Service Mesh
A dedicated infrastructure layer built into an app. This invisible layer facilitates service-to-service communications between services or microservices, using a proxy.
Last updated
A dedicated infrastructure layer built into an app. This invisible layer facilitates service-to-service communications between services or microservices, using a proxy.
A service mesh is a dedicated infrastructure layer that manages service-to-service communication within a distributed application. It uses lightweight network proxies (called sidecars) deployed alongside each service instance to handle traffic routing, load balancing, encryption, authentication, and observability without requiring changes to application code.
Popular service mesh implementations include Istio, Linkerd, and Consul Connect. These tools provide features such as mutual TLS encryption between services, circuit breaking, retry logic, traffic splitting for canary deployments, and distributed tracing. The control plane manages configuration, while the data plane (sidecar proxies) handles actual traffic.
Service meshes and API gateways serve complementary roles. An API gateway manages north-south traffic (external clients to internal services), while a service mesh manages east-west traffic (service-to-service communication within the cluster). In a microservices architecture, the API gateway handles external concerns like API key validation and rate limiting, while the service mesh handles internal concerns like mutual authentication, traffic policies, and observability between backend services.
Last updated