The enterprise service mesh ecosystem comes into focus

The service mesh is rounding into maturity in 2019, with all of the major cloud providers offering a means for developers to unify traffic flow management and access policy enforcement across their micro-services, regardless of where they reside.

As we predicted late last year, service mesh is set to be an increasingly important technology for companies looking to leverage cloud computing and, more specifically, containers and Kubernetes.

In such a nascent technology area things are subject to rapid change however, and Owen Garrett, senior director of product management at web server vendor NGINX, warns enterprises of getting too invested too early.

"Time then will tell how it will develop as there is plenty of space for innovation," Garrett said. "Perhaps it will commoditise rapidly, and become a default, omnipresent feature of all major container runtime platforms.

"Perhaps new approaches, more efficient than the developing 'sidecar proxy' pattern, will emerge, offering better performance and lower resource usage. At this stage, there is no certainty as to how the technology will stabilise and who will be the leading providers."

Here are some of the leading options on the market at this point, from free and open source to more enterprise-ready solutions

Google Istio

Google made a splash last summer when it announced it was open sourcing a service mesh it was using internally under the name Istio.

Urs Holzle, SVP technical infrastructure at Google Cloud said from the stage during Google Cloud Next that Istio was developed and released to address one of the fastest-growing costs in the enterprise: the complexity of administration across hybrid environments.

"Istio is another Google-developed open source project which extends Kubernetes into these higher level services," he said. "So you can discover, connect and monitor services holistically across multiple locations in one place" - without having to change code.

The tool can be deployed on Kubernetes and Nomad with Consul, with plans to support platforms like Cloud Foundry and Apache Mesos in the near future and enterprise customers like Auto Trader are already using it in production.

It's also worth noting that Istio pairs neatly with Envoy - a service proxy built in-house at ridesharing company Lyft - as the control plane to Envoy's data plane.

AWS App Mesh

The cloud infrastructure-as-a-service market leader Amazon Web Services (AWS) released a public preview of its own service mesh in November last year. Called App Mesh it aims to allow developers to monitor and control communications across micro-services.

"You use App Mesh to model how all of your micro-services connect and App Mesh automatically computes and sends the appropriate configuration information to each micro-service proxy. This gives you standardised, easy-to-use visibility and traffic controls across your entire application," Nathan Taber, senior product manage for EKS and Container OSS at AWS wrote in a blog post.

App Mesh is available with Amazon ECS, Amazon EKS, and Kubernetes on EC2. It also uses the open source Envoy proxy, making it interoperable by nature.

Microsoft SMI

Launched during KubeCon in May 2019, Microsoft was a little slower to market than Google and AWS when it comes to service mesh. It's solution, called Service Mesh Interface (SMI) is an open project developed in partnership with Linkerd, HashiCorp, Solo.io, Kinvolk, and Weaveworks; with support from Aspen Mesh, Canonical, Docker, Pivotal, Rancher, Red Hat, and VMware.

It promises a set of common, portable APIs for simple interoperability across different service meshes themselves, including Istio.

The difference is subtle but important. In a blog post, Gabe Monroy, lead program manager for containers at Microsoft writes: "We see a proliferation of service mesh technologies with many vendors providing new and exciting options for application developers.

"The problem is developers who turn to mesh technologies must choose a provider and write directly to those APIs. They become locked into a service mesh implementation. Without generic interfaces, developers lose portability, flexibility, and limit the ability to benefit from innovation across the broad ecosystem."

What SMI proposes instead is "a standard interface for meshes on Kubernetes" which offers a basic and common feature set and the flexibility for different mesh services.

Monroy goes on in his blog post to talk about what enterprise customers are telling the vendor it wants from a service mesh, boiling down to traffic policies, telemetry and management capabilities.

SMI can be used either directly through a set of APIs or customers can build operators to translate SMI to native APIs.

Tetrate

Another provider in the service mesh space is Tetrate, a San Francisco-based startup made up of some of the key engineers from Google's Istio project that are developing a standalone enterprise-ready service mesh.

The idea is to ease the administrative complexity placed on teams having to operate lots of micro-services across hybrid or large-scale, complex environments.

Tetrate essentially promises to combine the open source chops of Istio and Envoy with enterprise-grade features, allowing companies to run both the data and control plane across complex enterprise environments without any of the teething issues normally associated with open source technology. For Tetrate this means "enterprise-grade extensibility, scalability, and performance."

The founding team includes Varun Talwar, a former Google engineer who helped build the company's own open source service mesh solution, Istio, and former Twitter cloud engineer Jeyappragash Jeyakeerthi.

"We are trying to simplify the complexity of configurations around Istio to something small and digestible," Tetrate CEO Varun Talwar told Computerworld UK. "So every team gets a UX experience where they can start programming the behaviour of traffic and the security they want and have clean interactions between themselves and their central network and security teams."

Other options

Other service mesh solutions like Linkerd and Consul Connect from HashiCorp have proven fairly popular with developers already.