When Amazon started rewriting its closed source software for networking devices (Source: Youtube), they started with a warning that it ‘ll get worse first before it’ll get better. They were surprised that it very quickly went a lot better because they were able to write very specific code for their use case without having to deal with other customers requirements.
When off-the-shelf software is running within the enterprise for some time, it often becomes clear that most of the capabilities are not going to be used. The software is often brought in to the enterprise to solve a myriad of problems, but in the end, only solves one or two particular problems. Everybody moves on, but the software keeps on running, racking up fees for licensing and maintenance. It’s common that just running the software takes up a lot of resources within the internal teams to deal with support and maintenance.
If you work in an IT infrastructure role in an enterprise, this story must sound familiar. What can be done about it? Looking for a better vendor or an open source product that promises to be a better solution, often to then years later end up in the same situation? We suggest another approach.
Expensive systems can sometimes be relatively easily replaced with a homegrown system developed by the internal team. You only have to write the features you want instead of implementing one or more technologies. Writing your own features is much simpler and efficient because you understand your use case, and the specific environment you’re in. You know what capabilities the software needs to have.
In recent years it has become much easier to write stable, reliable, performant software thanks to the new generation of systems programming languages like Golang and Rust. Golang for example has reliable, easy-to-use libraries to solve a lot of everyday infrastructure problems. It has great libraries for crypto (TLS, SSH), command-line parsing (like Cobra), concurrency (in-built goroutines), internet protocols (HTTP, (reverse) proxy, websockets), encoding (JSON, YAML, protobuf).
At IN4IT, we already write our use-case specific infrastructure software, using Golang, and are always surprised how stable and error-prone this software is running compared to enterprise products. We can write comprehensive tests for our specific use case, and do performance tests within our environments. Besides the license and maintenance fees, we can also save on infrastructure costs, as the software typically can run on much smaller hardware than enterprise software. Our own software doesn’t need to support a myriad of features that you typically find in enterprise software.
One of the projects that helped us and our clients is Roxprox Ingress Proxy. Roxprox is a Golang control plane for Envoy. Envoy is a modern proxy built for scale and has support for authn, authz, observability, rate limiting, advanced routing and other features. By writing our own control plane, we were able to have tight integration with AWS (where we initially wanted to run it on). We still had the features that we wanted of an advanced ingress gateway, without having to engage with a vendor, implement their software, and most likely only use 10% of their capabilities with 200% of the cost. We also are able to determine ourselves when we need to do software upgrades, without having to follow an external release policy which most likely doesn’t suit our needs and is in most cases a lot slower and thus less secure.
Roxprox still has a dependency on Envoy, but it’s unlike any other product, because of the dynamic nature it can integrate with your own software. We also have complete end-to-end software and frameworks that we use, which are all publicly available on our github, https://github.com/in4it.