solo.io / Application Networking Day - Detroit 2022

Featuring Shane O'Donnell. An introduction to SPIFFE and SPIRE, how they relate to each other, and how they work. We'll also take a look at the new SPIRE integration within Istio, and how it differs from the default Istio SPIFFE implementation.

Featuring Nick Nellis. A single cluster mesh deployment just doesn't cut it in most environments today. Enterprises are deploying more Kubernetes clusters than ever before. Applications that used to live in the same cluster may span many and be managed by different teams. This talk will show how Istio and Gloo Mesh has evolved along side these environments to extend the same service mesh features you expect from a single cluster deployment to many.

Featuring Ram Vennam. Istio and Cilium both provide the ability to apply security policies directly to the network without any changes to the application code. This session will cover the differences and overlaps between the two and cover some best practices from the field for implementing both to work together and give you robust control over your entire network stack.

Featuring Jason Skrzypek. Security is a responsibility shared by everyone. Developers and engineers alike should understand how to properly secure their applications and traffic in any environment it may be deployed. This talk will explore how to secure applications with a comprehensive look at how Cilium implements standard and extended security features.

Featuring John Howard, Christian Posta, Lin Sun, and Eitan Yarmush.

Featuring Idit Levine. The last 5 years have been all about building Cloud-native 1.0, deploying Kubernetes, understanding how to containerize applications, and managing daily updates. Those early successes are now leading to a new set of challenges in scalability, security and observability. We're now moving into the Cloud-native 2.0 era, which will require us to apply new technologies and architectures to solve bigger challenges. Learn how the evolution of Istio, Envoy and Cilium will play a critical role in this next stage of cloud-native applications.

Featuring Louis Ryan and Lin Sun. Istio is changing the way Cloud Native developers think about Application Networking concerns such as Routing, Security, and Observability. Join Louis and Lin who both are members of the Istio TOC to learn the state of Istio. We will cover our ongoing efforts to make operating your service mesh boring with Istio and an exciting new model for running your data plane, reducing resource usage, and increasing control over CVE exposure with our ambient sidecarless topology.

Featuring Lawrence Gadban. Istio’s new ambient mesh mode is designed to alleviate challenges associated with the long-standing sidecar-based approach. However, moving from sidecars to a node-level agent fundamentally changes the data path for traffic flowing within the service mesh. As part of the initial release of ambient mesh, a working implementation of the necessary networking configuration was created. Still, there is room for improvement, especially when considering the exciting Linux kernel technology eBPF. In this session we will explore how traditional Istio networking works, what changes were necessary for ambient mesh, and finally we will dig into how eBPF can be used to further enhance ambient mesh.

Featuring Nina Polshakova and Aaron Birkland. Adopting or adapting to Istio Ambient mesh requires new kinds of decisions, engineering considerations, and procedures that might not be familiar to users of classic Istio with Sidecars. With Gloo Mesh, we aim to provide the same capabilities and APIs you are used to, while managing the practical differences between the Sidecar and Sidecarless worlds under the hood. We will explore how Gloo mesh achieves this goal, and explore a few additional knobs Gloo Mesh provides for fine-tuning ambient to optimize particular use cases.

Featuring Will McKinley and Marino Wijay. Istio’s new ambient feature, a sidecar-less operational mode, makes service mesh a first-class citizen of the cloud-native platform. What this means for your services is a friction-less entry into automatically providing zero-trust networking with minimal operational burden to the developer. In this talk, we take a look at resource usage and detail the differences between allocation and utilization and how best to optimize for costs when using ambient.

Featuring Kevin Dorosh.

Featuring Eitan Yarmush. Envoy is an incredibly performant cloud native proxy which is quickly becoming one of the most used pieces of software across our industry. Due to Envoy's popularity, and configurability, quite a few control planes have also been created to dynamically configure Envoy. These include Gloo, Istio, and others. There are now many control planes, but what makes a great control plane. In this talk we'll examine one specific aspect of configuring Envoy, resilience, meaning it's ability to tolerate failures.

Featuring Adam Sayah. HTTP/3 is the latest version of the HyperText Transfer Protocol used wildly in the WEB, Unlike its predecessors (HTTP/1 and HTTP/2), HTTP/3 doesn’t use TCP, and relay on a protocol based on top of UDP, which allows a significant improvement in performance and reducing latency, in this talk:
- We will have an introduction to HTTP
- We will compare HTTP/3 to HTTP/1 and HTTP/2
- We explore QUIC, the new protocol based on UDP that HTTP/3 uses
- We will see how HTTP/3 operates in practice through a demo.

Attending this talk, the attendees will get a better understanding of HTTP/3, a fundamental technology that will accelerate the WEB.

Featuring Christian Posta. Istio ambient mesh is a new sidecarless data plane for Istio that brings some desirable operational benefits, but how does it impact security? In this talk, we will dig into the implementation of Istio ambient and understand how we maintain the properties of zero trust and even improve the security posture of the mesh overall.