1、#CiscoLive#CiscoLiveSundar Srinivasaraghavan Principal ArchitectRavi Jandyala Product Management ArchitectBRKCLD-2019Explore complex�����ities and best Explore complexities and best practices for deploying practices for deploying applications in multi cluster applications in multi cluster service meshser
2、vice mesh 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFin�����d this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or
3、go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.1234https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKCLD-20193Agenda 2023 Cisco and/or its affiliates.All rights �����reserved.Cisco Publi
4、cIntroductionService Mesh Deployment ModelsService Mesh Deployment ChallengesIntroducin����g Cisco CalistiDemoConclusionBRKCLD-20194Introduction 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe new normal is a hyper-distributed,extremely diverse IT landscape.SERVICEPROVIDER
5、SCOLOCATIONSaasSaasSaasSaasSaasSaasSaasSaasSaasSaasCAMPUSBRANCHDATA CENTEREDGE|IOT&OTSECURITYCLOUD PROVIDERSBRKCLD-20196 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeploy and configureinfrastructure onpublic clouds and DCManage apps across�������bare metal,VMs and containers
6、Monitora�����pp performanceDeploy and manageservice meshRight-size andoptimize forperformance and costVisibility across clouds,users,apps and dataConfigure and segmentnetworks and devicesIntegrate and automat����einfra with CI/CD toolsEnforce policiesfor governanceConnect to legacy systemsMap appdependencies
7、Replicate operatingmodel for individual cloudswith hybrid cloud complexity beyond hu������man scale.SERVICEPROVIDERSCOLOCATIONSaasSaasSaasSaasSaasSaasSaasSaasSaasSaasCAMPUSBRANCHDATA CENTEREDGE|IOT&OTSECURITYCLOUD PROVIDERSBRKCLD-20197 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
8、oLiveKubernetes OperationWorker Node CWorker Node BWorker Node AKubernetes Control ������PlaneKubernetes ClusterBRKCLD-20198ApplicationApplicationApplicationApplica����tionApplicationApplicationApplicationApplicationApplicationApplicationApplicationApplication 2023 Cisco and/or its affiliates.All rights reser
9、ved.Cisco Public#CiscoLiveSide������car Proxies and Service MeshIn a generic Kubernetes environment,a containerized application microservi������ce is usually assigned to a dedicated podHowever,several common service functions(such as observability,access policy,encryption,load-balancing,traffic management,etc.)
10、can be standardized and enabled by creating a sidecar within the podThese common ��������services are in turn centrally controlled by the service mesh control planeControl PlaneBRKCLD-20199Application 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplicationContainerAuthenticati
11、onSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsApplicationContainerAuthenticationSecurity Poli����cyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsApplicationContainerAuthenticationSecu�������rity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&
12、MetricsMicroservice Common FunctionsBRKCLD-201910 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAuthenticationSecurity PolicyRequest RoutingConnectionManagemen��������tLoad BalancingLogging&MetricsAuthenticationSecurity PolicyRequest RoutingConne������ctionManagementLoad BalancingLogg
13、ing&MetricsAuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsMicroservice Common FunctionsApplicationContainerApplicationContainerApplicationContainerBRKCLD-201911 2023 Cisco and/or�������� its affiliates.All rights reserved.Cisco Public#CiscoLiveService MeshA Serv
14、ice Mesh Service Mesh enables you to connectconnect,securesecure,controlcontrol and observeobservemicroservicesBenefits:Benefits:Consistent development Consistent deployment Consistent security of microservices Scalability of �������microservice architectureAuthent������icationSecurity PolicyRequest RoutingConne
15、ctionManagementLoad Balancing����Logging&MetricsService MeshApplicationContainerApplicationContainerApplicationContaine�����rBRKCLD-201912 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIstio Service Mesh BenefitsAutomatic load balancing for HTTP,gRPC,WebSocket,and TCP trafficRobu
16、st multicluster connectivityFine-grained control of traffic behavior wit������h rich routing rules,retries,failovers,and fault injectionA pluggable policy layer and configuration API supporting access controls,rate limits and quotasAutomatic metrics,logs,and traces for all traffic within a cluster,includi
17、ng cluster ingress and egressSecure service-to-s�������ervice authentication with strong identity assertions between services in a clustergRPC-Cross-platform Remote,Open Source,High Performace Remote Procedure CallsBRKCLD-201913Service Mesh Deployment Models 2023 Ci������sco and/or its affiliates.All rights rese
