1 © 2016 Citrix | Confidential

Implementing Docker Load Balancing in MicroservicesInfrastructure

James LeeSolution Architect, Networking ASEAN

James.lee@citrix.com

AUG, 2016

© 2014 Citrix. Confidential.2 © 2015 Citrix - Confidential© 2015 Citrix - Confidential

Bimodal IT

Mode 1 Mode 2

Sophistication

Infrastructure

Monolithic

Ops DevOps

Application

Containerization

Ease of getting started

On-prem Cloud

© 2014 Citrix. Confidential.3 © 2015 Citrix - Confidential

Apps are Being Broken Down or Repackaged into Containers

• Monolithic apps are broken down into components, Each component itself becomes an app –typically web apps, consumer apps, data bases

• Or, a monolithic app is repackaged as a container

• DevOps teams can focus on each containerized apps for development and scalability

• These containerized apps can seamlessly move from on-prem to the cloud

© 2014 Citrix. Confidential.4 © 2015 Citrix - Confidential

Docker Simplifies Building, Shipping in Containers Docker enables Mode 2 IT and DevOps

•Provides components and libraries in a single object

•Extensive versioning management capabilities simplifies committing to new version and rolling back to older version of code

•Provides for component reuse allowing developers to build on top of existing container apps

.

© 2014 Citrix. Confidential.5 © 2015 Citrix - Confidential

Containerized Apps are Deployed from a Few Tens to Tens of Thousands…

Simple Microservices Highly Complex Microservices: Twitter

Call flows can be simple to complex. Note Death Star like pattern in a complex architecture

.

© 2014 Citrix. Confidential.6 © 2015 Citrix - Confidential

Implement Hub and Spoke for all Microservices Traffic

CPX

Subnet 1 Subnet 3

Subnet 2

CPX

Rate Limit

Surge Queue

•Takes control of call flows through bridging and ACLs to control which apps can

access which apps and rate limiting to protect apps

.

© 2014 Citrix. Confidential.7 © 2015 Citrix - Confidential© 2015 Citrix - Confidential

2007 2009 2011 2016

New AppsTraditional IT

Bimodal IT

Mode 1 Mode 2

© 2014 Citrix. Confidential.8 © 2015 Citrix - Confidential

Packaged as Docker Container

Investment protection• Same code bits container form factor

• Managed like any other NetScaler platform

• Seamless transition from Development to

Production

You Can Deploy In Seconds!

Server

Linux OS

Docker Engine

App

A

bin/libs

App

B

bin/libs

App

C

bin/libs

C

P

Xbin/libs

9 © 2016 Citrix | Confidential

L4-L7 Functionality

• CPX provides L4-L7 services for containerized apps:

• Content Switching

• Responder

• Redirect

• Rewrite

• TCP Optimization

• SSL Offloading: Equivalent set of ciphers as VPX for front end and back end, including support for ECC and TLS 1.2

• DDoS

• DNS load balancing

© 2014 Citrix. Confidential.10 © 2015 Citrix - Confidential

Free Docker and DevOps Friendly ADC: CPX Express

• Free, unlicensed, for developer use

• Same “great taste” as CPX without TCP optimization and Layer 7 DDoS

• Limited to 20 Mbps and 250 SSL connections for US export compliance

NetScaler CPX ExpressContainer

• Licensed, for production

• Full layer 4 to 7 feature set, optimization, security

• 1 Gbps, no limits on SSL connections

NetScaler CPX Container

11 © 2016 Citrix | Confidential

Architect your Microservices with NetScaler CPX and MAS

© 2014 Citrix. Confidential.12 © 2015 Citrix - Confidential© 2015 Citrix - Confidential

NetScaler

[ SDX | MPX | VPX |

CPX ]

