Share this page!

Colm MacCárthaigh Profile picture
Twitter logo
10 Nov, 7 tweets, 2 min read
Gateway Load Balancer is *HUGE* and brings a capability to the cloud that has never even existed in traditional/legacy datacenter networks. It's not "just" ECMP. Flows are symmetrical, and sticky! Let me explain ...
GWLB let's you spread incoming or outgoing traffic over multiple firewalls, intrusion detection devices, packet inspectors, etc. It's horizontal scaling for network appliances, running on EC2 Instances. So far so good ... that sounds like ECMP.
But ECMP in datacenter networks doesn't align "north-south" and "south-north" traffic for the same flows (network connections) over the same devices, and it also "scrambles" all of the traffic when you add or remove a node to do any scaling.
This means that a huge amount of work that goes into building enterprise / scalable network appliances is spent on proprietary mechanisms to re-assemble flows between nodes. Complicated multicast protocols are common.
GWLB provides bi-directional flow symmetry, and flow stickiness. That makes it much easier to develop a virtualized network function. There's no need to worry about recombobulating the flows. NFV developers can focus on the business functionality instead.
I don't think it's an overstatement to say that with for the first time, a very small team can develop network functionality that will be horizontally scalable and highly available. I'm excited to see what customers might build!
Good example: want to measure how much of your traffic is plaintext? You could build an application in a few hours that uses pcap, ebpf, or DPDK to scan the traffic for plaintext/randomness and categorize each flow ... and then plug it in to GWLB.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Colm MacCárthaigh

Colm MacCárthaigh Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @colmmacc

Colm MacCárthaigh Profile picture
8 Nov
Are you a US Citizen or Green Card holder who has won the tech lottery and has > $100k discretionary income? I know for sure there are some reading. Consider maxing out and donating $5000 to the Fair Fight PAC, and $2800 each to Warnock and Ossoff. Reasons ...
First let's acknowledge that campaigns accepting this kind of money is an insanely corrupt practice way outside of international and democratic norms. It biases everything towards the donor class. So please don't expect anything in return ... except a functioning US democracy.
The US electorate have voted overwhelmingly for a democratic government. Huge popular Democratic Party candidate majorities for presidency and house, potentially even the senate. But that may not be the actual government we get.
Read 11 tweets
Colm MacCárthaigh Profile picture
6 Nov
Friday morning tweet thread: some more depth and detail on AWS Nitro Enclaves, the trusted execution environment / confidential computing platform which we launched last week. aws.amazon.com/ec2/nitro/nitr… . Let's dive in!
If you're reading this thread, you're almost certain familiar with Amazon EC2. The basics: EC2 customers can launch Instances, which are virtual servers in the cloud. "Virtual" means we make one physical machine seem like many machines. It's powered by our virtual machine tech.
With AWS Nitro Enclaves you get to also create and run more super highly isolated virtual servers that are attached directly and only to your EC2 instance. Think of it like having another server, but with no connectivity at all except a cable plugged in to your Instance.
Read 54 tweets
Colm MacCárthaigh Profile picture
29 Jun
Monday morning mini-thread. I rarely re-read books, but there are essays, letters, and speeches I re-read every year or two. Here I'm going to share 11 that have an enduring impact on me. Each is great writing, but also brilliant thinking.
1. The Inner Ring by CS Lewis lewissociety.org/innerring/. I'm not a big CS Lewis fan, but in this speech he condensed so much about how the world really works, and how corruption arises, and how to resist it.
IR gets across how the real movers and shakers aren't always the people with the titles or positions, and it distills a kind of soulful plaintive craft-like dedication to purity and quality that draws influence from religion and philosophy and shows up later in Pirsig's ZAMM.
Read 19 tweets
Colm MacCárthaigh Profile picture
15 May
@bhoflack @danluu We rejected a Maglev-like design because probabilistic LB doesn't work for the vast majority of workloads. Most customers have only 2 LB targets, they're also often slow, and subject to garbage-collection pauses. Probabilistic LB increases utilization way too much.
@bhoflack @danluu It's a design that works well when you have lots of very fast, very consistent targets. You could say it worked well at Google then, but I'm not sure I'd agree. It also imposes that constraint tax on your ecosystem; teams may be forced to optimize way earlier.
@bhoflack @danluu Our world view of load balancers is that they primarily an organizational tool designed to free teams from problems and complexity. Helps you not work as much on HA, GC, or long-tail latency, quite as much. The paper reads like awesome bin-packing is what LB is about.
Read 7 tweets
Colm MacCárthaigh Profile picture
24 Apr
The updated Apple | Google COVID-19 exposure notification cryptography paper is here: covid19-static.cdn-apple.com/applications/c… . Going to follow up with observations as I read it.
O.k. so first off; I've seen speculation that the change from HMAC to AES is to save power. I don't think this is true. The change to AES is to allow the phone to broadcast some encrypted data (the bluetooth power level) that can later be decrypted.
The power theory is silly IMO; Bluetooth IDs are only generated 144 times a day, the battery savings would be negligible.
Read 13 tweets
Colm MacCárthaigh Profile picture
4 Feb
Separate rant for this! Let's count some reasons ...
1. If there is any layer that is actually between layer 4 (like TCP) and layer 7 (like HTTP or SMTP) ... *surely* it is TLS. But that's not a layer in the OSI model.
2. To double down on (1) ... have you *ever* seen layers 5 or 6 referred to? know what they are without looking? exactly? (also layers 5 and 6 make no real sense in a modern world).
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @colmmacc