18、rved.Cisco Public#CiscoLiveSingle Cluster������� DeploymentSimples�����t DeploymentSingle Mesh/Control PlaneTypically over same subnetEnd to end service visibilitySingle ClusterK8S Control PlaneService Mesh Control PlaneService Mesh Control PlaneService AService AService BService BBRKCLD-201915 2023 Cisco and/o
19、r its affiliates.All rights reserved.Cisco Public#CiscoLiveMulti Cluster DeploymentMultiple optionsSingle or Multiple NetworksSingle or Multiple control planesZones or RegionsDistributed ApplicationsLoadbalancing and Istio GatewaysKubernetes Cluster AK8S Control Plan������e����Kubernetes Cluster BK8S Control
20、PlaneService MeshService MeshService MeshService MeshService Mesh Control PlaneService Mesh Control PlaneService Mesh Control PlaneService Mesh Control PlaneApplicationApplicationBRKCLD-201916 2023 Cisco and/or its affilia��������tes.All rights reserved.Cisco Public#CiscoLiveMultiple NetworksOverlapping IP
21、or VIP ranges for service endpointsservice endpointsCrossing of administrative boundariesFault toleranceScali����ng of network addressesCompliance with standards that require network segmentationBRKCLD-201917Service Mesh Deployment Challenges 2023 Cisco and/or i������ts affiliates.All rights reserved.Cisco Pu
22、blic#CiscoLiveLifecycle managementDisparate/fragmented observabilityMulti-cluster challenges:AvailabilityCross-cluster service discoveryInter-cluster traffic management policyMulti-TenancyService Mesh Deployment C�������hallengesService MeshService MeshRequest RoutingAccessPolicyLoad BalancingLogging&Traci
23、ngAuthenticationConnectionManagementEncryptionT������raffic ManagementMetrics&EventsBRKCLD-201919 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServ����ice Mesh Lifecycle ManagementAuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsService
24、 �������Mesh v1.0Service Mesh v1.1Ap��������plicationContainerApplicationContainerApplicationContainerBRKCLD-201920 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Mesh v1.0 AuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsService Mesh
25、v1.1 AuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsService Mesh Lifecyc�������le ManagementMost service meshes require upgrades every 3 monthsService Meshes are upgraded on a cluster-by-cluster �������basisApplicationContainerApplicationContainerApplicationContainerA
26、pplicationContainerApplicationContainerApplicationContainer�������BRKCLD-201921 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Mesh Observability ChallengesTopology ConsoleTopology ConsoleMetrics UtilityMetrics UtilityEvents ToolEvents ToolLogging OperatorLogging Operato
27、rTracing SystemTracing SystemService MeshService������� MeshRepeat pe������r clusterAggregate&CorrelateRequestRoutingAccessPolicyLoadBalancingLogging&TracingAuthenticationConnectionManagementEncryptionTrafficManagementMetrics&EventsBRKCLD-201922 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
28、iscoLiveEnabling a Multi-Primary Contro������l PlaneKubernetes Cluster AKubernetes Cluster NService meshes can be extended across clusters,such as by extending ��the control plane from a primaryprimary cluster to a remoteremote clusterStable IP Expose Control Plane via Istio GWDeploying multiple control pla
29、nes across clusters,which is called a multimulti-primary control primary control planeplaneK8S Control PlaneK8S Control PlaneService MeshService MeshService MeshService MeshService Mesh Control PlaneService Mesh Control PlaneService Mesh Control PlaneService Mesh Control PlaneApplicatio������nApplicationB
30、RKCLD-201923 2023 Cisco and/or its affiliates.All rights reserved.Ci�������sco Public#CiscoLivePre-planningNetwork CIDRService NamingEnable DNS ProxyIstio GatewayExternal Load balancerExpose services via multiple stepsBRKCLD-201924Introducing Cisco Calisti 2023 Cisco and/or its affiliates.All rights reserv
31、ed.Cisco Public#Cis������coLiveCisco Calisti(Cisco Service Mesh Manager)MultiMulti-cloud,multicloud,multi-cluster observabilitycluster observabi�������lityConnect any onConnect any on-prem and public cloud togetherprem and public cloud togetherSimplifies service mesh managementSimplifies service mesh managementS
32、ingle pane of glass,in depth metricsSingle pane of glass,in depth metricsPolicyPolicy-based app networking&securitybased app networking&securityPolicy manag���ement for DevOps practicesPolicy management for DevOps practicesTraffic management Traffic management ensures smooth app updatesComplete applica
33、tion and health observabilityobservabilitySe��������curitySecurity at all layers between clusters and �����cloudsOperationalize the service meshOperationalize the service meshBRKCLD-201926 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHigh Level ArchitectureBRKCLD-201927 2023 Cisco a
34、nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKey CapabilitiesIstio Distribution�����Mesh Lifecycle ManagementObservability ToolboxMulti-Cluster TopologiesMulti-GatewaySecurity&ComplianceBRKCLD-201928 2023 Cisco and/or its affiliates.All rights reserved.�����Cisco Public#CiscoLiveCisco Calist
35、i SetupInstall Cisco Calisti with full Isti������o control plane and identify Primary K8s cluster./smm install a cluster-name kubernetesExtend Istio control plane to attach a Remote K8s Cluster./smm istio cluster attach-c/.kube/kubeconfig-calisti.yaml/.kube���������/backup-cluster-kubeconfig.yamlEnable sidecar inj
36、ection on a namespace./smm sidecar-proxy auto-inject on defaultBRKCLD-201929 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMe�������sh StatusBRKCLD-201930 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExtend Control Plane across Multi Cluster Primar
37、y ClusterK8S Control PlaneBackup ClusterK8S Control PlaneMesh Expans����ion Gateways Deployed in Backup Cluster(Remote)Gateway reachable IPsCross-cluster endpoint/service discoveryService isolation/limited visibility Service MeshService MeshService MeshService MeshService Mesh Control PlaneService Mesh
38、Control PlaneIstio Mesh Istio Mesh Expansion Expansion GatewayGatewayIstio Mesh Istio Mesh Expansion Expans�����ion GatewayGatewayApplication�����ApplicationBRKCLD-201931 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMesh Expansion GatewaysBRKCLD-201932 2023 Cisco and/or its affil
39、iates.All rig����hts reserved.Cisco Public#CiscoLiveDeploy Application in Multi clusterDeploy few microservices in Primary Cluster./smm demoapp install-s frontpage,catalog,bookings,postgresql-kubeconfig/.kube/kubeconfig-calisti.yamlDeploy remaining microservices in Backup Cluster(Remo�������te)./smm-c/.kube/ba
40、ckup-cluster-kubeconfig.yaml demoapp install-s movies,payments,notifications,analytics,database,mysql-peerBRKCLD-201933 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive�������Multi Cluster Applicat�����ion DeploymentBRKCLD-201934 2023 Cisco and/or its affiliates.All rights reserved.Ci
41、sco Public#CiscoLiveEnabling a Multi-Primary Control PlaneKuberne������tes Cluster AK8S Control PlaneKubernetes Cluster NK8S Control PlaneBenefits:Limited ScopeCluster specific Configuration changesCluster specific impact if control plane is unavailableControlled Configuration rolloutService isolation/lim
42、ited visibilityHigh availabilityCross-cluster endpoint/service discoveryService MeshService MeshService MeshService MeshService Mesh Control PlaneService Mesh Control Pla������neService Mesh Control PlaneService Mesh Control PlaneApplicationApplicationBRKCLD-201935 2023 Cisco and/or its affiliates.All rig
43、hts reserved.Cisco Public#CiscoLiveEnabling Multi-Tenancy and Direct-ConnectK8S Control PlaneK8S Control PlaneTypically,service meshes support only a single gateway per meshCiscos Istio distribution includes a custom resource definition that����� enables multimulti-gateway gateway supportsupport,providin
44、g ingress/egress flexibility and extended policy options,such as������ multi-tenancy support for MSPsAdditionally,Cisco supports direct connectdirect connect,which enables mTLScommunication to a workload from an external clientService MeshService MeshService MeshService MeshService Mesh Control PlaneServi
45、ce Mesh Control PlaneService �����Mesh Control PlaneService Mesh Control PlaneGatewayGatewayGatewayGatewayGatewayGatewayExternal ClientExternal ClientGatewayGatewayApplicationApplicationBRKCLD-201936Demo 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicKey Takeaways from DemoCalisti Dashb
46、oardMicroservices TopologyIntegrated Observability ToolsMe������tricsTracesTraffic TapCustom Application deployment across multi-clusterTraffic manage�����mentBRKCLD-201938 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicConclusionTargeted Use Cases for Multi cluster Service MeshMulti Network
47、DeploymentCross-cluster Service Discovery Cisco Calisti for Istio Opera�������tionsObservability ToolboxMulti Cluster TopologiesMulti Gateway supportBRKCLD-201939 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of fou
48、r session surveys and the overall event survey will get Cisco Live-branded so�����cks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Ch������allenge for every survey completed.BRK
49、CL���D-201940 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more
50、 sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive43Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at ��������the top.Click the+at the bottom of the screen and scan the QR code:How:123443 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKCLD-2019#CiscoLive
sgpjbg002
工作日 8:30 - 17:30
报告分类
