Hai Huang Hai is a research scientist at IBM T. J. Watson Research Center. He is a contributing member of Kubernetes, Istio, Iter8 and TPM. We are accustomed to having high expectations of our apps. We want a constant stream of new features and bug fixes, and yet, we don’t want these updates to affect our user experience adversely. As a result, these expectations put a tremendous amount of pressure on developers. This is where
When DevOps was coined around 2009, its purpose was to break down silos between development and IT operations. DevOps has since become a game of tug-of-war between the reliability needs of the operations team and the velocity goals on the developer side. Site reliably engineering became that balancer. As Benjamin Treynor Sloss, designer of Google’s SRE program, puts it: “SRE is what happens when you ask a software engineer to design and run operations.” The SRE team has emerged as the answer to how you can build systems at scale, striking that balance between velocity, maintainability and efficiency. It was only logical that this year’s books on site reliability engineering. Of course, almost everyone outside of Google will probably not work on anything at this scale, but, because increasingly distributed systems are constantly integrating with others, Continue reading
As the internet fills every nook and cranny of our lives, it runs into greater complexity for developers, operations engineers, and the organizations that employ them. How do you reduce latency? How do you comply with the regulations of each region or country where you have a virtual presence? How do you keep data near where it’s actually used? For a growing number of organizations, the answer is to use the edge. In this episode of the New Stack Makers podcast, Sheraline Barthelmy, head of product, marketing and customer success for Cox Edge, were joined by The Advantages and Challenges of Going ‘Edge Native’ Also available on Google Podcasts, PlayerFM, Spotify, TuneIn The edge is composed of servers that are physically located close to the customers who will use them — the “last Continue reading
Dana Nehama Dana is product management director for Cloud Networks at Intel. She has deep technical experience in the wireless and telecom networking arenas and collaborates with communities on technology initiatives such as SDN/NFV, cloud native, LTE, WiMAX, VoIP, DOCSIS and more. With core network infrastructure on a rapid path to becoming fully virtualized with cloud native practices, it’s critical for systems developers to be able to efficiently design, produce and deploy reliable applications and services from myriad software, networking and hardware components. I’ve been developing networking products for the telecommunications sector for most of my career, starting in Israel and then immigrating to the United States two decades ago. I’ve always had a systems engineering perspective and a passion for helping service providers better understand how they can more easily consume the latest technologies to build their applications and services. In my most recent role, I was faced with the challenge of how to help communication service providers (CoSPs) accelerate the design and deployment of applications and services running on virtualized, multi-vendor solutions tailored for their unique operating environments. These service providers want to take advantage of the latest-generation platforms and open source software innovations. Collaborating with the CNCF Continue reading
Vishal Jain Vishal Jain is the co-founder and CTO of Valtix. Vishal is a seasoned executive and has held engineering leadership roles across many successful startups and big companies in the networking and security space. Vishal was an early member of Andiamo Systems, Nuova Systems, and Insieme Networks, which were acquired by Cisco Systems. Vishal was also responsible for leading the security engineering team at Akamai and built their live streaming service in their early days. Is Network Security Relevant in the Cloud? Short answers: yes, and no. But the details matter. For the last 15 months, we’ve seen a previously unimaginable acceleration in the use of cloud and greater reliance on technology overall, all of which pushes more app efforts to cloud faster than originally planned. This acceleration brings several discussions to a head, but we’re here to talk about network security (netsec). Within netsec in the cloud, there are a few different ways of segmenting, but where this article will draw the line is between protecting users as they access the cloud and protecting apps deployed into the cloud. The former, protecting users, has seen plenty of investment and innovation and is a relatively well-understood problem. The latter Continue reading
