►
Description
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Service Mesh: A Hole in the Pocket?- Venil Noronha & John Murray, Stripe
Service meshes provides a wide range of capabilities including flexible configuration, high fidelity observability, and is transparent to user applications. However, this power, despite it's (often) open-source nature, does not come cheap. In the age of public cloud, vendors typically charge users on several axes of usage. When using a feature like traffic shaping, if not careful, cross-availability-zone traffic can quickly increase spend. High fidelity metrics are useful to operators, but default service mesh configurations can easily overwhelm systems, and users too. Suboptimal defaults coupled with user-local dashboards leads to high cardinality metrics further increasing costs of metrics storage solutions. Yet another area of spend is access logging. While being extremely important to diagnose runtime issues, access logs can quickly become a $$$ drain. The default policy of logging each request is not the best configuration for most users, and organizations need to craft these policies based on their unique environments. In this talk, we will talk about costs we've encountered when using a service mesh at scale at Stripe. We will also discuss some strategies we have in place for reducing spend, and other techniques to improve the overall experience with service meshes.
A
Thank
you
for
attending
our
talk
today,
service
mesh,
a
hole
in
the
pocket
a
little
bit
about
your
presenters
today.
My
name
is
john
murray.
I
am
a
engineer
on
the
service
networking
team
at
strength.
I'm
building
our
internal
service
mesh.
I
am
an
occasional
envoy
contributor
when
they
need
arises
and
outside
of
work.
I
am
a
sequel
plus
enthusiast.
B
A
Okay,
so
let's
jump
into
the
process
of
service
mesh
first
is
simplified
application
network
radio
features
like
load,
balancing
circuit,
breaking
retries
and
the
service
measures.
You
know
about
all
these
teachers
in
a
way
that's
really
easy
to
take
advantage
of
for
application
owners
right.
It
may
be
simple,
specifying
a
few
headers
on
the
request
and
this
works
across
different
languages
and
frameworks.
A
Okay.
So
what
are
the
costs
of
running
a
service
mesh
at
a
high
level?
There's
explicit
costs,
so
this
is
the
cost
that
we
typically
think
about
up
front
when
we're
doing
a
research
and
we're
deciding
on
whether
we
want
to
adopt
a
service
mesh
or
not.
There's
the
hidden
costs
right.
The
costs
that
you're,
typically
not
going
to
think
about
before
adopting
you're,
usually
going
to
find
this
after
you've
adopted,
implemented
and
kind
of
ran
with
the
service
mesh
for
a
while.
A
There's
integration
cost
right,
which
is
what
does
it
cost
to
kind
of
hook?
My
service
mesh
up
to
two
other
third-party
services,
we'll
see
what
those
are
in
a
little
bit
developer
costs.
You
know
it's
it's
not
necessarily
free
for
developers
to
to
build
on
top
of
the
service
mesh.
So
what
does
it
take
to
provide
that
level
of
education
and
productivity
that
you
want
to
deliver
to
your
developers
for
them
to
be
effective?
A
First
is
cpu
right
and
under
the
here,
I'm
just
configured
quota
right
because
it's
sometimes
too
easy
to
maybe
provide
too
much
cpu
and
you're
just
kind
of
burning
money
or
try
too
little,
maybe
you're,
impacting
kind
of
your
latency
overhead
same
kind
of
goes
for
memory.
Where
you
can,
you
can
allocate
too
much
and
you're
just
kind
of
burning
money
allocate
too
little
and
you
may
be
impacting
the
performance
of
your
applications.
A
Latency
misconfigured
concurrency,
so
you
know
different
ways
you
can
configure
your
service
mesh
and
how
much
resources
it
takes
up
can
also
impact
kind
of
that
latency
yeah.
So
these
are.
These
are
the
calls.
These
are
things
we
think
about
right,
like
how
how
much
money
is
it
gonna?
Is
it
gonna
cost
to
actually
run
this
new
code
on
all
of
my
machines
and
what
is
the
the
latency
I'm
going
to
expect
to
add
to
all
of
my
requests
that
are
all
the
requests
that
are
fluent
in
service
mesh?
A
A
A
This
can
kind
of
turn
into
a
star
pattern,
sometimes
with
service
meshes.
So
the
you
have
to
be
careful
about
how
much
traffic
you're
generating
health
checks
and
other
features
like
hedging
and
retries
these.
These
are
reliability
features.
