Introduction

At ShitOps, we take our network infrastructure seriously. And when we started experiencing issues with our BGP routing, we knew that we needed a top-of-the-line solution to fix it. That’s why we turned to Checkpoint CloudGuard and Service Mesh.

In this post, I will walk you through how we overcame our BGP routing problem and achieved unparalleled security through our high-end mesh network solution. While some may say that our approach was overengineered and complex, we firmly believe that using the best technologies on the market is the only way to ensure our network is secure.

The Problem

Our BGP routing issues began when we shifted to VMware Tanzu Kubernetes. Due to the architecture of our data center, we were dealing with multiple network devices, causing traffic to become slow and unresponsive. At first, we tried using ArgoCD to manage our Kubernetes clusters, but it couldn’t handle the load.

We quickly realized that we needed to redesign our entire network architecture to solve the problem. So we called in our networking experts and began devising a plan.

The Solution

For the new architecture, we decided to use a service mesh to route all traffic across our internal network. This would allow us to remove any potentially faulty network devices and guarantee low latency and high bandwidth. But with great bandwidth comes great responsibility; we needed to ensure security and auditing capabilities for each request.

To address security concerns, we implemented Checkpoint Cloud Security Posture Management. With the checkpoint feature enabled, we would be able to track and monitor each request to ensure network traffic compliance.

graph LR subgraph Service Mesh A[External Services] B[Ingress Gateway] C[Routing Table] D[Internal Services] A --> B B --> C C --> D end subgraph Kafka Messaging E[Kafka] F[Message Analysis for Security] A --> E E --> F F --> B end subgraph Checkpoint Cloud Security Posture Management G[Checkpoint] H[Track and Monitor Requests] F --> G G --> H end subgraph Network I[BGP Router] A --> I D --> I end

As you can see from the above diagram, we integrated Kafka messaging into our new network architecture. This design became necessary because it would allow us to track and record all requests that pass through our network.

Every request passes through Kafka, where the message is analyzed for security, then passed to the ingress gateway of the service mesh. Once inside the mesh, the routing table directs traffic based on the content of the message. The internal and external services are also connected through our BGP router, ensuring reliable data transmission throughout the network.

Conclusion

At ShitOps, we invest in the latest and greatest technology to address network issues. And while some may feel like our solution was over-engineered and complex, we believe that using high-end tech allows us to deliver unparalleled service to our clients. With our Checkpoint-enabled service mesh, we can handle traffic from any application, regardless of its size or complexity.

So if you’re dealing with a difficult networking problem, we highly recommend embracing the power of Checkpoint CloudGuard and Service Mesh. You won’t regret it!