Arrcus, a well-funded edge network software startup that is working to make a name for itself in the expanding multicloud arena. But even as enterprise adoption of multicloud and hybrid cloud strategies continues to rise, he sees the future being at the network and compute edge. “Everybody talks about how you can get benefits from large pools of centralized capacity in the public cloud,” said Ayyar, whose was announced as chairman and CEO on Sept. 15. “What I feel very, very confident about is that this action is almost passé in terms of the clouds, and it’s moving a lot more into the edge. The pendulum is swinging from consolidated and large data centers doing everything to highly distributed and disaggregated infrastructures doing things that are point of consumption, point of sale, Continue reading
Jason Yee Jason is director of advocacy at Gremlin where he helps companies build more resilient systems by learning from how they fail. He also helps lead Gremlin's internal chaos engineering practices to make it more reliable. In the movies, it seems like Tokyo is constantly facing disasters — natural ones in the forms of earthquakes and tsunamis, and unnatural ones like giant kaiju and oversized robots. On the morning of Sept. 1, the mechanized behemoth was Amazon Web Services. At around 7:30 am JST, AWS began experiencing networking issues in its AP-Northeast-1 region based in Tokyo. The outage affected business across all sectors, from financial services to retail stores, travel systems and telecommunications. Despite the troubles with not being able to access money, purchase goods, travel or call each other, the Japanese people demonstrated resilience, proving that at least some things from the movies are true. However, the financial losses due to the outage are expected to be huge. After the six-hour outage, AWS explained the issue
Hannah Culver Hannah is a solutions marketer at PagerDuty interested in how real-time urgent work plays out across all industries in this digital era. It’s a brisk Friday morning in November. You’re sipping your coffee and mentally preparing yourself for the day that’ll define your fiscal year. How will you fare this Black Friday? Are your teams prepared? We’ve all heard the 2020 Holiday Shopping Season Report, “The online holiday season exceeded $188B resulting in a strong growth rate of 32% over the 2019 season.” This trend didn’t start with COVID-19, however. A
Danesh Kuruppu is a technical lead at WSO2, with expertise in microservices, messaging protocols and service governance. Danesh has spearheaded development of Ballerina’s standard libraries including gRPC, data and microservices framework. He has co-authored 'gRPC Up and Running' published by O’Reilly media. If you have built gRPC applications and know about the communication fundamentals, you may already know there are four fundamental communication patterns used in gRPC-based applications: simple RPC, server-side streaming, client-side streaming and bidirectional streaming. In this article, I dive deeper into these communication patterns and discuss the importance of each pattern as well as how to pick the right one, according to the use case. Before I discuss each pattern, I’ll discuss what they have in common, such as how gRPC sends messages between clients and servers over the network and how request/response messages are structured. gRPC over HTTP/2 According to official documentation, the gRPC core supports different transport protocols; however, HTTP/2 is the most common among them. In HTTP/2, communication between a client and a server happens through a single TCP connection. Within the connection, there can be multiple bidirectional flows of bytes, which are called streams. In gRPC terms, one RPC call is mapped to Continue reading
Edge computing is getting more attention of late — because there are advantages to having computing power and data storage near the location where it’s needed. As Edge computing needs grow, users are likely to take a hard look at whether public cloud giants like AWS, Google are their best choice, or whether their local ISP is best suited for the job. ISPs — including cable, DSL and mobile providers — claim to offer benefits when delivering SaaS and other services compared to public cloud providers: low latency, high-bandwidth connections, fewer security vulnerabilities, regional regulation compliance, and greater data sovereignty. While they must also demonstrate that they can deliver services robust enough to meet DevOps needs, ISPs can offer tremendous benefits and fill gaps in current cloud computing offerings. “A key concern cloud customers have when leveraging their microservices architecture for the applications they offer or rely on is how to achieve and maintain ultra-low latency,” said
At this year’s F5 behind the popular open source web server/load balancer and reverse proxy several declarations as to its intentions concerning open source software, undefined upcoming open source releases and its participation in the blog post and during his keynote at Sprint 2.0,
Protocol Labs has launched Jonathan Victor, product manager and business development at
Just like everything in the software development space, especially in today’s cloud native world, fragmentation is everywhere. As with any single category of tool — service meshes, orchestrators and observability tools — you will find multiple “brands” and variations of each tool being used in most organizations. We can identify two main causes for such fragmentation: One is deliberate, and the other is not. Let’s talk about the non-deliberate cause first and how that relates to my own service mesh company
