Cloud Service Providers (CSPs) have made it easy for organizations to develop and deploy applications at scale. However, as these applications are deployed, they often need to communicate with other applications and services running in different environments, such as the cloud, data centers, or even across the Internet. For example, a service may need to communicate with another service that is not in the same network, or multiple applications may need to share a set of services like authentication service, monitoring, and logging services, messaging services, etc., that may be hosted in a shared services environment.
Why just a Layer 3 network is not enough
The most common approach to meeting these networking needs is building Layer 3 networks at scale, enabling communication between the two endpoints deployed in VPCs/VNets where applications are deployed. CSPs have made it easy to build these Layer 3 networks by providing a wide range of networking constructs and tools that addresses the basic connectivity needs of layer 3. However, sometimes it is not enough to apply layer 3 networking and tunneling techniques. By working with some large enterprises that have a mix of applications, IP subnets, and Cloud native PaaS services, I have observed the following common challenges;
- Performance Requirements: Different types of applications may have different performance requirements from the underlying infrastructure, and because networking constructs coupled with tunneling do not understand the application layer, they treat every application the same
- Application Layer Insights: Layer 3 networking constructs can’t process information at the Application layer. Similarly, tunneling techniques encapsulate the original application layer data and thus hide it from any intermediate Network devices. Hence, getting application layer insights or visibility is challenging when using Layer 3 networks and tunneling techniques. Therefore, troubleshooting application connectivity issues could get tricky without application layer insights.
- Security: Additionally, there may be a need to apply granular security policies (micro-segmentation) at the application layer, including looking at application attributes like OIDC, JWT, X.509 certs, etc.
- Connecting to PaaS Services: What about connecting to service endpoints not hosted inside a network (VPC/VNet), for example, S3 buckets or services running on serverless infrastructure, etc.?
- Enabling hybrid and multicloud service connectivity: Connecting services deployed in different environments could be challenging, especially when dealing with varying security requirements, network topologies, and resource constraints.
Service Networking is the right approach to solving these problems.
Service networking addresses these challenges by providing a consistent way to enable service-to-service communication focusing on application performance, security, and layer visibility. Although service networking is generally associated with establishing connectivity between microservices using Service Mesh solutions, it does not have to be restricted to microservices inside container management platforms like Kubernetes.
A complete Service Networking platform should be able to establish application layer connectivity between any service; web applications, TCP/UDP apps, microservices running inside Kubernetes clusters, or platform as a service (PaaS) offering from CSPs.
You didn’t think Full Stack platform included Service Networking?
Prosimo offers a full-stack Transit platform that enables service-to-service communication. It allows organizations to build service networks comprised of different types of endpoints (IP, Subnets, FQDNs, APIs, or PaaS), establishes service-to-service communication with the right context and authorization policies at various layers (5-Tuple network policy or X.509 certificates, mTLS, etc.), and provide application layer visibility for every HTTP/s transactions (GET/POST methods) or TCP/UDP layer insights (port, protocol).
In summary, while traditional Layer 3 networking provides a way for applications and services to communicate across different environments, it may not be sufficient to meet the needs of modern applications and services in terms of performance, security, and visibility. Service Networking, provided by Prosimo, offers a solution to these challenges by providing a consistent way to enable service-to-service communication at the application layer, focusing on performance, security, and visibility.
This is the first blog of the three-part series. In the next blog, I will dive deep into Prosimo's Full Stack Transit Platform and uncover how it empowers Service Networking.
Bridging the gap between cloud and networking. Helping architects navigate the complex world of the cloud. Sharing my experience to make life easier for others.