These
are
probably
features
we
want,
but
we
need
to
understand
that
they're
not
necessarily
free
and
we
are
going
to
be
generating
more
network
costs
by
using
them.
A
Okay.
So
next
up
is
integration
costs,
so
we
can
think
first
with
like
metrics
right,
the
service
mesh
is
is
generates
a
ton
of
metrics.
It
generates
metrics
that
are
uniform
across
a
bunch
of
types
of
applications,
so
they're
highly
useful
for
debugging
your
system
understanding
your
system.
However,
sometimes
they
can
generate
a
rather
insane
amount
of
metrics,
probably
more
than
you
need
and
you're
gonna
have
to
think
about
the
cost
associated
with
storing
those
and
the
vendor
cost
right.
A
So,
if
you're
uploading
to
the
cloud,
those
kind
of
your
vendor
costs,
if
you're,
even
if
you're
running
your
own
internal
metric
system
like
a
prometheus
store,
you're
going
to
think
about
all
the
prometheus
clusters,
you're
going
to
have
to
run
to
support
the
metrics
coming
from
your
service,
mesh
log
storage
is
the
same
way.
Service
mesh
can
produce
uniform
access
logging,
which
can
be
super
useful
for
for
debugging
and
troubleshooting
heterogeneous
systems.
But
again,
like
you
know,
that's
it
can
get
very
costly
very
quickly
and
you
can
be
generating.
A
You
know
terabytes
or
more
of
data
every
day
every
hour.
So
it's
definitely
something
to
consider
and
in
the
same
vein
as
log
storage
is
distributed,
tracing
right,
you
know
you
you're
going
to
be
generating
a
lot
of
different
spans.
So
you
need
to
think
up
front
if
that's
a
feature,
you
want
to
use
how
much
you're
going
to
allocate
for
storage
costs,
okay,
so
developer
costs.
A
This
mainly
goes
down
to
education,
so
you're
going
to
need
to
kind
of
train
your
developers
on
like
how
to
debug
and
troubleshoot
certain
errors
that
may
arise
from
the
service,
mesh
or
use
of
the
service
mesh
and
then
kind
of
teach
them
code
patterns
to
use
and
avoid
right.
So
this
is
kind
of
really
understanding
the
interfaces
of
the
surface
mesh
and
how
to
work
with
it.
A
First,
up
is
kind
of
maintenance
right.
This
may
be
something
like
cve
patches.
Any
things
you
have
to
do.
You
have
to
stay
secure,
so
you
need
to
spend
the
time
to
to
patch
your
surface
smash
with
a
lot
of
all
the
fixes
you
may
have
other
patches
as
well.
They're,
just
kind
of
like
bug
fix
patches
that
you
may
find
service
mesh
typically
represent
a
lot
of
different
traffic
patterns,
and
not
all
of
those
patterns
have
equal
coverage
from
your
upstream,
like
provider
of
that
open
source
software.
A
So
you
may
need
to
find
your
fixing
stuff
yourself,
sometimes
api
compatibility
and
upgrades.
So
looking
at
the
envoy
ecosystem
as
an
example,
the
xds,
the
migration
from
b2
to
d3
involved
a
lot
of
work
and
potentially
down
the
road.
A
v3
and
b4
migration
in
that
configuration
language
will
also
involve
a
fair
bit
of
work,
which
kind
of
scales
as
your
fleet
size
grows,
operations,
data
plane,
upgrades
right
if
you're
deploying
a
mesh
and
a
sidecar
pattern.
A
This
may
just
be
a
lot
of
nodes
to
update
a
lot
of
time
spent
doing
those
upgrades
control,
plane
upgrades
they
may
fall
into
the
same
boat.
You
may
be
using
a
central
control
point,
in
which
case
your
upgrades
are
faster,
but
they're
also
much
riskier
more
dangerous,
so
there's
just
additional
time
taken
to
make
sure
you
get
that
right
and
things
like
sort
rotations
like
these
things.
All
these
things
just
kind
of
take
time.
A
Troubleshooting
is
the
next
big
one.
We
talked
about
developer
education
and
how
that's
important
for
our
users
to
understand
how
to
troubleshoot
errors
and
work
with
service
mesh,
but
their
service
measure
locations
can
just
be
a
lot.
You
know
they're
built
very
generally
to
serve
a
lot
of
different
use
cases,
and-
and
so
you
know,
when
there's
a
critical
service
having
issues
it
can
be
really
hard
to
be
to
tell
them
like
go.