Marco Palladino Marco Palladino is an inventor, software developer and internet entrepreneur based in San Francisco. As the CTO and co-founder of Kong, he is Kong’s co-author, responsible for the design and delivery of the company’s products, while also providing technical thought leadership around APIs and microservices within both Kong and the external software community. Prior to Kong, Marco co-founded Mashape in 2010, which became the largest API marketplace and was acquired by RapidAPI in 2017. With advancements in technology-driven by the Kubernetes — new architectural patterns have emerged to provide decentralized load balancing, yet portable across various platforms and clouds. The old monolithic and centralized load balancer, a technology largely stuck in the early 2000s, becomes deprecated in this new distributed world. The most common breed of load balancers being deployed across every application — centralized load balancers — are a legacy technology. They don’t work well in our new distributed and decentralized world. Remnants of a monolithic legacy way of doing things that did not adapt to modern best practices, centralized load balancers prevent users and organizations from effectively transitioning to the cloud Continue reading
Whenever you run into a network problem, the wise network admin or sysadmin always remembers “It’s always Black Hat USA 2021 security conference Ami Luttwak and head of research simple loophole that allowed them to intercept dynamic DNS (DDNS) traffic going through managed DNS providers like Amazon and Google. And, yes, that includes the DDNS you’re using on your cloud. And, if you think that’s bad, just wait until you see just how trivial this attack is. Our intrepid researchers found that “simply registering certain ‘special’ domains, specifically the name of the name server itself, has unexpected consequences on all other customers using the name server.
Jonathan Bryce Jonathan Bryce, who has spent his career building the cloud, is Executive Director of the Open Infrastructure Foundation. Previously he was a founder of The Rackspace Cloud. He started his career working as a web developer for Rackspace, and during his tenure, he and co-worker Todd Morey had a vision to build a sophisticated web hosting environment where users and businesses alike could turn to design, develop and deploy their ideal website — all without being responsible for procuring the technology, installing it or making sure it is built to be always available. This vision became The Rackspace Cloud. Since then he has been a major driver of OpenStack, the open source cloud software initiative. When the internet began as Arapanet in 1969, it connected one computer at each of four universities. Today, it’s an estimated 50 billion devices, with that number growing each second. The computing architecture originally designed to connect four hard-wired laboratories in the southwest now connects billions of wired and wireless devices globally. On a recent episode of Martin Casado Continue reading
The number of requirements around stability, adoption, maturity, and governance, and joins more than a dozen other graduated projects, such as Helm, Prometheus, Envoy, and Kubernetes. In a press release regarding Linkerd’s graduation, H-E-B is quoted as saying that they didn’t “choose a service mesh based on hype,” and that they “weren’t worried about which mesh had the most marketing behind it.” The service mesh being alluded to here is Istio, which, in the most recent William Morgan. “And the fact that it has attained graduation, that it has this community of enthusiastic and committed adopters, I think it’s pretty remarkable given that context. It’s hard not to talk about Linkerd without also talking about Istio, although I think the reality is, there’s some pretty fundamental philosophical differences between those projects.” Linkerd was created by Buoyant in 2016, and Morgan said its first iterations were rather complex before the project found its focus on simplicity. This simplicity, which starts with Linkerd using Envoy, is a key differentiator for the service mesh, and one of the fundamental philosophical differences Morgan speaks of. “Naturally, as engineers, what you want to do when you’re building infrastructure is, you want to solve every possible problem with this beautiful platform that can do all things for all people,” Morgan said. “I think when you go down that path, which feels very natural to an engineer, you end up with something that is really unwieldy, and that’s complex, and that is fundamentally unsatisfying. It sounds great, but it’s so hard to operate that you never accomplish your goals.” Part of the balancing act, said Morgan, is to deliver all the features of the service mesh around reliability, security, and observability, “without getting mired in all the complexity, without having to hire a team of developers or a team of engineers, service mesh experts, just to run your service mesh.” In the past year, Linkerd has seen a 