PostFinance picks Isovalent Cilium Enterprise for Cloud Native Networking
PostFinance is one of Switzerland's leading financial institutions
More than 2.6 million customers view Post Finance as a reliable partner for private and business customers wishing to manage their own finances. PostFinance is a diversified, innovation-driven financial services company that provides customers with first-class solutions and smart innovations for the management of their finances. PostFinance relies on future-oriented tools and technologies that have been specially developed or adapted for the Swiss market.
PostFinance is the financial services unit of Swiss Post which was founded in 1906. It is the fifth largest retail financial institution in Switzerland.
- x12kFaster Pod Startup
- 1000sOf Containers
Situation & Challenge
Electronic payments are becoming increasingly popular, and thus availability and scalability requirements for systems processing those payments are more important than ever. By changing their applications to run in containers and using Kubernetes to orchestrate them, PostFinance was were able to solve many of their original pain points.
At the time of the Study, PostFinance's environment accounted for around 70 different applications, each with one or many microservice(s), running in one of their 19 on-premises Kubernetes clusters, varying in size between 7 - 75 nodes.
In the real world, such changes always have some drawbacks. As PostFinance moved to remedy their pain points with Kubernetes, other pains appeared.
- In particular, gaining networking insights with traditional, iptables-based CNI plugins became difficult.
- Post Finance's growing infrastructure also led to some latency issues and problems for the CNI plugin in maintaining a consistent state of iptables rules across all cluster nodes.
IPTABLES BASED CNI (MAX)
- Outgoing connection 75ms
- Connection to k8s service 12s
- Connection to pod IP 60s
- Outgoing connection 48ms
- Connection to k8s service 12ms
- Connection to pod IP 5ms
By using Cilium, networking became visible to PostFinance:
- Increased observability helped PostFinance quickly identify and fix problems, which can be crucial for their customers who are paying with PostFinance's systems.
- PostFinance was able to use network events to generate security alerts, perform forensic analysis and transparently encrypt network traffic "in-flight".
- PostFinance was able to solve the scale issues of their previous CNI plugin while simplifying simplifying their Kubernetes setup by eliminating the need for kube-proxy.
How to learn more about Isovalent, Cilium and eBPF
Getting Started with Cilium
Take our free interactive lab to deploy a demo application, deploy L3/L4 network policy, and apply and test HTTP-aware L7 policyTry for free
Schedule a Demo
Let's engage around all things Cilium and eBPFSchedule
Watch the Webinar
Join Filip from PostFinance for a discussion around the PostFinance Cloud Native JourneyWatch on demand