Loading…
Tuesday, November 12
 

9:00am MST

EnvoyCon | Welcome + Opening Remarks - Matt Turner, Program Chair
Tuesday November 12, 2024 9:00am - 9:05am MST
Speakers
avatar for Matt Turner

Matt Turner

Software Engineer, Tetrate
Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over a decade. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's given many... Read More →
Tuesday November 12, 2024 9:00am - 9:05am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C
  EnvoyCon

9:10am MST

Making Envoy Resilient to Sudden Increases in Load - Boteng Yao, Google
Tuesday November 12, 2024 9:10am - 9:35am MST
In this session, attendees will receive an in-depth analysis of effects and ways to make Envoy resilient to sudden increases in load. An analysis of last year's industry-wide CVE HTTP/2 'Rapid Reset' DDoS attack will illustrate practical implementation of mitigation measures. The session will further describe features developed in Envoy to defend against resource starvation. This includes system-level configuration practices and recent advancements in Envoy's overload manager designed to make Envoy resilient to spiky traffic.
Speakers
avatar for Boteng Yao

Boteng Yao

Software Engineer, Google
Boteng is a Software Engineer at Google, working on Envoy for various products.
Tuesday November 12, 2024 9:10am - 9:35am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C
  EnvoyCon, Envoy in production case studies

9:45am MST

Building Zero Trust with Envoy - Florin Coras & Pradheep Shrinivasan, Cisco
Tuesday November 12, 2024 9:45am - 10:10am MST
In this talk, we will guide you through our journey of developing an enterprise-grade, multi-tenant Clientless Zero Trust Network Access (ZTNA) proxy using Envoy. Our proxy operates across more than 30 data centers and can handle up to 4.5 Gbps per client connection. Join us as we reflect on various topics, including the decision to choose Envoy, the advantages of running Envoy on top of VPP, the challenges of supporting over 10k upstream destinations, and the decision to move away from WASM. Finally, we will conclude the talk by discussing new use cases we are planning to implement using Envoy.
Speakers
avatar for Florin Coras

Florin Coras

Principal Engineer, Cisco
Florin Coras is a Principal Engineer at Cisco where he focuses on user space host stacks, network virtualization and programmable overlays. He has contributed to a number of open source projects including FD.io, EnvoyProxy and OpenDaylight. He is a VPP maintainer, co-developer of... Read More →
avatar for Pradheep Shrinivasan

Pradheep Shrinivasan

Technical Lead, Cisco
Pradheep Shrinivasan is a technical lead in Cisco currently leading the development of Zero trust network. Current interests are Zero Trust networks, Security and distributed systems.
Tuesday November 12, 2024 9:45am - 10:10am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C
  EnvoyCon, Envoy in production case studies

10:10am MST

AM Break 1
Tuesday November 12, 2024 10:10am - 10:30am MST
Tuesday November 12, 2024 10:10am - 10:30am MST

10:30am MST

Panel: Dynamic Configuration and Scaling of VPN Concentrator and Envoy SASE Proxy in Multi-Tenant Edge - Srinivasa Addepalli & Ritu Sood, Aryaka; Mrittika Ganguli & Jeff Shaw, Intel Corporation
Tuesday November 12, 2024 10:30am - 11:05am MST
This discussion shows a framework that integrates a VPN Concentrator with Envoy-based Secure Access Service Edge (SASE) proxy, leveraging APIs for configuration and management of network functions within containers. This is designed to dynamically scale. The VPN Concentrator (VPNC) establishes secure IPSec tunnels that encapsulate data traffic, providing privacy and protection against threats. As no. of tenants or volume of traffic increases, the need for additional VPNCs, IPSec tunnels and proxies arise. The SASE proxy is a network filter at the edge, enforcing security policies, optimizing traffic flow, providing a zero-trust network access to cloud based services. Number of proxies is changed as a ratio-based scaling approach to IPSec tunnels or tenants based on metrics like : • Throughput • Latency • Error rates • Active, denied connections • Security breaches • No. of active user sessions. • No. of route changes for loadbalancing • Envoy utilization with/without optimizations
Speakers
avatar for Mrittika Ganguli

