YakobchukOlena - Fotolia

Linkerd vs. Istio fray dominates service mesh battle

Linkerd's maintainers admit it has a narrower range of features than buzz machine Istio. But after failed attempts to set up Istio, some early adopters believe less is more.

Linkerd vs. Istio is the main event in the battle of service mesh heavyweights. And, pound for pound, underdog Linkerd has held its own against the Google goliath so far.

It's still early for service mesh adoption among mainstream enterprises, many of which still struggle with Kubernetes and containers in production. A microservices infrastructure built on containers is a key precursor to service mesh, a set of network orchestration tools that provide fine-grained control over telemetry, security and network provisioning.

Linkerd, an open source project, was the first service mesh available in 2016, and the revamped Linkerd 2 -- initially dubbed Conduit -- arrived in 2018, with a focus on Kubernetes integration. Another open source project, Istio, was also released in 2018 by powerful backers, such as Google, IBM and Lyft, and soon captured much of the market's attention.

Initially, service mesh was the domain of web-scale companies, such as Netflix and Twitter, but it's headed for mainstream enterprise use.

"The complexities of east-west traffic management are growing for anyone with a reasonably large microservices footprint," said Fintan Ryan, analyst at Gartner. "Service mesh will become essential to microservices, and more people are getting serious about evaluating it."

There are numerous service mesh competitors in the market, with products from HashiCorp, Kong and NGINX, among others. But Linkerd 2 and Istio both focus on integration with Kubernetes. And by virtue of the container orchestration tool's momentum, they are at the center of the service mesh conversation in its early days.

Linkerd vs. Istio: Simplicity vs. versatility

Linkerd 2 doesn't yet match Istio's features. Linkerd 2.2, released this week, introduces automatic network request retries and timeouts and moves sidecar proxy auto-injection from an experimental phase to a fully supported feature. Both features were in Istio since its 1.0 release in July 2018. Mutual TLS (mTLS) encryption, a popular application security feature for service mesh early adopters, remains experimental in Linkerd 2.2.

Linkerd 2 is also more limited in its ability to perform dynamic tracing, and Linkerd 2's tight integration of the control plane, service discovery and sidecar layers limits configuration choices, compared with what's offered by Istio.

But, as IT pros experiment with service mesh deployments, the more significant difference is they've only been able to get one of these utilities to work, even just to kick the tires in test environments.

"[Istio] was complex to install, and you need to define external calls," said Jerome Mirc, senior software developer for Expedia Inc., an online travel service provider based in Bellevue, Wash. "It was not very friendly for the developer to know which server they need to be connected to and which port to open."

By contrast, Linkerd 2 was simple to install and use for Mirc, who primarily wants to use service mesh for advanced monitoring and telemetry on microservices apps. This also happens to be Linkerd 2's primary focus of development.

"Service mesh gives us a real-time view into microservices performance, and we can react quickly instead of waiting for Grafana or Graphite to update, or to check Splunk logs," Mirc said.

Linkerd 2 doesn't yet include tracing gRPC traffic on a TCP transport layer, but Mirc said he will try to bridge that gap with another tool. Otherwise, Linkerd 2 meets Mirc's needs for granular microservices monitoring.

Another early advantage for Linkerd 2 is its low performance overhead. One published benchmark test showed significantly higher queries-per-second performance on Linkerd vs. Istio, and this has been the anecdotal experience for early service mesh adopters, as well.

"Linkerd is very fast for a user space service mesh," said Christian Hüning, systems architect at Figo.io, a fintech startup in Hamburg, Germany, which plans to put Linkerd 2 into production this month alongside its first deployment of Kubernetes. "Its data plane is written in Rust, a very low-level and efficient language, and is decentralized, which avoids bottlenecks with control components."

While mTLS officially remains an experimental feature, it already works well for Figo, Hüning added.

Istio maintainers acknowledge manageability problems and formed the User Experience Working Group to address those issues. A Google spokesperson said users have reduced performance overhead by as much as 50% when they turned off Istio's Mixer policy feature, under which each sidecar proxy calls out to a centralized Mixer to validate every network call.

Linkerd 2.2 UI
Linkerd 2.2 UI offers visibility into Kubernetes namespaces.

Istio sews up market buzz, momentum

Linkerd 2 has been a boon for users frustrated with Istio, and increased competition in this market has validated the idea that service mesh is a mainstream enterprise technology, which also helps Linkerd.

The complexities of east-west traffic management are growing for anyone with a reasonably large microservices footprint. ... More people are getting serious about evaluating [service mesh].
Fintan Ryananalyst, Gartner

Still, the odds are long that Linkerd will ultimately rule the service mesh market. Istio has a close relationship with Kubernetes powerhouses and cloud service providers, which may sway user decisions more effectively than any technical consideration.

Even early service mesh adopters who turned to Linkerd 2 for its simplicity view Istio as a strong contender when packaged and hosted by cloud service providers such as Google Kubernetes Engine (GKE).

"We started going down the path of Istio on AWS, but after three months, we never got anywhere. It would send traffic only to some pods, or would get no traffic but a heartbeat," said a CTO for an analytics startup on the East Coast. Linkerd 2, meanwhile, installed with one command and connected all pods to the mesh with no manual configuration, he said.

However, the CTO, who requested anonymity because he hasn't yet made a final decision, said he's still torn between Linkerd 2 in a self-hosted AWS Kubernetes environment and a move to GKE with Istio as a service.

This type of consideration will ultimately win the market for Istio, some analysts predict.

"Debates like this often come down to who the champions of a particular technology are," said Tom Petrocelli, analyst at Amalgam Insights in Arlington, Mass. "Linkerd's main champion is Buoyant, while Istio seems to have captured the major vendor mindshare, with IBM, Red Hat and Google all looking at Istio as the way to go."

Expedia's Mirc said it's still uncertain which service mesh will end up in production for the company at large, particularly if AWS launches a hosted Istio service to compete with Google's.

"We need to do performance testing to see if we're happy with the overhead for Linkerd, and every team makes its own decisions about what to use," Mirc said. "I don't know what the wider company will use. It's difficult for a small team to push a specific tool."

Dig Deeper on Containers and virtualization