Service Mesh
Enable microservices with reliable, secure, and scalable communications
So what is a service mesh?
A service mesh is an infrastructure layer that abstracts application networking from the business logic of your application services. A service mesh can provide a configurable network layer for communication between services using their APIs. Communication between the application services are facilitated through the sidecar proxies forming the data plane, and that communication is managed through the service mesh’s control plane. Service mesh technologies include Istio, Linkerd, AWS App Mesh, HashiCorp Consul Connect, Open Service Mesh, and these kinds of mesh services are often built on the Envoy Proxy.
Why do you need a service mesh?
The rising popularity of microservices and container orchestration (like Docker and Kubernetes) creates a new challenge for service-to-service communication. These microservices are comprised of potentially hundreds of loosely coupled services that are dynamic, ephemeral, and distributed making the network between them critical to the application service.
And a service mesh can help bridge that communication gap.
Unlike monolithic applications that usually direct incoming traffic to a single application instance, microservices need to handle incoming traffic to many application instances and manage the traffic between the services. Incoming traffic to the cluster is often called north-south while the service-to-service communication within the cluster is called east-west. A service mesh enables and manages the east-west communications.
What can you do with a service mesh?
A service mesh solves challenges in building and operating microservices applications by managing networking and providing insight and control into your distributed application’s behavior. A service mesh provides functionality including service discovery, client-side load balancing, timeouts, retries, and circuit breaking, which all work regardless of their application service framework or language. A service mesh also provides a set of networking controls over traffic routing, policy enforcement, strong identity (authentication and authorization), and security (encryption, mTLS). You can extend new functionality to your applications through the service mesh. Examples of extensibility include progressive delivery, chaos engineering, and operators for automating your service mesh’s behavior.
Challenge
Organizations looking to adopt microservices and service meshes are faced with choices in mesh providers and often need to build tooling to handle security and operations. Issues include:
- Ever increasing number of service mesh options available
- Each service mesh has a different implementation, APIs and integration points
- Each service mesh presents a different operating model
Solution
Get the flexibility to use any service mesh on any infrastructure with the controls to manage your diverse environments in a consistent way.
- Flexibility to choose any service mesh at any time for your applications
- Unify service mesh management and improve extensibility through an API translation layer
- Ensure configuration consistency and compliance
Simplify service mesh adoption and operations
Configure
Manage
Extend
Open Source
Try Gloo Mesh open source to configure and manage Istio, App Mesh, and Open Service Mesh clusters
Enterprise
Get added enterprise security, scalability, observability, and support for validated upstream Istio software including 24/7 production support, long-term support (LTS), patches, and hot-fixes.
Customize Your Service Mesh
Build opinionated operators for an adaptive service mesh and custom proxy filters.
