How service mesh enables microservices networking

Service mesh is the latest hot networking technology that revolutionizes application networking services. Service mesh is designed to provide reliable communication, security, and analytics capabilities for microservice applications running on containers. Microservices are becoming an increasingly popular platform, driving agile application development for DevOps teams.

[[352259]]

Microservices and containers rely on physical networks to communicate with each other and link to other applications. IT and security teams need to create architectures to support the unique scale, performance, and management required for production microservices deployments. Service meshes provide powerful networking capabilities but can be difficult to deploy and manage at scale.

Service mesh technology continues to evolve, and now there are many vendor options and limited standard protocols. While service mesh is well suited for large microservices application deployments, it may be overkill and too complex for smaller or pre-production applications. IT departments need to carefully evaluate their microservices networking options, including various service mesh variants, as part of their overall application network architecture.

How Microservices Impact Data Center Networking Requirements

Microservices-based applications have a different architecture than popular hypervisor-based applications. For example, microservices have many small applications running on a single container on different servers or cores. In a single application, the high-frequency transmission between these microservices may require low latency and a lot of bandwidth.

Container-based microservices can often move their physical location between servers and provide limited reporting data about their rapidly moving locations and state changes. These factors can make it difficult for IT professionals to find microservices and troubleshoot application performance issues.

Application developers do not want or need to understand the complex underlying network protocols that connect microservices. They just want to simply describe the various network and security requirements of their applications. Enterprises need the following capabilities to connect microservices-based or containerized applications:

• Capabilities to connect small, medium, and large applications;
• Easy to network and avoid network complexity;
• Connect and run applications in both on-premises data centers and public clouds;
• Granular security controls.

As microservices deployments become mainstream in many enterprises, container network services will need to be fully integrated into the overall network and security management systems.

Implementing Microservices Networking with Service Mesh

A service mesh is networking software that provides reliable, secure communication between microservices. Its networking capabilities include abstraction, quality of service, and security - such as authentication and encryption. Network requests are routed between microservices - through sidecar proxies that run alongside the services. These proxies form a mesh network to connect individual microservices. A central controller provides access control as well as network and performance management.

Service mesh enables microservice application logic to isolate the complexity of network routing and security requirements. The abstraction provided by service mesh supports rapid and flexible deployment of microservices independent of the physical network.

Service Mesh Providers

Enterprises deploying distributed microservices on containers face many service mesh technology options. Istio is the leading open source service mesh option driven by Google. Red Hat provides support for its open source service mesh version. Leading cloud service providers such as AWS, Microsoft, and Google offer service mesh products in their IaaS offerings. Many network vendors also offer their own service mesh products.

(1) Citrix

Citrix offers multiple service mesh architectures to balance requirements and simplicity, from a simple two-tier ingress to a feature-rich service mesh. Citrix supports service mesh and integration with Istio. For customers who want benefits similar to service mesh but prefer simplicity, Citrix offers Service Mesh Lite.

(2) F5

F5 offers two service mesh options. Aspen Mesh provides an Istio-based architecture designed to meet large-scale deployments with thousands of microservices. F5's Nginx provides a simpler option for hundreds of microservices and integrates Nginx Ingress and API gateway capabilities into the service mesh.

(3) VMware

VMware Tanzu Service Mesh (TSM) capabilities include application continuity, resiliency and security, adding value to enterprise initiatives focused on application modernization, multi-cloud and data protection. TSM integrates with VMware NSX Advanced Load Balancer to provide multi-cluster ingress services and enables application teams to directly provision service meshes for their applications.

Service Mesh Challenges

Service mesh is a powerful but complex technology—one that is not easy to learn or deploy, especially for someone without a networking background. Service mesh deployments are in the early stages of deployment in most enterprises, and the technology is constantly evolving, making it difficult for many IT departments to develop best practices.

Service mesh adds another networking option to a complex data center network architecture that consists of physical and logical elements such as Ethernet, switches, routers, firewalls, application delivery controllers, etc. IT teams will need to figure out how to integrate the operation and management of service mesh into their overall application, security, and network automation platforms.

Advice for IT managers

Container-based microservices enable DevOps teams to quickly develop new distributed applications. Microservices-based applications require new networking, security, and analytics capabilities. As microservices transition from pilots to production deployments, networking at scale can be a challenge.

Service mesh brings significant networking and security benefits to microservice applications. It abstracts the network infrastructure, allowing microservice applications to maintain their network and security policies without having to interact with the data center network team for every change.

Microservices, containers, and service mesh technologies are in the early stages of deployment in most enterprise environments. As the technology continues to mature, IT teams must evaluate a multitude of service mesh options—for example, cloud, open source, and vendor-provided options.

Service mesh is best suited for large-scale, mission-critical applications and may be too complex for smaller applications. For applications that are well suited for service mesh deployment, IT organizations will need to develop a plan to integrate service mesh technology into their overall management and automation platform.