Mrittika Ganguli

Architect, Principal Engineer, Intel Corporation
Mrittika Ganguli is a Principal Engineer and Director, Cloud Native Pathfinding in Intel’s Network and Edge Architecture (NEX OCTO) team. She has 25+ years of experience in cloud hardware and software management, network processing control and data plane, cloud orchestration, telemetry... Read More →
avatar for Srinivasa Addepalli

Srinivasa Addepalli

CTO, Aryaka
Srini Addepalli is Aryaka's CTO with a strong background in edge computing, network security. He was instrumental in driving open-source initiatives at Intel, leading projects such as Service Mesh, cloud-native SASE framework, and Distributed HSM. With experience as a Fellow at Freescale... Read More →
avatar for Ritu Sood

Ritu Sood

Distinguished Engineer, Aryaka
Ritu Sood is a Distinguished Engineer working at Aryaka. She has over 10 years of experience in cloud-related technologies. During this time she worked and contributed on open source projects like Openstack, ODL, ONAP, Nodus and EMCO.
JS

Jeff Shaw

Cloud Software Architect, Intel
Jeff Shaw works on packet processing at Intel.
Tuesday November 12, 2024 10:30am - 11:05am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C

11:15am MST

Extending Envoy: A Guide to Custom Extensions with Envoy Gateway - Huabing Zhao, Tetrate & Guy Daich, SAP
Tuesday November 12, 2024 11:15am - 11:40am MST
As cloud-native applications evolve, the need for flexible and customizable service proxies grows. Envoy Proxy, known for its robust features and extensibility, is a key player. However, integrating custom extensions into Envoy can be complex. In this session, we will show how Envoy Gateway simplifies adding custom extensions to Envoy. Presented by the maintainer of Envoy Gateway and the author of “EnvoyExtensionPolicy,” attendees will gain insights into the data-plane extension mechanism of Envoy Gateway, with practical examples and use cases.

Key takeaways include:
  • Understanding the core concepts and architecture of Envoy Gateway. 
  • Step-by-step guidance on developing and integrating custom Envoy extensions.
  • Best practices for deploying and managing Envoy with custom extensions in a production environment.
  • Real-world use cases demonstrating the benefits of custom extensions in various scenarios.
Speakers
avatar for Guy Daich

Guy Daich

Architect, SAP
Guy is a development architect at SAP with over 10 years of experience in software engineering. His expertise lies in Kubernetes and Envoy, and he serves as a maintainer of the CNCF Envoy Gateway project.
avatar for Huabing Zhao

Huabing Zhao

Engineer, Tetrate
Huabing Zhao is a software engineer at Tetrate and a CNCF ambassador. He has developed a managed service mesh product on the cloud and assisted a lot of users in deploying Istio service mesh in production. He also founded Aeraki Mesh, a CNCF sandbox project that facilitates non-HTTP... Read More →
Tuesday November 12, 2024 11:15am - 11:40am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C

11:45am MST

⚡ Lightning Talk: Adding MxN Streaming Support for Envoy External Processing Filter - Yanjun Xiang, Google
Tuesday November 12, 2024 11:45am - 11:55am MST
The Envoy external processing only supports 1x1 body streaming, which is, Envoy sends one chunk of body to the side stream server. The side stream server mutates the received body, then sends the mutated body back to Envoy as the response. This 1x1 requirement becomes a bottleneck for certain use cases like compression, in which the side stream server has to buffer M chunks of data before processing them. After processing, it needs to split the response data into N chunks and send them back one-by-one. Such MxN streaming is not supported in the 1x1 state machine, which greatly limits Envoy's external processing capability. Proposed MxN Algorithm: An API change is added to notify Envoy that there are more response chunks coming back corresponding to a request chunk. Envoy utilizes this API to process the received response and prepare its state machine to receive next chunks. Continue the MxN data streaming as data arrives. Config knob is added for security considerations.





