PostFinance picks Isovalent Cilium Enterprise for Cloud Native Networking

Networking, made visible by Isovalent Cilium Enterprise
View the Case Study
PostFinance picks Isovalent Cilium Enterprise for Cloud Native Networking

PostFinance is one of Switzerland's leading financial institutions

More than 2.6 million customers view Post Finance as a reliable partner for private and business customers wishing to manage their own finances. PostFinance is a diversified, innovation-driven financial services company that provides customers with first-class solutions and smart innovations for the management of their finances. PostFinance relies on future-oriented tools and technologies that have been specially developed or adapted for the Swiss market.

PostFinance

PostFinance is the financial services unit of Swiss Post which was founded in 1906. It is the fifth largest retail financial institution in Switzerland.

Headquarters Bern, Switzerland
IndustryFinance
Products

Key figures

  • 17Clusters
  • 74Applications
  • 7-75Nodes
  • x12kFaster Pod Startup
  • 2.6MUsers
  • 1000sOf Containers

Situation & Challenge

Electronic payments are becoming increasingly popular, and thus availability and scalability requirements for systems processing those payments are more important than ever. By changing their applications to run in containers and using Kubernetes to orchestrate them, PostFinance was were able to solve many of their original pain points.

At the time of the Study, PostFinance's environment accounted for around 70 different applications, each with one or many microservice(s), running in one of their 19 on-premises Kubernetes clusters, varying in size between 7 - 75 nodes.

In the real world, such changes always have some drawbacks. As PostFinance moved to remedy their pain points with Kubernetes, other pains appeared.

  • In particular, gaining networking insights with traditional, iptables-based CNI plugins became difficult.
  • Post Finance's growing infrastructure also led to some latency issues and problems for the CNI plugin in maintaining a consistent state of iptables rules across all cluster nodes.
Post Finance
Cilium and Isovalent helped our team to build a scalable Kubernetes platform which meets our demanding requirements to run mission-critical banking software in production!
Thomas Gosteli, Linux Systems Specialist

Solution

By replacing their previously used CNI with Cilium (including the kube-proxy replacement) PostFinance was able to solve their challenges regarding scale, observability and latency. PostFinance measured and compared pod startup latencies, and quickly saw that Cilium was widely outperforming their iptables based CNI.

Key measurements

IPTABLES BASED CNI (MAX)

  • Outgoing connection 75ms
  • Connection to k8s service 12s
  • Connection to pod IP 60s

CILIUM (MAX)

  • Outgoing connection 48ms
  • Connection to k8s service 12ms
  • Connection to pod IP 5ms
Value

Value

By using Cilium, networking became visible to PostFinance:

  • Increased observability helped PostFinance quickly identify and fix problems, which can be crucial for their customers who are paying with PostFinance's systems.
  • PostFinance was able to use network events to generate security alerts, perform forensic analysis and transparently encrypt network traffic "in-flight".
  • PostFinance was able to solve the scale issues of their previous CNI plugin while simplifying simplifying their Kubernetes setup by eliminating the need for kube-proxy.

What’s Next?

How to learn more about Isovalent, Cilium and eBPF

Getting Started with Cilium

Take our free interactive lab to deploy a demo application, deploy L3/L4 network policy, and apply and test HTTP-aware L7 policy

Try for free

Schedule a Demo

Let's engage around all things Cilium and eBPF

Schedule

Watch the Webinar

Join Filip from PostFinance for a discussion around the PostFinance Cloud Native Journey

Watch on demand

Subscribe to newsletter