1 © 2016 Citrix | Confidential
Implementing Docker Load Balancing in MicroservicesInfrastructure
James LeeSolution Architect, Networking ASEAN
AUG, 2016
© 2014 Citrix. Confidential.2 © 2015 Citrix - Confidential© 2015 Citrix - Confidential
Bimodal IT
Mode 1 Mode 2
Sophistication
Infrastructure
Monolithic
Ops DevOps
Application
Containerization
Ease of getting started
On-prem Cloud
© 2014 Citrix. Confidential.3 © 2015 Citrix - Confidential
Apps are Being Broken Down or Repackaged into Containers
• Monolithic apps are broken down into components, Each component itself becomes an app –typically web apps, consumer apps, data bases
• Or, a monolithic app is repackaged as a container
• DevOps teams can focus on each containerized apps for development and scalability
• These containerized apps can seamlessly move from on-prem to the cloud
© 2014 Citrix. Confidential.4 © 2015 Citrix - Confidential
Docker Simplifies Building, Shipping in Containers Docker enables Mode 2 IT and DevOps
•Provides components and libraries in a single object
•Extensive versioning management capabilities simplifies committing to new version and rolling back to older version of code
•Provides for component reuse allowing developers to build on top of existing container apps
.
© 2014 Citrix. Confidential.5 © 2015 Citrix - Confidential
Containerized Apps are Deployed from a Few Tens to Tens of Thousands…
Simple Microservices Highly Complex Microservices: Twitter
Call flows can be simple to complex. Note Death Star like pattern in a complex architecture
.
© 2014 Citrix. Confidential.6 © 2015 Citrix - Confidential
Implement Hub and Spoke for all Microservices Traffic
CPX
Subnet 1 Subnet 3
Subnet 2
CPX
Rate Limit
Surge Queue
•Takes control of call flows through bridging and ACLs to control which apps can
access which apps and rate limiting to protect apps
.
© 2014 Citrix. Confidential.7 © 2015 Citrix - Confidential© 2015 Citrix - Confidential
2007 2009 2011 2016
New AppsTraditional IT
Bimodal IT
Mode 1 Mode 2
© 2014 Citrix. Confidential.8 © 2015 Citrix - Confidential
Packaged as Docker Container
Investment protection• Same code bits container form factor
• Managed like any other NetScaler platform
• Seamless transition from Development to
Production
You Can Deploy In Seconds!
Server
Linux OS
Docker Engine
App
A
bin/libs
App
B
bin/libs
App
C
bin/libs
C
P
Xbin/libs
9 © 2016 Citrix | Confidential
L4-L7 Functionality
• CPX provides L4-L7 services for containerized apps:
• Content Switching
• Responder
• Redirect
• Rewrite
• TCP Optimization
• SSL Offloading: Equivalent set of ciphers as VPX for front end and back end, including support for ECC and TLS 1.2
• DDoS
• DNS load balancing
© 2014 Citrix. Confidential.10 © 2015 Citrix - Confidential
Free Docker and DevOps Friendly ADC: CPX Express
• Free, unlicensed, for developer use
• Same “great taste” as CPX without TCP optimization and Layer 7 DDoS
• Limited to 20 Mbps and 250 SSL connections for US export compliance
NetScaler CPX ExpressContainer
• Licensed, for production
• Full layer 4 to 7 feature set, optimization, security
• 1 Gbps, no limits on SSL connections
NetScaler CPX Container
11 © 2016 Citrix | Confidential
Architect your Microservices with NetScaler CPX and MAS
© 2014 Citrix. Confidential.12 © 2015 Citrix - Confidential© 2015 Citrix - Confidential
NetScaler
[ SDX | MPX | VPX |
CPX ]
NetScaler Management
& Analytics System
Any Orchestration System
NetScaler SD-WAN
[ Physical | VPX ]
any datacenter or cloud
Insights & Alerts
Telemetry
Analysis
W W
AA A
DB DB
Application-centric
Configuration
Policy
Network Functions
Instances
