Historically, developers independently implemented error handling, observability, and security within each application or microservice to ensure the success of inbound and outbound communication requests. However, as different teams repeated the process and coded similar functionality into each application (often using different programming languages), complexity, fragmentation, and security vulnerabilities were introduced into the environment.
A service mesh addresses this problem by “outsourcing” the management of service-to-service communication requests to an out-of-process application. Typically implemented alongside the workload as a “sidecar” proxy, a service mesh simplifies and streamlines runtime operations. Comprising a “data plane” of interconnected network proxies and a “control plane” for configuring the proxies and collecting metrics, it provides a shared infrastructure layer to manage intra-service runtime communications within a distributed, microservice-based software architecture.
Application agnostic and fully portable, the service mesh can be adopted by an organization to support any service written in any language or framework. Adding uniform capabilities across the environment, a service mesh provides authentication, authorization, discovery, encryption, load balancing, logging, observability, routing, and tracing.
While implementing a service mesh has zero impact on application code (other than “desired changes” such as the removal of redundant functionality handled by the mesh, propagating mesh headers to enable tracing, or other changes to maximize the benefits of the mesh), it does affect operational procedures and requires the familiarization of DevOps personnel with new concepts and technologies. Additionally, as an emerging technology, taking the time to choose the right service mesh for your organization is essential due to the additional complexity, latency, and resource consumption involved.
Although service mesh patterns can be applied to both monolithic and microservice-based applications, this study focuses on the latter running on various platforms, including containers/Kubernetes and virtual machines (VMs). Also known as K8s, Kubernetes is an open source orchestration platform automating the deployment, management, and scaling of containers.
This report provides an overview of the service mesh landscape based on the following table stakes, which are mature, stable solution features common across all service meshes:
- Dedicated Infrastructure Layer: Delivering fast, reliable, and secure service-to-service communications, a service mesh is a dedicated infrastructure layer fully integrated within the distributed application to control the delivery of service requests. The infrastructure layer provides several functions, including service discovery, authentication and authorization, health checks, failure recovery, load balancing, and observability via the “data plane.”
- Sidecar Implementation: Like a sidecar attached to a motorcycle, a sidecar implementation provides third-party functionality alongside the actual workload within the container. A service proxy—such as Envoy—is attached to a workload during deployment to manage service-to-service communications within a service mesh. All management capabilities required by the workload (monitoring, control, and security) are implemented without changing a single line of application code.
- Control Plane Configuration: Comprising a set of APIs and tools used to control proxy behavior across the mesh, the control plane automatically configures data plane service proxies. Transforming a collection of isolated, stateless sidecar proxies into a distributed system, the control plane implements policies across all data planes running within the mesh.
- Control Plane Telemetry: In addition to configuring and managing proxies used to route traffic and enforce policies, the control plane collects telemetry data for each request. The detailed statistics, logging, and distributed tracing data collected provide observability into service behavior for troubleshooting, maintenance, and service optimization.
With many different service meshes and options available—and the landscape evolving—choosing the best service mesh for your organization depends on your use cases, existing software stack, architectural choices, and in-house capabilities. Your internal resources and skillsets most likely will influence your decision as to whether you adopt a lightweight, developer-friendly service mesh such as Linkerd or NGINX, or an Istio-based solution.
We recommend using this report to explore the different service meshes and delivery models available on the market, while identifying those matching your business requirements, use cases, and capabilities. Then, contact the relevant open source community or commercial vendor for additional information on features, deployment models, and cost…
Related Projects
Chris is an engineer and leader of the highest caliber as demonstrated by his ongoing volunteer responsibilities within the Internet technical community and his unwavering drive.
Chris was an excellent coach, mentor and problem solver. Chris consistently possesses a “can do” attitude while taking on more and more responsibility and taking the time to fully understand, upskill and learn as required for success. Chris is very organized and patient. He is proactive in identifying and addressing risks and issues that could erstwhile derail hard-earned successes. Chris’ list of talents and intangibles is long, but never a surprise once you get the opportunity to work with him.
As Chris’ Editor for Exploring IPv6, a Day One book, he kept to his schedule, output exceedingly lucid prose, and gave a sense of instructional design to an extraordinary tough technology to deploy. On time, better than could be expected, and executed with grace.
Chris is an excellent worker with a driving pulse for new technology and leading the industry. His work ethic is second-to-none and his teaming with others always ensures fantastic collaboration with positive outcomes. I am confident that Chris will continue to drive new technology evolution in our industry.