300% increase in downloads, and part of that acceleration may be attributed to a migration away from Istio due to its complexity. Rather than focusing on moving away from Istio, which he says some users may end up using simply because they see it first, Morgan again focuses on Linkerd’s simplicity as the reason behind its increased adoption. “In the absence of having these marketing bullhorns, these huge marketing budgets, the way that Linkerd has grown has been by word of mouth,” said Morgan. “It’s been like the way that open source projects used to grow. The way that we’ve been able to accomplish that is by having a really clear vision and a really clear message around simplicity.” Another key architectural decision made around simplicity was that Linkerd was made to focus on Kubernetes. An earlier version, said Morgan, was made to work with Mesos, Zookeeper, Kubernetes and others, and they instead decided that they had to go with the “lowest common denominator,” which was Kubernetes. Linkerd’s decision to go with the Rust programming language, rather than Go, C, or C++, was another distinction for the service mesh in its evolution, and one Morgan stands behind. “It was a scary choice, but we did that because we felt that the future of the service mesh, and in fact the future of all cloud native technology, really has to be built in Rust,” he said. “There’s no reason for us, in 2021, to ever write code in C++ or in C anymore. That was a pretty scary, risky, controversial decision at the time, but it’s paid off because now we have the adoption to kind of show it off.” While Morgan calls the project’s CNCF graduation “a nice moment for us to reflect and to be grateful for all the people around the world who worked so hard to get Linkerd to this point,” he says that there is a long roadmap ahead, which includes things like server and client-side policies, and “mesh expansion” to allow the Linkerd data plane to operate outside of Kubernetes. But when your focus is on simplicity, where do you draw the line on additional features? Morgan said that, as a project designer, you have to ask yourself some questions. “What is the maximum number of those problems that I can solve, and then the rest, we’re just not going to solve? Like, that’s the stopping point,” said Morgan. “There are going to be use cases that Linkerd is just not going to solve, and that’s okay. For those folks, I do actually sometimes tell people to use Istio. There’s a set of things that Istio can do, super complicated situations, where I just don’t want Linkerd to be able to solve that because it would be too complicated.” The post Linkerd Graduates CNCF with Focus on Simplicity appeared first on The New Stack.
One of the most interesting internet trends of 2021 is the experimentation going on with decentralized technologies. We’re seeing a blossoming of open source, decentralized internet applications — many of them attempting to provide alternatives to big tech products. Privacy breaches, misinformation, black box algorithms, lack of user control — these are just some of the problems inherent in the proprietary, centralized social media and communications products of Facebook, Twitter, Apple, Google, and others. The question is: can decentralized applications be a panacea? Richard MacManus Richard is senior editor at The New Stack and writes a weekly column about web and application development trends. Previously he founded ReadWriteWeb in 2003 and built it into one of the world’s most influential technology news and analysis sites. In today’s column, I look at an emerging decentralized, open standard for real-time communications: defined as “an open standard for interoperable, decentralized, real-time communication over IP.” Products built on top of Matrix could provide an alternative to using commercial Instant Messaging products like Slack or WhatsApp.
A Go Router reverse proxy removes headers that would let a CF application know it can send and receive HTTP/2 traffic. Such capability could be coded in, bypassing the Go language library entirely, but the project team doesn’t want to take on the responsibility for supporting such a potentially widely-used function. spoke about this challenge at this year’s virtual
Reza Ramezanpour Reza is a developer advocate at Tigera, working to promote adoption of Project Calico. Before joining Tigera, Reza worked as a systems engineer and network administrator. A single Kubernetes cluster expends a small percentage of its total available assigned resources on delivering in-cluster networking. We don’t have to be satisfied with this, though, achieving the lowest possible overhead can provide significant cost savings and performance improvements if you are running network-intensive workloads. This article explores and explains the improvements that can be achieved in Microsoft Azure using Calico instructions for installing Calico’s network policy engine with AKS use a version of Calico that pre-dates eBPF mode. Accelerating Network Performance Test Methodology To show how Calico accelerates AKS network performance using eBPF, the Calico team ran a series of network Continue reading