© 2014 Citrix. Confidential.13 © 2015 Citrix - Confidential
© 2014 Citrix. Confidential.14 © 2015 Citrix - Confidential
Client
Microservices
RegisterLookupDiscovery Service
Service Discovery and DNS Services
Keep track of dynamic changes through APIs that describe changes in app environment
© 2014 Citrix. Confidential.15 © 2015 Citrix - Confidential
Client
Microservices
RegisterLookupDiscovery Service
Service Discovery and DNS Services
Keep track of dynamic changes through APIs that describe changes in app environment
© 2014 Citrix. Confidential.16 © 2015 Citrix - Confidential
CPX
NetScalerMAS
Client
Microservices
RegisterLookupDiscovery Service
Events
Keep track of dynamic changes through APIs that describe changes in app environment
MAS interfaces with
service discovery API
and auto-configures
CPX based on
service discovery
events
Service Discovery and DNS Services
© 2014 Citrix. Confidential.17 © 2015 Citrix - Confidential
CPX
NetScalerMAS
Client
Microservices
RegisterLookupDiscovery Service
Events
Call service Choose Service Instance
Dynamic nature of
VIP hosted by CPX is
abstracted from the
client
Keep track of dynamic changes through APIs that describe changes in app environment
Service Discovery and DNS Services
© 2014 Citrix. Confidential.18 © 2015 Citrix - Confidential
Unify North-South and East-West Traffic Handling
MPX/SDX/VPX
CPX CPX
NetScalerMAS
North-South
East-West
© 2014 Citrix. Confidential.19 © 2015 Citrix - Confidential
Config AdviceRecord
and Play
Configuration
Jobs
Configuration Management
Config Audit Duplicating
Configurations
© 2014 Citrix. Confidential.20 © 2015 Citrix - Confidential
Configuration Advice Demo
© 2014 Citrix. Confidential.21 © 2015 Citrix - Confidential
Record and Play Demo
© 2014 Citrix. Confidential.22 © 2015 Citrix - Confidential
Summary
reports and
alerts
Certificate
renewal
workflow
Discovery of
SSL
Certificates
Set and
Enforce
Policy
Proactive
Monitoring
Certificate Management
© 2014 Citrix. Confidential.23 © 2015 Citrix - Confidential
Certificate Management Demo
© 2014 Citrix. Confidential.24 © 2015 Citrix - Confidential
System Wide
RBA
Application
Level
Control
Operational
Control
Group Based
Policies
Across All
Infra
Role Based Access Control
© 2014 Citrix. Confidential.25 © 2015 Citrix - Confidential
Advance RBAC Demo
© 2014 Citrix. Confidential.26 © 2015 Citrix - Confidential
Logging and Analytics
Log Streaming
App Insights
Security Insights
Advanced
Analytics
HDX GWWeb
AppFw
Log aggregation at-scale (thousands of instances)
Per-transaction visibility, reporting, and and roll-ups.
Identify security threats and assess protection levels
Machine-driven triage: scan for anomalies
System
27 © 2016 Citrix | Confidential
CUGC Networking SIG• The place to go for everything related to Networking
• Software-defined networking
• Application delivery controllers
• Next-generation security
• Access exclusive content• Discussion forums, blogs, deployment guides, webinars
• Citrix News sessions
• Connect with peers• Online community within the CUGC
• Open to Citrix customers, partners, employees
Join now: https://www.mycugc.org/page/networking-sig
Google: CUGC Networking SIG
28 © 2016 Citrix | Confidential
https://community.spiceworks.com/pages/citrixsystems?tab=18384
Vendor page
3800+ Followers
15th of 254 Vendors
Forum postings
Links to content
Product reviews with contest
Link to events
Links to guides
Spiceworks Community
29 © 2016 Citrix | Confidential
Stack Overflow Community
Proposal in process
Technical forumsProduct selection
Product discussions
Ads on tagged discussions link to NetScaler content
Work better. Live better.