NetScaler Management

& Analytics System

Any Orchestration System

NetScaler SD-WAN

[ Physical | VPX ]

any datacenter or cloud

Insights & Alerts

Telemetry

Analysis

W W

AA A

DB DB

Application-centric

Configuration

Policy

Network Functions

Instances

© 2014 Citrix. Confidential.13 © 2015 Citrix - Confidential

© 2014 Citrix. Confidential.14 © 2015 Citrix - Confidential

Client

Microservices

RegisterLookupDiscovery Service

Service Discovery and DNS Services

Keep track of dynamic changes through APIs that describe changes in app environment

© 2014 Citrix. Confidential.15 © 2015 Citrix - Confidential

Client

Microservices

RegisterLookupDiscovery Service

Service Discovery and DNS Services

Keep track of dynamic changes through APIs that describe changes in app environment

© 2014 Citrix. Confidential.16 © 2015 Citrix - Confidential

CPX

NetScalerMAS

Client

Microservices

RegisterLookupDiscovery Service

Events

Keep track of dynamic changes through APIs that describe changes in app environment

MAS interfaces with

service discovery API

and auto-configures

CPX based on

service discovery

events

Service Discovery and DNS Services

© 2014 Citrix. Confidential.17 © 2015 Citrix - Confidential

CPX

NetScalerMAS

Client

Microservices

RegisterLookupDiscovery Service

Events

Call service Choose Service Instance

Dynamic nature of

VIP hosted by CPX is

abstracted from the

client

Keep track of dynamic changes through APIs that describe changes in app environment

Service Discovery and DNS Services

© 2014 Citrix. Confidential.18 © 2015 Citrix - Confidential

Unify North-South and East-West Traffic Handling

MPX/SDX/VPX

CPX CPX

NetScalerMAS

North-South

East-West

© 2014 Citrix. Confidential.19 © 2015 Citrix - Confidential

Config AdviceRecord

and Play

Configuration

Jobs

Configuration Management

Config Audit Duplicating

Configurations

© 2014 Citrix. Confidential.20 © 2015 Citrix - Confidential

Configuration Advice Demo

© 2014 Citrix. Confidential.21 © 2015 Citrix - Confidential

Record and Play Demo

© 2014 Citrix. Confidential.22 © 2015 Citrix - Confidential

Summary

reports and

alerts

Certificate

renewal

workflow

Discovery of

SSL

Certificates

Set and

Enforce

Policy

Proactive

Monitoring

Certificate Management

© 2014 Citrix. Confidential.23 © 2015 Citrix - Confidential

Certificate Management Demo

© 2014 Citrix. Confidential.24 © 2015 Citrix - Confidential

System Wide

RBA

Application

Level

Control

Operational

Control

Group Based

Policies

Across All

Infra

Role Based Access Control

© 2014 Citrix. Confidential.25 © 2015 Citrix - Confidential

Advance RBAC Demo

© 2014 Citrix. Confidential.26 © 2015 Citrix - Confidential

Logging and Analytics

Log Streaming

App Insights

Security Insights

Advanced

Analytics

HDX GWWeb

AppFw

Log aggregation at-scale (thousands of instances)

Per-transaction visibility, reporting, and and roll-ups.

Identify security threats and assess protection levels

Machine-driven triage: scan for anomalies

System

27 © 2016 Citrix | Confidential

CUGC Networking SIG• The place to go for everything related to Networking

• Software-defined networking

• Application delivery controllers

• Next-generation security

• Access exclusive content• Discussion forums, blogs, deployment guides, webinars

• Citrix News sessions

• Connect with peers• Online community within the CUGC

• Open to Citrix customers, partners, employees

Join now: https://www.mycugc.org/page/networking-sig

Google: CUGC Networking SIG

28 © 2016 Citrix | Confidential

https://community.spiceworks.com/pages/citrixsystems?tab=18384

Vendor page

3800+ Followers

15th of 254 Vendors

Forum postings

Links to content

Product reviews with contest

Link to events

Links to guides

Spiceworks Community

29 © 2016 Citrix | Confidential

Stack Overflow Community

Proposal in process

Technical forumsProduct selection

Product discussions

Ads on tagged discussions link to NetScaler content

Work better. Live better.