layer5.io/landscape
Playground
WHICH SERVICE MESH SHOULD I USE AND HOW DO I GET STARTED?
Â
Learn about the functionality of different service meshes and visually manipulate mesh configuration.
Performance Benchmark
WHAT OVERHEAD DOES BEING ON THE SERVICE MESH INCUR?
Â
Benchmark the performance of your application across different service meshes and compare their overhead.
layer5.io/meshery
@lcalcote
Data Plane
Ingress Gateway
Egress Gateway
No control plane? Not a service mesh.
Egress Gateway
Control Plane
Data Plane
Ingress Gateway
Control Plane
Data Plane
You need a management plane.
Ingress Gateway
Egress Gateway
Management
Plane
Pilot
Citadel
Mixer
Control Plane
Data Plane
istio-system namespace
policy check
Foo Pod
Proxy Sidecar
Service Foo
tls certs
discovery & config
Foo Container
Bar Pod
Proxy Sidecar
Service Bar
Bar Container
Out-of-band telemetry propagation
telemetry
Â
reports
Control flow
application traffic
Application traffic
application namespace
telemetry reports
Galley
Ingress Gateway
Egress Gateway
Control Plane
Data Plane
linkerd-system namespace
Foo Pod
Proxy Sidecar
Service Foo
Foo Container
Bar Pod
Proxy Sidecar
Service Bar
Bar Container
Out-of-band telemetry propagation
telemetry
Â
scarping
Control flow during request processing
application traffic
Application traffic
application namespace
telemetry scraping
destination
Prometheus
Grafana
tap
web
CLI
proxy-api
public-api
proxy-injector
Client
Edge Cache
Istio Gateway
(envoy)
Cache Generator
Collection of VMs running APIs
service mesh
Istio VirtualService
Istio VirtualService
Istio ServiceEntry
Situation:
Â
Benefits:
Out-of-band telemetry propagation
Application traffic
Control flow
Service A
Service A
Service A
linkerd
Node (server)
Service A
Service A
Service B
linkerd
Node (server)
Service A
Service A
Service C
linkerd
Node (server)
Advantages:
Less (memory) overhead.
Simpler distribution of configuration information.
primarily physical or virtual server based; good for large monolithic applications.
Â
Disadvantages:
Coarse support for encryption of service-to-service communication, instead host-to-host encryption and authentication policies.
Blast radius of a proxy failure includes all applications on the node, which is essentially equivalent to losing the node itself.
Not a transparent entity, services must be aware of its existence.
Advantages:
Good starting point for building a brand-new microservices architecture or for migrating from a monolith.
Disadvantages:
When the number of services increase, it becomes difficult to manage.
Advantages:
Granular encryption of service-to-service communication.
Can be gradually added to an existing cluster without central coordination.
Disadvantages:
Lack of central coordination. Difficult to scale operationally.
Advantages:
Works with existing services that can be broken down over time.
Disadvantages:
Is missing the benefits of service-to-service visibility and control.
a multi-service mesh performance benchmark and playground
Configuration
Security
Telemetry
Control Plane
Data
Plane
service mesh ns
Foo Pod
Proxy Sidecar
Service Foo
Foo Container
Bar Pod
Proxy Sidecar
Service Bar
Bar Container
Out-of-band telemetry propagation
Control flow
application traffic
http / gRPC
Application traffic
application namespace
Ingress Gateway
Egress Gateway
Management
Plane
meshery
adapter
gRPC
kube-api
kube-system
@lcalcote
layer5.io/meshery
Application resource consumption
@lcalcote
layer5.io/meshery
Application resource consumption
@lcalcote
layer5.io/meshery
Istio
Linkerd
Consul
@lcalcote
layer5.io/meshery
Istio
Linkerd
Consul
@lcalcote
layer5.io/meshery
Cores | Threads | Istio (2) | Linkerd |
---|---|---|---|
8 | 8 | 1 | 1 |
8 | 16 | 1.7 | 1.8 |
8 | 32 | 3.2 | 3.4 |
8 | 100 | 9.3 | 9.6 |
(2) mTLS on, tracing off
@lcalcote
layer5.io/meshery
Cores | Threads | Istio (1) | Istio (2) | Linkerd |
---|---|---|---|---|
8 | 8 | 1 | 1 | 1 |
8 | 16 | 1.4 | 1.7 | 1.8 |
8 | 32 | 18.4 | 3.2 | 3.4 |
8 | 100 | 52.2 | 9.3 | 9.6 |
(1) mTLS on, tracing on
(2) mTLS on, tracing off
A project and vendor-neutral specification for capturing details of:
Environment / Infrastructure
Number and size of nodes, orchestrator
Service mesh and its configuration
Service / application details
Bundled with test results.
Â
github.com/layer5io/service-mesh-benchmark-spec
@lcalcote
layer5.io/meshery
@lcalcote
layer5.io/meshery
a Service Mesh Community
layer5.io/subscribe