be/Df8FcQ6QSo8

Aspen Mesh Demo : https://youtu.be/jx76WY5On4M

Canary Deployments with Flagger and Aspen Mesh : https://vimeo.com/356766933

The Next Generation of Nginx Ingress Controller : https://youtu.be/k7mpY0YTe7U

Nginx on do you need a service mesh : https://youtu.be/CaCB_PK83AM

Nginx Unit Demo : https://youtu.be/izcCI_TXCYk

DEMOS ONLINE