Read
this
giant
body
of
documentation
and,
like
you'll,
be
able
to
figure
out
your
own
problem.
A
Sometimes
you
just
have
to
jump
in
get
things
fixed,
get
things
up
and
running,
so
your
team
operating
service
smash
will
probably
spend
a
fair
amount
of
their
time,
troubleshooting
and
lastly,
ownership
of
client
libraries
again
in
developer
education.
We
talked
about
patterns
and
practices
when
working
with
a
service
mesh,
you
may
decide
that
it's
easier
to
take
those
patterns
and
practices
and
implement
them
inside
of
a
client
library
that
you
distribute
to
your
users.
But
again,
this
is
you
know
another
form
or
another
another
way
of
cost.
B
B
The
first
strategy
is
to
understand,
defaults
service
meshes
and
proxies
come
with
default
configurations
which
can
affect
the
proxy's
behavior
of
routing
requests
or
the
amount
of
data
generated
by
these
service
meshes.
Therefore,
it
becomes
important
to
understand
these
defaults
in
order
to
control
costs.
B
B
B
The
final
strategy
here
is
to
perform
easy.
Our
routing
ac
stands
for
availability
zones,
cloud
vendor
vendors
typically
have
policies
for
networking
and
io,
and
when
your
requests
cross
easy
borders,
it's
going
to
cost
you.
It
becomes
then
important
to
identify
services
that
are
routing
across
acs
and
also
ways
to
minimize
cross
easy
traffic.
B
B
You
can
also
configure
on
voice
concurrency,
which
basically
is
the
number
of
worker
threads.
That
envoy
must
use
for
request.
Processing
onward
also
comes
with
default,
retry
and
circuit
breaker
configurations
which
affects
the
way
requests
are
routed
to
your
system
by
default
onward
generates
a
lot
of
stats,
so
it
becomes
important
for
you
to
figure
out
which
of
these
are
meaningful
and
which
ones
to
discard.
B
If
you
leave
circuit,
breaker
or
retract
configurations
to
default,
it
can
affect
the
way
your
requests
are
routed
through
your
system
in
a
failure
scenario
and
that
can
increase
your
network
usage,
thereby
increasing
costs
and,
as
I
said,
metrics
by
default,
can
overwhelm
your
metric
system.
So
understanding
the
default
behavior
of
your
service
meshes
or
proxies
is
important
to
cut
down
costs
associated
with
metrics.
B
B
It
therefore
becomes
important
to
identify
what
is
your
use
case
for
access
box.
In
some
cases
you
may
want
to
use
access
logs
for
incident
remediation,
but
in
other
cases
you
may
want
to
use
this
for
long
term
learning,
for
example,
to
visualize
a
service
graph
of
all
the
components
in
your
system.
B
B
B
B
You
can
think
of
simplifying
matrix
by
either
filtering
out
irrelevant
metrics
or
you
can
also
think
of
combining
metrics
from
different
sources
in
order
to
provide
a
unified
view,
so
that
it
is
easier
to
understand
them
and
at
the
same
time
you
do
not
store
all
of
these
metrics,
which
can
increase
your
costs
at
stripe.
If
we
do
not
control
the
way
metrics
are
generated,
it
has
the
capacity
to
quickly
consume
a
majority
of
our
metrics
budget.
B
B
B
B
One
thing
that
comes
to
mind
here
is
to
hand
over
the
ownership
of
client
libraries
to
the
networking
team.
By
doing
that,
the
networking
team
can
instrument
these
client
libraries
to
aid
troubleshooting,
but
at
the
same
time,
it
becomes
difficult
to
figure
out
where
to
draw
the
line
between
this
team
owning
network
interfaces
versus
business
abstractions.
B
Another
important
aspect
is
developer
education.
What
can
we
do
to
educate
developers
about
service
mesh
behavior?
Here
we
are
talking
about
application
developers.
Can
service
mesh?
Is
the
100
transparent
to
service
owners,
or
do
we
need
to
build
higher
level
abstractions
or
write
huge
documentation
in
order
to
educate
developers.
B
B
B
B
We
do
think
that
service
meshes
can
solve
interesting
challenges
for
you,
but
you
need
to
be
very
intentional
about
what
features
you
require
from
a
service
mesh.
You
need
to
understand
what
features
to
enable
what
are
its
defaults?
What
sort
of
logs
and
metrics
can
these
features
generate
and
how
much
of
your
budget
can
it
consume?