Service Mesh is an infrastructure layer that abstracts application networking from the business logic of the application. In doing so, the service mesh can provide a configurable network layer to facilitate communication between services using their application programming interfaces (APIs). This architecture is facilitated by deploying a proxy as a sidecar alongside each application service. All communications between the application services are facilitated through the sidecar proxies (data plane) which are configured and managed through a control plane. Popular service mesh technologies include Istio, Linkerd, AWS App Mesh, HashiCorp Consul Connect, Kuma (Kong) and others that are either built with Envoy Proxy or a custom proxy specific to the service mesh provider.
Why Do We Need Service Mesh?
The rising popularity of microservices-based architecture and container orchestration (Docker and Kubernetes) creates a new challenge in solving the service to service communication within a cluster. These microservices are comprised of potentially hundreds of loosely coupled services that are dynamic, ephemeral, and distributed making the network between them critical to ensure a properly functioning application.
Unlike monolithic applications that primarily focus on incoming traffic to a single application instance, microservices need to consider incoming traffic to many application instances and manage the traffic between the services. Incoming traffic to the cluster is often called north-south while the service to service communication within the cluster is called east-west. A service mesh is designed to solve the requirements of enabling and managing east-west communications.
What Can You Do With a Service Mesh?
Service mesh solves a major challenge in building and operating cloud-native applications by laying the foundation and API to L7 networking to gain more insight and control into the distributed application behavior. Service mesh provides functionality to application developers like service discovery, client-side load balancing, timeouts, retries, circuit breaking and more that work regardless of their application framework or language. For operators, service mesh provides a set of L7 controls over traffic routing, policy enforcement, and strong identity (authentication and authorization) and security (encryption, mTLS). The service mesh is also an extension point and vehicle for new functionality that can be deployed to applications through the service mesh. Examples of extensibility include progressive delivery, chaos engineering and operators for automating service mesh behavior.