alex_aldo - Fotolia

Tip

How service mesh enables microservices networking

As microservices applications grow more popular, IT teams need to enable reliable networking between them for proper communication. That's where service mesh comes in.

Service mesh is the latest darling networking technology to revolutionize application networking services. A service mesh is designed to enable reliable communications, security and analytics to microservices applications that run on containers. Microservices are becoming an increasingly popular platform to drive DevOps teams' Agile application development.

Microservices and containers rely on the physical network to communicate with each other and link to other applications. IT and security teams need to create an architecture to support the unique scale, performance and management required by production microservices deployments. Service mesh provides powerful networking capabilities but can be difficult to deploy and manage at scale.

Service mesh technology continues to evolve, with many supplier options and limited standards agreement. While a service mesh is a good fit for large microservices application deployment, it can be overkill and too complex for smaller or pre-production applications. IT departments need to carefully evaluate their microservices networking options, including various service mesh variants, as part of their overall application networking architecture.

How microservices affect data center networking requirements

Applications based on microservices have a different architecture than popular hypervisor-based applications. For example, microservices have dozens of applets running on individual containers on different servers or cores. The high-frequency transactions between these microservices within a single application may require low latency and significant bandwidth.

Service mesh provides powerful networking capabilities but can be difficult to deploy and manage at scale.

Container-based microservices can often move their physical location between servers and provide limited reporting data on their rapidly moving location and changing status. These factors can make it difficult for IT professionals to find the microservices and resolve application performance issues.

Application developers do not want or need to understand the complex underlay of network protocols that connect microservices. Instead, they want to simply describe the various network and security requirements of their applications. Organizations require the following capabilities to connect microservices-based -- or containerized -- applications:

  • ability to connect small-, medium- and large-scale applications;
  • easy networking with isolation from network complexity;
  • ability to connect and run applications in internal data centers and public cloud; and
  • granular security controls.

As microservices deployments become mainstream for many organizations, container network services will need to be fully integrated into the overall networking and security management systems.

Networking microservices with a service mesh

A service mesh is networking software that provides reliable, secure communications between microservices. Its networking features include abstraction, quality of service and security -- e.g., authentication and encryption. Network requests are routed between microservices via sidecar proxies that run alongside the service. These proxies form a mesh network to connect the individual microservices. A central controller provides access control and network and performance management.

service mesh architecture
Each microservice has its own sidecar proxy that manages traffic and communication between services.

A service mesh provides logical isolation of microservices applications from the complexity of network routing and security requirements. The abstraction provided by a service mesh enables rapid and flexible deployment of microservices independent of the physical network.

Service mesh providers

Organizations deploying distributed microservices on containers have a number of service mesh technology options. Istio is a leading open source service mesh option driven by Google. Red Hat provides support for its open source service mesh version. Leading cloud players -- such as AWS, Microsoft and Google -- provide service mesh offerings within their IaaS offerings. Many networking vendors also provide their own service mesh offerings.

Citrix

Citrix offers a variety of service mesh architectures to balance requirements and simplicity, from simple two-tier ingress to feature-rich service mesh. Citrix supports service mesh and integration with Istio. For customers who want service mesh-like benefits but prefer simplicity, Citrix offers Service Mesh Lite.

F5

F5 offers two service mesh options. Aspen Mesh provides an Istio-based architecture designed to meet large-scale deployments with thousands of microservices. F5's Nginx provides a simpler option designed for hundreds of microservices and integrates Nginx Ingress and API gateway functionality into a service mesh.

VMware

VMware Tanzu Service Mesh (TSM) capabilities include application continuity, resiliency and security that add value to enterprise initiatives focused on application modernization, multi-cloud and data protection. TSM integrates with VMware NSX Advanced Load Balancer for multicluster ingress services and enables application teams to directly provision service mesh for their applications.

Service mesh challenges

Service mesh is a powerful but complex technology -- one that isn't easy to learn or implement, especially for personnel without a networking background. Service mesh implementations are in their early stages of deployment in most enterprises, and the technology is continually evolving, making it difficult for many IT shops to develop best operational practices.

A service mesh adds another networking option to an already complex data center network architecture that comprises physical and logical elements, such as Ethernet, switches, routers, firewalls, application delivery controllers and more. IT teams will need to figure out how to integrate service mesh operations and management into their overall application, security and network automation platforms.

Recommendations for IT leaders

Microservices built on containers provide DevOps teams with the capabilities to rapidly develop new distributed applications. Microservices-based applications require new networking, security and analytics capabilities. As microservices move from pilot to production implementations, it can be challenging to network them at scale.

Service mesh enables significant networking and security benefits for microservices applications. It abstracts the networking infrastructure, thus enabling microservices applications to maintain their networking and security polices without interaction with the data center networking team for each change.

Microservices, container and service mesh technologies are in their early stages of deployment in most enterprise environments. IT teams must evaluate a plethora of service mesh options -- e.g., cloud, open source and vendor-supplied -- as the technology continues to mature.

Service mesh is best suited for mission-critical applications at significant scale and may be too complex for smaller applications. For applications that are well suited to service mesh deployments, IT organizations will need a plan to integrate service mesh technology into their overall management and automation platforms.

Next Steps

Using microservices and containers in network automation

Dig Deeper on Cloud and data center networking

Unified Communications
Mobile Computing
Data Center
ITChannel
Close