Americas

  • United States

Service mesh: What it means to data-center networking

Opinion
Oct 05, 20203 mins
Data CenterNetworking

Applications that rely on microservices put demands on data-center infrastructure and personnel, but the service mesh can optimize routing requests between microservices without constant human intervention.

Microservices-style applications rely on fast, dependable network infrastructure in order to respond quickly and reliably, and the service mesh can be a powerful enabler.

At the same time, service-mesh infrastructure can be difficult to deploy and manage at scale and may be too complex for smaller applications, so enterprises need to carefully consider its potential upsides and downsides in relation to their particular circumstances.

What is a service mesh?

A service mesh is infrastructure software that provides fast and reliable communications between the microservices that applications may need. Its networking features include application identification, load balancing, authentication, and encryption. 

Network requests are routed between microservices via proxies that run alongside the service. These proxies form a mesh network to connect the individual microservices. A central controller provides for access control, as well as network and performance management.

A service mesh provides logical isolation of microservices applications from the complexity of network routing and security requirements. The abstraction provided by a service mesh enables rapid and flexible deployment of microservices without constantly requiring the data-center networking team to intervene.

Why do microservices-style apps need service mesh?

Applications based on microservices have a different architecture from hypervisor-based applications. They have numerous services running in individual containers on different servers or cores, and the frequency of transactions between these microservices within a single application may require low latency and significant bandwidth. Plus more than one application may need to access the same microservices.

Container-based micro services can often move their physical location from server to server yet provide only limited data about where they’ve moved to and that their status has changed. This makes it difficult for IT professionals to “find” them to resolve application-performance issues.

Meanwhile, DevOps teams require logical isolation from network complexity. They want to rapidly develop and change applications, and they require networking teams to provide networking and security adjustments such as provisioning vLANs in order to do their work.

Service mesh enables significant networking and security benefits for microservices applications. It abstracts the networking infrastructure, thus enabling microservices applications to maintain networking and security polices without requiring the intervention of the data-center networking team for each change.

Key requirements for networking microservices include:

  • Network performance at scale
  • Ease of provisioning networking, compute, and storage resources for new applications
  • Ability to rapidly scale bandwidth by application
  • Workload migration between internal data centers and public cloud
  • Application isolation to enhance security and support multi-tenancy

To meet these requirements IT organizations will need to integrate service-mesh automation and management information into a more comprehensive data-center networking-management system–especially as container deployments become more numerous, complex and strategic.

For applications that are well suited to service mesh deployments, IT organizations will need to plan integration of the technology into their overall management/automation platforms. To prepare, IT teams must evaluate the range of service-mesh options–cloud, open source, vendor-supplied–as the technology continues to mature. 

Service-mesh technology options can be vendor-supported or open source.  Istio is a leading open-source service-mesh option driven by Google. Other open-source projects include Linkerd, HAProxy, NGNIX and Envoy. Leading IaaS suppliers have their own service mesh offerings.  Leading network and IT suppliers and start-ups also have service mesh offerings.

lee doyle

Lee Doyle is principal analyst at Doyle Research, providing client-focused targeted analysis on the evolution of intelligent networks. He has over 25 years’ experience analyzing the IT, network, and telecom markets. Lee has written extensively on such topics as SDN, SD-WAN, NFV, enterprise adoption of networking technologies, and IT-Telecom convergence. Before founding Doyle Research, Lee was group vice president for network, telecom, and security research at IDC. Lee holds a B.A. in economics from Williams College.

More from this author