Securing our pipes
With thousands of services communicating with each other across the globe within the Facebook network, encryption becomes a necessity. The infra should make this transparent to the service owner with minimal impacts to performance without sacrificing reliability. This talk discusses technical solutions to encryption at Facebook for Thrift microservices and compares different approaches we’ve deployed including Kerberos and TLS. We’ve made several tradeoffs between security, reliability and performance to make encryption scale to thousands of services and hundreds of thousands of hosts, with some key optimizations that make this possible.