# Service Mesh A service mesh is a dedicated infrastructure layer that manages service-to-service communication within a distributed application. It uses lightweight network proxies (called sidecars) deployed alongside each service instance to handle traffic routing, load balancing, encryption, authentication, and observability without requiring changes to application code. Popular service mesh implementations include Istio, Linkerd, and Consul Connect. These tools provide features such as mutual TLS encryption between services, circuit breaking, retry logic, traffic splitting for canary deployments, and distributed tracing. The control plane manages configuration, while the data plane (sidecar proxies) handles actual traffic. Service meshes and API gateways serve complementary roles. An API gateway manages north-south traffic (external clients to internal services), while a service mesh manages east-west traffic (service-to-service communication within the cluster). In a microservices architecture, the API gateway handles external concerns like API key validation and rate limiting, while the service mesh handles internal concerns like mutual authentication, traffic policies, and observability between backend services. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.serverlessapigateway.com/glossary/s/service-mesh.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.