kentoh - Fotolia
A wide range of organizations are adopting software networking to improve the agility, automation, flexibility and interoperability of their network designs. Service mesh technology is one such example of software-based networking.
Software-based networking contains the following attributes:
- automated deployment, configuration and management;
- easily adaptable, customizable and programmable with open APIs;
- open, multivendor and interoperable with a variety of other network software; and
- platform-independent via software abstraction, supporting a variety of hypervisor, virtualization and container technologies.
Because service mesh is one example of software networking, it shares similarities with concepts like software-defined networking (SDN) and network functions virtualization (NFV). But service mesh architecture is designed independently of SDN controllers or the European Telecommunications Standards Institute's NFV architecture. Instead, service mesh focuses on providing the networking intelligence between microservices -- applications that are separated into modular services -- on container-based infrastructure.
A service mesh is infrastructure software that provides fast and reliable communication between microservices. Its networking features include application identification, load balancing, authentication and encryption. Network requests are routed between microservices via proxies -- or sidecars -- that run alongside the service. These proxies form a mesh network to connect the individual microservices.
A central controller provides for access control, network and performance management and integrates with container software, such as Kubernetes. Similar to an SDN architecture, service mesh has a distinct data plane and control plane.
SDN vs. NFV vs. service mesh
SDN separates the control plane from the data plane to enable a deeper level of control for application traffic. It creates a virtualized network overlay, which abstracts the underlying network to quickly respond to network changes and efficiently forward traffic. SDN can also use microsegmentation to create isolated subnets, which limits access and communication among specified network elements.
NFV moves traditional network functions -- like routing, firewalls and load balancing -- out of physical hardware to run as virtual network functions (VNFs). Ideally, NFV can package certain VNFs together and streamline the process of provisioning and upgrading network functions or applications. NFV and microservices share a similar modular architecture, and VNFs can even be deployed on microservices architecture.
Service mesh provides communication, forwarding and control between microservices, which are large applications built as modular services. Service mesh architecture also separates the control plane from the data plane, which enables the mesh to create a mesh -- or an abstracted overlay -- at the application layer and use centralized policies for management.
Why service mesh is important
Distributed microservices applications require new network capabilities -- and scale -- for routing, load balancing and performance monitoring across east-west traffic. Service mesh architecture provides logical isolation of microservices applications from the complexity of network routing and security requirements. The abstraction provided by service mesh enables rapid and flexible deployment of microservices independent of the physical network.
Service mesh options
Organizations deploying distributed microservices on containers have a number of service mesh technology options, both vendor-supported and open source. Istio is a leading open source service mesh option driven by Google and Red Hat. Other open source projects include Linkerd, HAProxy and Envoy.
AWS has its own service mesh offering -- App Mesh -- for its customers. Also, Cisco is promoting its Network Service Mesh, which adds Layer 2 and Layer 3 network functionality. Software networking suppliers and startups also provide service mesh software, including Avi Networks, Citrix, F5's Nginx, Kemp Technologies, Tetrate and VMware, among others.
Dig Deeper on Network Infrastructure
Related Q&A from Lee Doyle
SD-WAN technology is available in a variety of business models, including SD-WAN as a service and managed SD-WAN. But how do the different ... Continue Reading
When contemplating SD-WAN managed services, organizations should ask questions about network security, infrastructure compatibility and bandwidth ... Continue Reading
In a world teeming with IoT devices -- and the resulting data -- SD-WAN and SD-branch can provide the security, visibility and connectivity the IoT ... Continue Reading