Chris is very knowledgeable, is always willing to explain and discuss, and is great at pulling together everyone’s input and moving things forward. Working with him has been a great experience.
Chris is one of the most professional individuals I have ever worked with. His dedication to the success of our organization was paramount. I always relied on him to engage in intricate troubles knowing they would receive appropriate attention and follow through. Chris is an immediate asset to any organization and is most certainly.
We appreciated his work ethics and clarity of thought. His mind was always on the “next step” and kept us all on our toes.
Chris is an excellent organizer and leader with vision and energy. He pulled together the Colorado Chapter of the Internet Society, wrote the inital by-laws and saw the process through to the actual chapter formation.
I’ve never met anyone who worked as hard as he did at learning and absorbing new skills and technologies and then applying them to his work. He’s a very fast learner and an asset to anyone who has the fortune to work with him.
Together we conquered many challenges, won impossible battles in the vendor industry and created a unique security practice. He has an interesting set of talents of being an engineer, innovator, and a thought leader, but never mixes any of these roles. That is what makes him successful as a leader. “Never be comfortable” is what Chris would tell me, which is what pushed me to do my first tech talk. I now have dozens behind me within some of the largest conferences known in the security vendor industry. Chris is nothing short of supernatural.
Chris Grundemann was among the most energetic and competent members of our Council throughout his time as an elected member. I found(find) Chris a most thoughtful man who brought insight and experience to the role, but was also always a genuine and professional member exerting leadership with tact and good humor. I think highly of Chris both as a technical professional and community leader, but also as a trusted friend.
He would always be available as a sounding board for complex issues and provided me with amazing insight on long term planning and ways to scale up teams and business processes.
His intelligence and wit are only outshone by his friendly and helpful nature. Working with Chris is always a pleasure and a smashing success.
Working with Chris has been a real pleasure. He is open, friendly, intelligent, discreet, skilled, productive, driven, resourceful and trustworthy! Our organisation has really benefitted from Chris’s skills and knowledge.
Chris is a talented technologist with a keen eye for marketing. This combination of skills has been a powerful asset in his role. Over the course of the 4 years that I worked with Chris, he presented at numerous events & conferences, and was a thought leadership partner. He was pivotal in honing Myriad360’s mission and developing a cohesive strategy for the company. Chris earns my highest recommendation.
Chris is highly technical and has excellent organizational and follow up skills. I assigned Chris several initiatives while assigned to my team and his performance was exceptional. He is self motivated and has extensive technical knowledge.
One thing everyone should know about Chris, he always provides nothing less then quality customer service and technical support. His professionalism and skill far exceeds all expectations because he always goes the extra mile.
Through the several tasks that we spent together in a professional environment, I have seen Chris accomplish things that many would consider impossible – both as a professional and technically – and neither has been a disappointment. Chris is a calculated risk-taker. He has an uncanny way of determining what the target market needs and has the capability of tweaking his designs and implementations accordingly. As a pragmatic leader and a realist, he can grasp ideas in a holistic manner and still pay attention to minor details. Chris has a well-deserved reputation as someone who is diligent and personable – two qualities that define him completely. As someone who is a creative thinker and possesses a can-do attitude, Chris is a pleasure to work with.
In a wireless organization the network your products operate on needs to be reliable, dependable and operating at top efficiency. Chris made sure that was a reality. Chris was a leader in the day to day operation of our network, on initiating improvement designs for the future and helping out the other departments to close performance gaps. There was never a problem to hard to solve, a solution he was not willing to seek out or a cutting edge idea he hadn’t already researched.
Chris is a superior problem-solver with great people skills and ability to ask the really hard questions. A team player who is engaged and approachable, I expect Chris will have significant impact in the tech industry.
Chris consistently generates and delivers on new and creative ideas both within the guided bounds of a project or team goal as well as when left unbounded and allowed to explore. In addition Chris is a great team player willing to help whenever asked. Chris is also a competent and organized leader with great communication skills capable of managing projects from inception to completion.
Chris was always on top of current technology and how this technology would fit into his current network environment. Chris was a pleasure to work with and will be an asset to any organization lucky enough to hire him.
Chris is a consummate professional. Motivated, expressive, talented in everything he attempts. His skills in making things happen for the better are top notch.
Chris is an exceptionally energetic individual, a talented thinker and an accomplished public speaker. He is a very rewarding person to work with due to the level of organization he brings to every project. He has vision and probity, a rare combination. I has been a great privilege to work with him.
Chris is objective, strategically insightful, sharp and on to