With the adoption of microservices, the concept of service mesh has gained significant attention. In this article, we are discussing an overview of the service mesh and how it benefits the microservices architecture.
Microservices are a software development paradigm, which allows software to be developed/deployed as independent application units which communicate with other applications via well defined interfaces to fulfill a specific task. This allows each microservice to be scaled, updated and managed independently.
Microservices are heavily reliant on communication with other microservices. Therefore, the network topology can be complex in a microservice architecture. Hence, it is likely to experience certain challenges such as security, reliability or traffic management.
To rectify these problems, it is important that the deployment supports observability to identify where the actual error occurs and how the network calls are behaved. Further, it is better to have the reliability features to ensure more stable deployment. To ensure transport level security, it is important to impose SSL communication between microservices. With the rolling out of new versions of microservices,it might be necessary to do canary release or A/B testing etc to avoid any potential issues. In the event of an issue in a rollout, it is important to have a smooth transition and a rollback plan. With a release of a new version,
It is possible to implement the above discussed features such as observability, security, reliability and traffic management capabilities embedded to the microservice applications. This would be an additional overhead to development and maintenance of these features within the microservices themselves.
What is a service mesh?
Service mesh is an infrastructure level entity which can be added to a microservice based environment to enhance the quality of communication among the microservices. It enables network proxies to be deployed alongside microservices. These proxies, known as sidecar proxies; impose the above capabilities to the microservice environment without having to implement them in the application layer. Some of the famous service meshes are Istio, Linkerd.
Service mesh typically contains a control plan and a data plan. Control plan is where the configurations are being made. These configurations are pushed to the side car proxies(data plane) by controle plane. Further the control plane collects metrics from the sidecar proxies as well. Also the control plane injects the proxies into the microservices.
The “data plan” is where the communication is handled between microservices. Sidecar proxy belongs to the data plane. The sidecar proxy intercepts the incoming and outgoing traffic of the microservice application and imposes the management tasks that have been configured by the control plane. The data plane pushes the telemetry/metrics to the control plane for further processing.
Above diagram depicts how the network communication happens in a service mesh. It can be seen that any kind of traffic that is coming to service A will be intercepted by the sidecar proxy and passed to the microservice A. If microservice A calls a different microservice (in our example microservice B), the outgoing traffic also will be intercepted by the sidecar proxy.
Then the sidecar proxy will route the traffic to service B, which the sidecar proxy of service B will intercept and pass it to the microservice B.
Capabilities of Service Mesh
Advanced Traffic Management
Load balancing is an important element in a distributed environment. Service mesh provides several load balancing approaches such as weighted load balancing,round-robin, least connections, random etc. Service meshes are advanced enough not to make a single instance a bottleneck. This allows optimum resource utilization and improves the stability and availability of the environment.
Further, service meshes provide advanced traffic routing capabilities. This allows the requests to be routed based on specific rules/policies such as path based routing, header-based routing and content based routing. This improves the deployment strategies by allowing the teams to conveniently try out the blue/green deployment, canary releases or A/B testing. This ensures a smooth rollout process and minimizes the impact in case of an issue with a new release.
In a distributed network, intermittent and temporary network issues could lead to unnecessary errors to affect the resiliency. But the service meshes provides a solution for this by automatically retrying the affected requests.The number of times to retry,the internal and duration can be configured in the service mesh artifacts.
Since microservices are communicating with other microservices, an issue in a single microservice would lead to cascading failures. Service meshes provide the “circuit breaking” feature to prevent this issue by stopping requests after reaching a certain failure threshold. After a defined time period, the requests will be resumed to be accepted by the service.
To make sure the availability of the environment, it is important only to allow the requests that the infrastructure can handle. Further, based on certain criterias, the requests might need to be limited over a specific time period to prevent excessive usage,abuse or attack to a service. With the service meshes rate limiting feature, this can be achieved by configuring the time period, number of requests and rate limiting criteria.
Security
Security is one of the most significant aspects in microservice architecture. Since microservices communicate with other microservices, they are prone to man-in-the-middle attack. Services meshes enforce Mutual TLS between network communication between microservices. This makes sure that the data in transit is always encrypted. Additionally, service meshes also take care of the certificate rotation, by avoiding the certificate management hassle for the developers/devops.
Addition to above, service meshes support request authentication and authorization as well. This ensures only the intended and secured traffic will reach out to the services. Service meshes provide custom resource definitions to define the authentication and authorization policies, which you can easily deploy in the environment and will reflect on the services real time.
Observability
In a microservice architecture, services communicate with each other, resulting in potentially complex network topology. Hence, it is important to have the ability to analyze the network communication to identify bottlenecks, to collect metrics and tp troubleshoot.
Distributed tracing is a significant feature in microservice systems to collect data on how network calls flow through the network. The data received from the tracing allows the developers to get a clear view and identify bottlenecks in the system. It further enables developers to troubleshoot complex issues and isolate the potential erroneous services. Popular tools such as Jaegr, Zipkin etc are integrated with service meshes out of the box allowing developers to utilize this capability conveniently.
Additionally, metrics such as traffic info(request rate), latencies, error info etc are crucial to maintain a stable system by proactively providing solutions to mitigate any potential issues. Service meshes provide the capability of integrating the environments with tools such as Prometheus to utilize this feature.
Further, service meshes provides HTTP access log information to keep records of request metadata. This information could be helpful during troubleshooting issues within the microservices environments.
Conclusion
In the microservice architecture, the network topology can be complex and would lead to unexpected challenges and limitations. To mitigate these challenges and limitations conveniently, the service meshes are introduced.
A service mesh is a network level infrastructure which could be deployed alongside microservices.
The service meshes provide advanced capabilities for traffic management, security and observability by the sidecar proxies which are deployed alongside the microservices. This offloads the management tasks from the microservice/application layer.
Service meshes like Istio, Linkerd, Consul are some of the famous service meshes that are getting adopted in the microservice environments.
If you would like to know about the capabilities of service meshes and how it can benefit your organization, please get in touch with our experts at Yenlo.
