| OSI Layer | Name | Kubernetes Component / Function | Popular Tools | Detailed Description |
|---|---|---|---|---|
| Layer 7 | Application |
Ingress & Gateway API (Application-Aware Routing) |
NGINX Ingress, Traefik, Istio, Envoy, Emissary-ingress | Inspects HTTP/HTTPS traffic. Routes requests based on specific URLs (e.g., /api vs /web), cookies, or hostnames (app.com). Handles SSL/TLS termination, request rewriting, and authentication before forwarding to backend services. |
| Layer 6 | Presentation |
Data Formatting & Encryption (Security & Protocol Translation) |
Cert-manager, OpenSSL, Envoy, Istio mTLS | Manages data representation. In Kubernetes, this handles SSL/TLS decryption (offloading) at the Ingress layer, encrypting pod-to-pod communication via mutual TLS (mTLS), and converting protocols (like HTTP/1.1 to gRPC). |
| Layer 5 | Session |
Connection Management (State Persistence) |
Envoy, HAProxy, Kube-proxy ClientIP | Establishes and tracks connections. Manages "sticky sessions" (SessionAffinity), ensuring a specific user's sequential requests go back to the exact same backend pod to preserve application state or login sessions. |
| Layer 4 | Transport |
LoadBalancer & NodePort (Protocol/Port Routing) |
AWS ELB/ALB, Azure ALB, Metallb, kube-proxy, IPVS | Inspects TCP/UDP packets and ports only. It does not know what application is running. It blindly forwards raw network streams to a target IP and port. Cannot read URLs or cookies; faster but less intelligent than Layer 7. |
| Layer 3 | Network |
IP Routing & Addressing (Packet Delivery) |
Calico, Cilium, Flannel, AWS VPC CNI, Kube-router | Allocates static virtual IPs (ClusterIPs) and dynamic, unique IP addresses to every Pod. Handles Network Address Translation (NAT) to convert service IPs to pod IPs, and routes packets across different physical worker nodes. |
| Layer 2 | Data Link |
Network Encapsulation (Node-to-Node Tunnels) |
VXLAN, Geneve, Linux Bridges, MACVLAN | Connects the container's virtual network card (veth pair) to the host node's network. Packages IP packets into ethernet frames and creates overlay network tunnels (like VXLAN) so pods can talk across physical server boundaries. |
| Layer 1 | Physical |
Hardware Infrastructure (Physical Transmission) |
Intel/Mellanox NICs, Fiber/Ethernet cables, Routers, Switches | The actual physical server hardware, network interface cards (NICs), and cables that connect the cluster nodes together in a data center or cloud provider's facility. |
-
http://www.sommarskog.se/share_data.html How to Share Data Between Stored Procedures An SQL text by Erland Sommarskog, SQL Server MVP. M...
-
CONCLUSION : 1. Normally, use following two when you do not want query compilation also to come into picture. CHECKPOINT DBCC DROPCLEA...
-
Most of the Google tutorials on Keras do not show how to display a confusion matrix for the solution. A confusion matrix can ...
No comments:
Post a Comment