PostFinance picks Isovalent Cilium Enterprise for Cloud Native Networking

Networking, made visible by Isovalent Cilium Enterprise
View the Case Study
PostFinance picks Isovalent Cilium Enterprise for Cloud Native Networking

PostFinance is one of Switzerland's leading financial institutions

Serving more than 5 million customers, Post Finance is a reliable partner for private and business customers wishing to manage their own finances. PostFinance is a diversified, innovation-driven financial services company that provides customers with first-class solutions and smart innovations for the management of their finances. PostFinance relies on future-oriented tools and technologies that have been specially developed or adapted for the Swiss market.

PostFinance

PostFinance is the financial services unit of Swiss Post which was founded in 1906. It is the fifth largest retail financial institution in Switzerland.

Headquarters Bern, Switzerland
IndustryFinance
Products

Key figures

  • 25Clusters
  • 74Applications
  • 562Nodes
  • x12kFaster Pod Startup
  • 5MCustomers
  • 4MCustomer transactions/day
Post Finance
Using kube-proxy, and with our clusters growing, it was becoming a challenge to simply start a pod. It took several seconds, and up to a minute, for a pod to gain connectivity or for services to map to a pod, massively impacting the scalability of our platform.
Clément Nussbaumer, Systems Engineer

Situation & Challenge

Electronic payments are becoming increasingly popular, and thus availability and scalability requirements for systems processing those payments are more important than ever. By changing their applications to run in containers and using Kubernetes to orchestrate them, PostFinance was were able to solve many of their original pain points.

At the time of the Study, PostFinance's environment accounted for around 70 different applications, each with one or many microservice(s), running in one of their over 500 nodes.

In the real world, such changes always have some drawbacks. As PostFinance moved to remedy its scale and availability pain points with Kubernetes, new challenges appeared.

  • In particular, gaining networking insights with traditional, iptables-based CNI plugins became difficult.
  • Post Finance's growing infrastructure also led to latency issues and problems for the CNI plugin in maintaining a consistent state of iptables rules across all cluster nodes.
Post Finance
In terms of observability in Kubernetes, it was quite tricky to know exactly where the packets were flowing and what could be blocking them. Basic Linux networking tools, like tcpdump, lack the context of cluster topology and it quickly becomes complicated with dynamic pod IPs. Observing these network flows is quite simple to do now with Hubble including analyzing the flows, filtering, etc.
Clément Nussbaumer, Systems Engineer

Solution

By replacing their previously used CNI with Cilium (including the kube-proxy replacement) PostFinance was able to solve their challenges regarding scale, observability and latency. PostFinance measured and compared pod startup latencies, and quickly saw that Cilium was widely outperforming their iptables based CNI.

Post Finance
Being built on eBPF, performance-wise Cilium is great. With Cilium, you also have access to quite some in-depth debugging capabilities if you want, or if you are curious about how it’s implemented. And having worked with kube-proxy and iptables, I prefer that we don’t use them anymore.
Clément Nussbaumer, Systems Engineer

Key measurements

IPTABLES BASED CNI (MAX)

  • Outgoing connection 75ms
  • Connection to k8s service 12s
  • Connection to pod IP 60s

CILIUM (MAX)

  • Outgoing connection 48ms
  • Connection to k8s service 12ms
  • Connection to pod IP 5ms
Value

Value

By using Cilium, networking became visible to PostFinance:

  • Increased observability helped PostFinance quickly identify and fix problems, which can be crucial for their customers who are paying with PostFinance's systems.
  • PostFinance was able to use network events to generate security alerts, perform forensic analysis and transparently encrypt network traffic "in-flight".
  • PostFinance was able to solve the scale issues of their previous CNI plugin while simplifying simplifying their Kubernetes setup by eliminating the need for kube-proxy.
Post Finance
Cilium and Isovalent helped our team to build a scalable Kubernetes platform which meets our demanding requirements to run mission-critical banking software in production!
Thomas Gosteli, Linux Systems Specialist

What’s Next?

How to learn more about Isovalent, Cilium and eBPF

Getting Started with Cilium

Take our free interactive lab to deploy a demo application, deploy L3/L4 network policy, and apply and test HTTP-aware L7 policy

Try for free

Schedule a Demo

Let's engage around all things Cilium and eBPF

Schedule

Watch the Webinar

Join Filip from PostFinance for a discussion around the PostFinance Cloud Native Journey

Watch on demand

Subscribe to newsletter