The document discusses using NATS as a service mesh. It describes how NATS can provide service discovery, security, metrics, tracing, load balancing and routing control similarly to other service meshes. While NATS can inherently perform some service mesh functions through pub/sub and request/reply patterns, it may not replace a full-featured service mesh like Istio and additional capabilities like circuit breaking would need to be implemented. Other resources are recommended to learn more about building a NATS service mesh and its capabilities.

1. © 2020 Cingulara, Inc.
NATS as a Service Mesh
Using the power and simplicity of NATS to create a service mesh

2. © 2020 Cingulara, Inc.
Table of Contents
■ Define Service Mesh
■ NATS Service Discovery
■ NATS Security
■ NATS Metrics
■ NATS Tracing
■ NATS Load Balancing
■ NATS Routing Control

3. © 2020 Cingulara, Inc.
Define Service Mesh
What is a Service Mesh, Where would you use it, Why would you use it

4. © 2020 Cingulara, Inc.
What is a Service Mesh?
❏ Infrastructure Layer for your applications
❏ Helps with interactions between / among services and microservices
❏ Service Discovery (eventual consistency, distributed caching)
❏ Load Balancing (least request, hashing, zone/latency aware)
❏ Communication Resiliency (retries, timeouts, circuit-breaking, rate limiting)
❏ Security (end-to-end encryption, AuthN, AuthZ, ACLs)
❏ Observability (metrics, tracing, alerts, control theory a.k.a. MipsyTipsy)
❏ Routing Control (traffic shifting, mirroring)
❏ API (programmable, K8s CRDs)
❏ Automated Rollouts (canary, blue/green)
❏ Fault Injection (add a timeout or error to test its resiliency)

5. © 2020 Cingulara, Inc.
Why Use a Service Mesh
❏ Mutual TLS implementation (security both ways)
❏ Put complexity into your framework, not your services
❏ Ephemeral containers moving around a Kubernetes type orchestration system
❏ Hype Engine
❏ “Read it on Twitter”
❏ “Saw it at KubeCon”
IMPORTANT TO NOTE:
❏ Make sure you need it, you can implement it, you can support it
❏ If you are asking “Do I need a service mesh” you may not...

6. © 2020 Cingulara, Inc.
Where are Service Meshes Used
❏ You see a lot in Kubernetes
❏ Istio (K8s native, Aspen Mesh, Tetrate and Red Hat OpenShift’s)
❏ Linkerd
❏ Kong Kuma
❏ Hashicorp Consul Service Mesh
❏ Used with larger, more complex systems where appropriate
❏ Used to solve those problems as they come up

7. © 2020 Cingulara, Inc.
NATS Service Discovery
NATS and Service Discovery

8. © 2020 Cingulara, Inc.
Service Discovery in Service Mesh
❏ Answers the “Hey where are you?”
❏ Think multiple services or microservices
❏ You need to know where each other are
❏ Can call by IP or Name, but you need to
know what that is
❏ Picture to right is from the Istio docs
online
❏ Hint: there is a registry that keeps track
of where the services are

9. © 2020 Cingulara, Inc.
Service Discovery in NATS
❏ Answers the “Hey where are you?”
❏ Think multiple services or microservices
❏ You do not necessarily need to know
where each other are
❏ What is important is the subject
hierarchy and account/namespace
❏ Crude picture to right is from my article
on medium.com
❏ Hint: we don’t care necessarily WHERE
you are just that you are online

10. © 2020 Cingulara, Inc.
NATS Security
NATS and Security

11. © 2020 Cingulara, Inc.
Security in a Service Mesh
❏ End-to-end encryption with mutual TLS
❏ Authentication
❏ Authorization
❏ Access Control
❏ Done in YAML files
❏ Must configure this correctly
❏ Centralized security model
❏ Manages the security certificates for you

12. © 2020 Cingulara, Inc.
Security in NATS (2.0+)
❏ NKeys
❏ JSON Web Tokens
❏ Operator -- Account -- Users security model
❏ More decentralized
❏ Can run with TLS and certificates -- you must manage

13. © 2020 Cingulara, Inc.
NATS Metrics
NATS and Tracking Metrics

14. © 2020 Cingulara, Inc.
Metrics in a Service Mesh
❏ Metrics captured inherently
❏ Success rates, errors,
response times
❏ API to API
❏ Service Mesh components
❏ Kiali
❏ Prometheus and Grafana

