Istio Service Mesh

<< Back to Technical Glossary

Istio Service Mesh Definition

Istio service mesh is an open source platform for networking for microservices applications. It provides operational control and performance insights for a network of containerized applications. Istio provides services such as load balancing, authentication and monitoring.

Diagram depicts an Istio service mesh is an open source platform for networking for microservices applications. It provides operational control and performance insights for a network of containerized applications. Istio provides services such as load balancing, authentication and monitoring.

Source: https://istio.io/docs/concepts/what-is-istio/

FAQs

What is Istio Service Mesh?

Istio service mesh helps make it easier to manage a distributed microservice architecture. Generally, a service mesh provides network services to microservice applications. Without the service mesh these microservices have no ability to directly communicate with one another. The Istio modern service mesh provides security, observability, and traffic management for the microservices within a particular cluster.

Istio service mesh deploys the following:

• Control plane — Manages overall network infrastructure, providing fine-grained traffic management control, observability and metrics for enforcing policy decisions.

• Data plane — Controls all network communication between microservices. It uses Envoy sidecars and Envoy proxies. Envoy is an open source service proxy designed for cloud-native applications.

How Does Istio Service Mesh Work?

The Istio service mesh sits above the application layer, providing platform-independent communication between microservices. It sends quick, reliable, efficient and secure requests by relying on Envoy proxies. It uses a single control plane that monitors an underlying data plane.

Istio modern service mesh can create a network of deployed services such as load balancing and authentication without making changes in service code.

The Istio service mesh control plane has the following Istio components:

• Pilot — Configures and programs the sidecar proxies.

• Mixer — Makes policy decisions and provides automatic metrics and logs for all route traffic within a cluster.

• Ingress — Handles incoming requests from outside a cluster.

• CA — the Certificate Authority.

The Istio service mesh control plane also handles the following:
• Automatic load balancing for HTTP and TCP traffic.
• Control of traffic behavior.
• Service-to-service communication in a cluster with secure authentication.

What Are the Advantages of an Istio Service Mesh?

• Traffic management — Controls the flow of traffic and application program interface (API) calls between services. Makes API calls more reliable. This includes circuit breaker, error injection, traffic splitting, timeouts and request mirroring for disaster recovery.

• Observability — Provides insights on performance. A dashboard offers visibility to quickly identify issues. This includes application mapping, app logging, and tracing.

• Policy enforcement — Ensuring policies are enforced and allowing for policy changes without changing application code.

• Security — Secure service communications allow for consistent enforcement of policies consistently across all protocols. These include authentication, authorization, rate limiting and a distributed web application firewall for both ingress and egress.

When to Use an Istio Service Mesh

Istio service mesh is needed when an organization adopts container applications on Kubernetes and microservices architectures. Istio makes it easier to manage microservice deployments by providing a solution for security, connectivity, and monitoring of microservices.

Istio service mesh is also good for organizations that need to manage a distributed cluster and require flexibility with traffic management. Istio service mesh does not address certain use cases. Enterprises looking to provide secure connectivity across Kubernetes clusters and ingress services to Kubernetes clusters have to look for solutions such as Avi Networks that supports those services.

Does Avi Offer an Istio Service Mesh?

The Avi Vantage Platform delivers multi-cloud application services such as load balancing, monitoring, and security for containerized applications with microservices architecture through dynamic service discovery, application maps, and micro-segmentation. Avi’s Universal Service Mesh is optimized for North-South (inbound and outbound) and East-West (usually within the datacenter) traffic management, including local and global load balancing. Avi integrates with OpenShift and Kubernetes for container orchestration and security, and is fully integrated with Istio to provide a universal service mesh.

For more information see the following Istio service mesh resources: