![Page 2: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/2.jpg)
Linkerd (“linker-dee”) is an open source service mesh for cloud-native applications
github.com/linkerd/linkerd
slack.linkerd.iolinkerd.io
![Page 3: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/3.jpg)
13 months old
600+ Slack channel members
1600+ Github stars
200k+ Docker Hub pulls
30+ contributors
20+ confirmed prod users
100b+ production requests
CENSORED
CENSORED
CENSOREDBy the numbers
![Page 4: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/4.jpg)
A dedicated infrastructure layer for service-to-service communication.
Decoupled from the application.
Focused on services and requests.
What’s a service mesh?
![Page 5: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/5.jpg)
datacenter
[1] physical
[2] link
[3] network
[4] transportkubernetes, DC/OS, swarm, … canal, weave, …
aws, azure, digitalocean, gce, …
business languages, libraries[7] application
[5] session
[6] presentation JSON, protobuf, thrift, …
http/2, http, mux, …
service mesh
![Page 6: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/6.jpg)
Because service-to-service (“east-west”) communication needs to be monitored,
managed, and controlled.
Why do I need a service mesh?
![Page 7: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/7.jpg)
![Page 8: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/8.jpg)
You weren’t running containerized microservices in an orchestrated
environment before.
But I never needed this before!
![Page 9: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/9.jpg)
![Page 10: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/10.jpg)
1. Linkerd is deployed per-host or per-pod.
2. It acts as a transparent proxy + reverse proxy for internal requests.
3. Applications send their HTTP/gRPC/… calls through their local Linkerd instance
4. That’s it!
How does it work?
![Page 11: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/11.jpg)
The Linkerd service mesh
Service C
Service B
Service A
linkerd
Service C
Service B
Service A
linkerd
Service C
Service B
Service A
linkerd
application HTTPproxied HTTPmonitoring & control
Node 1 Node 2 Node 3
![Page 12: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/12.jpg)
Adds reliability: latency-aware load balancing, circuit breaking, retry budgets, deadlines
Decouples transport protocol from app protocol: transparent TLS, HTTP/1.1 -> HTTP/2, …
Sanitized naming: decouples architectural names (the “users” service”) from deployment names (“DC1/prod/users/v4”)
What does it do?
![Page 13: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/13.jpg)
Adds logical routing and traffic shifting: routing rules give runtime control over logical -> concrete mapping
Glues worlds: multiple SDs, e.g. merge K8s and non-K8s service namespaces!
Failover and hybrid cloud: unified routing layer
Consistent, global metrics! Provides distributed traces and top-line metrics like success rates and latencies
What does it do? (Part II)
![Page 14: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/14.jpg)
But Kubernetes already has load balancing / service discovery / …
![Page 15: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/15.jpg)
Some examples
![Page 16: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/16.jpg)
Timeouts
timelines
users
web
db
timeout=400ms retries=3
timeout=400ms retries=2
timeout=200ms retries=3
timelines
users
web
db
![Page 17: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/17.jpg)
Timeouts
timelines
users
web
db
timeout=400ms retries=3
timeout=400ms retries=2
timeout=200ms retries=3
timelines
users
web
db
800ms!
600ms!
![Page 18: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/18.jpg)
Deadlines
timelines
users
web
db
timeout=400ms
deadline=323ms
deadline=210ms
77ms elapsed
113ms elapsed
![Page 19: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/19.jpg)
Retries
Typical:
retries=3
![Page 20: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/20.jpg)
Retries
Typical:
retries=3worst-case: 300% more load!!!
![Page 21: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/21.jpg)
Budgets
Typical:
retries=3
Better: retryBudget=20%
worst-case: 300% more load!!!
worst-case: 20% more load
![Page 22: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/22.jpg)
lb algorithms:
• round-robin
• fewest connections
• queue depth
• exponentially-weighted moving average (EWMA)
• aperture
Request-level load balancing
![Page 23: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/23.jpg)
Linkers and Loaders, John R. Levine, Academic Press
![Page 24: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/24.jpg)
A linker for your datacenter
![Page 25: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/25.jpg)
Logical namingapplications refer to logical names
requests are bound to concrete names
mapping from logical to concrete is routing
/svc/users
/#/io.l5d.k8s/prod/users /#/io.l5d.k8s/staging/users
/svc => /#/io.l5d.k8s/prod
![Page 26: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/26.jpg)
Per-request routing: staging
GET / HTTP/1.1Host: mysite.com l5d-dtab: /svc/B => /svc/B2
![Page 27: linkerd CNCF webinar · 2020. 8. 31. · 200k+ Docker Hub pulls 30+ contributors 20+ confirmed prod users 100b+ production requests CENSORED CENSORED By the numbers CENSORED. A dedicated](https://reader033.vdocuments.us/reader033/viewer/2022051805/5ff3f1b856ec4f79d17a794e/html5/thumbnails/27.jpg)
Per-request routing: debug proxy
GET / HTTP/1.1Host: mysite.coml5d-dtab: /svc/E => /svc/P/svc/E