15. © 2020 Cingulara, Inc.
Metrics in NATS
❏ Metrics used with the NATS
Prometheus Exporter
❏ Also starting to show metrics with
2.0+ implementation (Surveyor)
❏ Overall metrics, not per client
❏ Prometheus and Grafana
❏ Personally: recently worked on a
per-client metrics for my application
to show metrics down to the client
level -- up in GH/Cingulara/

16. © 2020 Cingulara, Inc.
NATS Tracing
NATS and Tracing Messages

17. © 2020 Cingulara, Inc.
Tracing in a Service Mesh
❏ Tracing calls from API A to B to C and back to see latency and issues
❏ Can use Istio/Envoy to export tracing information, Linkerd to collect and export
❏ Also gives you a topology of your calls

18. © 2020 Cingulara, Inc.
Tracing in NATS
❏ Reference architecture to use for Tracing
❏ GitHub has not.go and not.java
❏ https://github.com/nats-io/not.go
❏ Setup your Trace structure
❏ Setup your Span structure
❏ Create a binary representation
❏ Put onto the front of your Message.Data
❏ Read it off the Reply/Subscriber on the other end
❏ Keep using your data as required
❏ I have used with C# .NET Core 2.2+ as well
❏ Publish with C#, read subscriber with Golang, still works great
❏ NATS 2.0+ has a monitoring service to show latency

19. © 2020 Cingulara, Inc.
NATS Load Balancing
NATS and Load Balancing

20. © 2020 Cingulara, Inc.
Load Balancing in a Service Mesh
❏ 2 or more services are setup as replicas, the mesh can load balance between them
❏ Can do round robin, locality, etc. not just rotate them around
❏ You can weight the routes

21. © 2020 Cingulara, Inc.
Load Balancing in NATS
❏ Uses Queued Subscriptions, similar to round robin (to me)
❏ Register your client with a queue name, that is the only setup you need
❏ Used with gateways in NATS 2.0 for clusters/superclusters you can have geo-aware
subscriptions
❏ Subscribers “closer” get the information unless there is a network issue (auto-DRP)
❏ Roadmap for NATS to have a weighted load balancer, just not there yet

22. © 2020 Cingulara, Inc.
NATS Routing Control
NATS and Routing Control

23. © 2020 Cingulara, Inc.
Routing Control in a Service Mesh
❏ Specifically traffic shifting and mirroring
❏ Mirroring / Shadowing to perform functions on another service/set of services (i.e. testing)
❏ Traffic Shifting is slowly migrating traffic from one to another (think canary)
❏ Typical to service mesh, defined in YAML

24. © 2020 Cingulara, Inc.
Routing Control in NATS
❏ Mirroring or shadowing can be done
by default based on subscriptions
❏ Subscribe to the subjects or use
wildcards
❏ Permissions, data stores, accounts
have to match
❏ Harder to do with Publishing in a
production environment!

25. © 2020 Cingulara, Inc.
NATS Service Mesh
Summary
What did we just go over

26. © 2020 Cingulara, Inc.
NATS Service Mesh Functionality
❏ Inherently has some service mesh functionality
❏ You need to know if you even need a service mesh
❏ You need to test if you need Istio/Linkerd/Kuma/Consul/etc. to solve your issues

27. © 2020 Cingulara, Inc.
Other Things on NATS Service Mesh
❏ AFAIK…..it can do
❏ Timeouts
❏ Retries
❏ Request/Reply as well as
Pub/Sub
❏ Create a Service Mesh without
Kubernetes as a basis
❏ AFAIK…..it cannot do
❏ Circuit Breaking

28. © 2020 Cingulara, Inc.
What Else to Read
What else dovetails with this subject

29. © 2020 Cingulara, Inc.
Other Articles & Areas to Further This
❏ Christian Posta on getting started with a service mesh
https://itnext.io/getting-started-with-a-service-mesh-starts-with-a-gateway-62a470350242
❏ R.I. Pienaar Blog Series on NATS at https://choria.io/blog/post/2020/03/23/nats_patterns_1/
❏ NATS.io blog and online docs
❏ Kevin Hoffman’s blog at
https://medium.com/@KevinHoffman/managing-operator-hierarchies-in-nats-2-0-4977600b699d
❏ Slack https://natsio.slack.com/