Register now for our 'High Availability & Disaster Recovery in Kubernetes' Tech Talk on March 14, 2024, at 1:00 p.m. EST. Register Now
Back to blog

What is a Service Mesh? Benefits and Top Service Mesh Products

September 16, 2021 | 5 min read

Learn about the service mesh, how it works, why you need it, and the top 4 service mesh products.

What is service mesh?

A service mesh is a dedicated infrastructure layer that controls service-to-service communications over a network, thereby allowing microservices to communicate with and sometimes across each other.

The microservices architecture is structured in such a way that services can be independently deployed around a business logic. However, these services oftentimes work interdependently and communicate with each other to process larger business requests.


How does a service mesh work?

A service mesh is divided into two planes - the data plane and the control plane. The responsibility of a data plane is to aid the communication of services within the mesh. It can provide features such as service discoveryresilience, observability, and security for the microservices. On the other hand, the control plane defines policy and ensures the data plane follows that policy. A service mesh utilizes a proxy instance called a sidecar. This sidecar proxy is attached to the control plane, configuring and managing each sidecar concerning its designated service. Also, all network traffic from an individual service is filtered through the sidecar proxy.


API Gateway vs Service Mesh: What's the Difference?

Once user traffic has arrived at your Kubernetes cluster, there are two routing rules in which communication needs to be managed: into and out of the cluster (north/south) via an API Gateway like Edge Stack and between microservices within the cluster (east/west), managed by a service mesh. Watch this video by Richard Li to learn about the differences between an API gateway and a service mesh when working with microservices and Kubernetes.



Can an API Gateway and a Service Mesh be used together?

People often wonder whether they can use an API gateway and a service mesh together or if there’s a need for it. While both technologies have several similarities and aid effective traffic management and communication in cloud native applications, their significant difference lies in how they operate. For instance, the API gateway works at the application level, managing traffic from edge level client-to-service while the service mesh operates on the infrastructure level, dividing application functionality into microservices & managing internal service-to-service communication. When combined, you get a great end-to-end communication experience!

To minimize the effort developers spend on managing communications and maximize the agility of your application, it is recommended that you utilize a service mesh and an API gateway together on your application.

Why do you need a service mesh?

In Kubernetes, a service mesh can be customized and configured to handle a wide range of DevOps needs by DevOps teams. For instance, a service mesh offers the following:

Resilience

The need for resilient communication in distributed systems is certainly not new. A service mesh helps increase the overall resiliency of microservices-based applications by providing features like circuit breaking, retries, and timeouts, which mitigate the impact of failures, delays, and network issues. The ultimate goal of resilience is to ensure that failures or degradations of particular microservice instances don’t cause cascading failures that cause downtime for the entire distributed system, and that’s exactly what a service mesh provides.

Observability

A service mesh supports collecting all of the four golden metrics, and other additional ways to access your metrics, like viewing them through graphical dashboards and exporting them through APIs for use in other tools. Another way that service meshes provide observability is through distributed tracing - every service mesh implements distributed tracing in different ways, but they have a few things in common.


Distributed tracing in service meshes needs code modification for unique trace headers and a distinct backend. It deepens insights when standard metrics fall short, enhancing understanding and troubleshooting.

Security

A service mesh provides security by protecting the communications between pods by using Transport Layer Security (TLS) - which uses cryptography to ensure that the information being communicated can’t be monitored or altered by others. Service meshes also help with authentication and authorization by authorizing and authenticating requests made from both outside and within the app, sending only validated requests to instances. In addition to the aforementioned benefits, a service mesh enables organizations to easily adopt and establish the zero trust security model.

List of Top Service Mesh Products

Envoy Proxy service mesh is a popular choice for use as a data plane. Originally developed by Lyft, Envoy Proxy is now a Cloud Native Computing Foundation project, with hundreds of contributors from many companies such as AirBnb, Amazon, Microsoft, Google, Pinterest, and Salesforce. Different service mesh implementations have different feature sets - some promote simplicity, while others focus on capabilities. Here are the top service mesh platforms in the cloud native industry for your consideration:

Istio

The Istio service mesh is an open source project created by the engineering team at IBM, Google and Lyft. Istio uses Envoy as the sidecar proxy which enables it to simplify traffic management, security, connection, and observability in distributed systems.

Consul

Consul is a service mesh built by HashiCorp. It provides a networking layer that connects, secures, and configures service-to-service communication in distributed systems.

Linkerd

Linkerd is a simple, lightweight, and open source Kubernetes-native service mesh. It is a graduated project and unlike Istio which uses Envoy, Linkerd uses its own proxy called linked2-proxy.

AWS App Mesh

The AWS App Mesh is a service mesh built for EKS. It provides an out-of-the-box circuit breaking incorporated with tools like AWS X-Ray and Prometheus, thereby giving Kubernetes development teams more visibility.

What else should you know about service mesh?

How to utilize a service mesh in a Cloud native app

How to implement resiliency for distributed systems

  • Resilience strategies
  • Load balancing
  • Timeouts and automatic retries
  • Deadlines and circuit breakers

The service mesh interface (SMI) and how it works

How to use a service mesh to debug and mitigate app failures