It’s the 20th year of OSCON, held this week in Portland, Oregon, and we will be in attendance!
We have two great presentations lined up:
- Lauren McCarthy and Tom Spiegelman will share DigitalOcean’s approach to tackling the Spectre and Meltdown vulnerabilities, covering what the company chose to move forward with and why, and
- Andrew Kim will be sharing a technical deep dive into how DigitalOcean uses anycast IPs, BGP, and Kubernetes to run globally distributed services on containers
On Wednesday, July 18, from 11:50 AM-12:30 PM, Lauren McCarthy and Tom Spiegelman present “DigitalOcean’s approach to Spectre and Meltdown” in E143/144.
News of the security vulnerabilities Spectre and Meltdown gripped headlines earlier this year, and for good reason: the bugs affected an estimated three billion chips in use. The impact to cloud providers was substantial, and DigitalOcean was no exception.
Lauren McCarthy and Tom Spiegelman share DigitalOcean’s approach to tackling the Spectre and Meltdown vulnerabilities—dubbed "Smeltdown”—covering what the company chose to move forward with and why. This was one of the biggest challenges the company has dealt with in terms of complexity and scale. One of the key issues was timeliness: while the big cloud companies received advanced notice, DigitalOcean didn’t have that luxury. But it couldn’t use that as an excuse: it just meant working smarter and harder. Lauren and Tom discuss the hardships faced and how the chosen solution left the company with a more secure cloud infrastructure and ready move forward to work toward new offerings so that developers and their teams can focus on what matters: building software that changes the world.
On Thursday, July 19, from 4:15 PM-4:55 PM, Andrew Kim presents “Containers and anycast IPs at DigitalOcean” in D139/140.
Today’s container networking technology has made it significantly easier to build distributed systems on top of container orchestrators such as Kubernetes, Mesosphere, and Docker Swarm. Container networking technologies use Linux primitives such as iptables and IPVS to provide load-balancing capabilities for network traffic across containers in a cluster. These simple yet powerful tools are a cornerstone to the success of containerized systems, as they provide highly available environments with little to no effort.
Despite the many benefits of container networking, running containerized applications that must be latency sensitive and globally distributed is an extremely challenging task. Container networking is mainly scoped for in-cluster traffic, leaving little room to globally distribute an application across multiple clusters. Moreover, extending a container network for external traffic requires many additional layers of abstraction, usually introducing points of failures in a cluster and increasing end-to-end latency.
Andrew Kim leads a technical deep dive into how DigitalOcean uses anycast IPs, BGP, and Kubernetes to run globally distributed services on containers. Along the way, Andrew discusses design considerations for scalability, architectural trade-offs, data center networking, lessons learned in production, and challenges to adopting containers for latency sensitive applications.
You can also catch us at booth #101 at the following times:
- Wednesday, July 18 from 10:20 AM to 7:00 PM, and
- Thursday, July 19 from 10:20 AM to 4:15 PM