Speakers
avatar for Yanjun Xiang

Yanjun Xiang

Software Engineer, Google
Yanjun Xiang is a software engineer working for Google cloud products using Envoy. He is making contributions in Envoy external processing filter.
Tuesday November 12, 2024 11:45am - 11:55am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C

12:00pm MST

⚡ Lightning Talk: Building a Scalable Multi-Protocol API Gateway with Envoy - Matt Poegel, Bloomberg LP
Tuesday November 12, 2024 12:00pm - 12:10pm MST
How far can Envoy be taken as an edge proxy? What if your downstream clients are not using HTTP? As a case study for Envoy’s use as a layer four edge proxy, this talk presents how Envoy is being used at Bloomberg to provide connectivity for enterprise clients across a range of protocols using TCP including FIX, MQ, and SFTP. It discusses the challenges of managing decades-old connectivity endpoints with an aggressive SLA.
Do you operate in an environment where the security of the system is paramount? Of course you do. The combination of Envoy with SPIRE creates a strong security posture from day one. With flexible deployment options from containers on the cloud to virtual machines on-prem, this talk demonstrates how it is all possible.
Speakers
avatar for Matt Poegel

Matt Poegel

Senior Software Engineer, Bloomberg
Matt Poegel is a Senior Software Engineer at Bloomberg. For the past seven years, he has worked in the firm's Connectivity and Integration Engineering group, where he is using C++ and Golang to build resilient and secure connectivity solutions for different enterprise systems and... Read More →
Tuesday November 12, 2024 12:00pm - 12:10pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C
  EnvoyCon, Envoy in production case studies

12:15pm MST

⚡ Lightning Talk: Deep Dive Into Envoy Metrics - Mark Campbell-Vincent, HashiCorp
Tuesday November 12, 2024 12:15pm - 12:25pm MST
Last year, I explored troubleshooting Envoy and Kubernetes issues using Ksniff, highlighting its benefits. Building on that, this session will provide a deep dive into Envoy metrics, crucial for understanding network behaviors when Envoy is involved. We’ll examine how these metrics can be instrumental in diagnosing issues within the service mesh, offering multiple approaches to enhance your operational insights.
Speakers
avatar for Mark Campbell-Vincent

Mark Campbell-Vincent

Sr Support Engineer, HashiCorp
Mark Campbell-Vincent Mark Campbell-Vincent is a Senior Support Engineer at HashiCorp, where he assists customers implement Consul in their infrastructure and microservices. Mark acquired a strong knowledge of distributed systems including Kubernetes, Envoy, and Consul to effectively... Read More →
Tuesday November 12, 2024 12:15pm - 12:25pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C
  EnvoyCon, Monitoring in practice (logging+tracing+stats)

12:25pm MST

EnvoyCon | Closing Remarks - Matt Turner, Program Chair
Tuesday November 12, 2024 12:25pm - 12:30pm MST
Speakers
avatar for Matt Turner

Matt Turner

Software Engineer, Tetrate
Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over a decade. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's given many... Read More →
Tuesday November 12, 2024 12:25pm - 12:30pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom C
  EnvoyCon

5:30pm MST

Evening Reception (Hyatt Regency)
Tuesday November 12, 2024 5:30pm - 7:00pm MST
Join us onsite for drinks and appetizers with fellow co-located attendees from Tuesday's CNCF-hosted Co-located Events.

Attendees from all CNCF Co-located Events are welcome.
Tuesday November 12, 2024 5:30pm - 7:00pm MST
Hyatt Regency | Level 2 | South Foyer
 

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
  • AppDeveloperCon
  • ArgoCon
  • BackstageCon
  • Breaks
  • Cilium + eBPF Day
  • Cloud Native + Kubernetes AI Day
  • Cloud Native StartupFest
  • Cloud Native University
  • Data on Kubernetes Day
  • EnvoyCon
  • Istio Day
  • Kubernetes on Edge Day
  • Observability Day
  • OpenFeature Summit
  • OpenTofu Day
  • Platform Engineering Day
  • Registration
  • WasmCon