Get ready for a deep dive into the world of hybrid cloud-native networking! We're about to explore a topic that's as complex as it is crucial for modern enterprises. But here's the catch: no one seems to have a clear definition of what it actually means. So, buckle up as we navigate the challenges and opportunities of this evolving landscape.
The Speaker's Background
Our guide on this journey is Louis Ryan, a seasoned professional with a unique perspective. He's not your typical networking expert; his expertise lies in applications, APIs, and services. Louis has a decade of experience running Google's API management platform and has contributed to open-source projects like gRPC and Istio. Now, he's with Solo, a company focused on cloud-native hybrid networking.
Why You Should Listen
Despite his non-networking background, Louis has some strong opinions about the role and potential of networks. He believes networks should be more than just bit-shoving machines; they should elevate their functionality to better serve applications. This is a critical perspective for anyone involved in operations, platform management, or decision-making within an enterprise.
Elevating Network Functionality
Networks have come a long way in terms of speed, but they often fall short when it comes to providing useful abstractions and features for applications. Louis argues that networks should be designed to compose and work together, creating higher-level systems and capabilities. This approach would make networks more adaptable and cost-effective, especially in hybrid environments where consistency is key.
The IP Address Dilemma
One of the biggest challenges, according to Louis, is our obsession with IP addresses. He jokes about having 'Big IP' problems, a play on the term 'Big Pharma'. The IP address dominates how we think about networks, but applications couldn't care less about them. They communicate through services and APIs, and the IP address is just an implementation detail that should be shielded from the application layer.
The Need for Identity
Louis proposes a radical idea: giving identities to everything on the network. This would revolutionize network security and application communication. With verifiable identities, the entire firewall industry would need to adapt, and applications could be designed with more robust authorization policies. While solutions to this problem exist, they haven't been integrated into the network in a way that's easily accessible to applications.
The Proxy Pattern
Many organizations adopt a 'hairpin' pattern, using a big proxy to funnel all traffic. While this gives them control, it also introduces single points of failure and organizational complexities. The proxy and its associated policy store can become siloed, leading to inefficiencies and friction within the organization. Louis suggests that policy must compose, allowing individual teams to write specific policies without creating organizational barriers.
Cloud-Native and Repeatability
Cloud-native technologies like Kubernetes embrace eventual consistency, and Louis believes this concept should extend to policy and composability. Networks should be treated as 'cattle', not 'pets', meaning they should be designed to be flexible and repeatable. This would allow applications to run anywhere without being tied to specific network configurations.
The Role of Commodity Infrastructure
Commodity infrastructure, like nginx and Envoy proxy, has revolutionized ingress. These tools provide powerful policy systems and can run anywhere, offering consistency and ease of use. Louis argues that this approach should be extended to policy controls, allowing organizations to manage a vast array of policies, from AI token management to PCI controls, in a consistent manner.
Conclusion
Louis doesn't promote a specific solution but shares his belief in the potential of service mesh technology to address these challenges. He encourages a shift in thinking about networks, moving away from infrastructure-centric policies to policies rooted in organizational structure. By doing so, we can create more sustainable, secure, and adaptable networks.
Q&A
A participant asks about the relationship between application-to-application communication protocols (like mTLS and JWT) and firewall rules. Louis emphasizes the need for a unified policy language that can compile down to various systems, ensuring a common posture and reducing the risk of implicit dependencies.
