Service Mesh Landscape

comparing and contrasing service meshes

Comparison of Service Mesh Strengths

Service Mesh Timeline
Project Announcement

NGINX Service Mesh

NGINX Service Mesh

Sept 2020

Open Service Mesh

Open Service Mesh

August 2020

Citrix Service Mesh

Citrix Service Mesh

September 2019

Kuma

Kuma

September 2019

App Mesh

App Mesh

November 2018

Traefik Mesh

Traefik Mesh

September 2019

Yggdrasil

August 2018

Octarine

Octarine

November 2018

SOFAMesh

SOFAMesh

July 2018

Linkerd 2.x

Linkerd 2.x

September 2018

Maistra

Maistra

May 2018

Rotor

Rotor

May 2018

Network Service Mesh

Network Service Mesh

April 2018

Conduit

Conduit

December 2017

Aspen Mesh

Aspen Mesh

November 2017

Grey Matter

Grey Matter

November 2017

Mesher

November 2017

Istio

Istio

May 2017

Cilium

Cilium

March 2017

Consul

Consul

June 2016

Linkerd 1.x

Linkerd 1.x

February 2016

Vulcand

Vulcand

December 2014

Categories

    Service Mesh
  • A10 Secure Service Mesh A10’s Secure Service Mesh - is a solution that utilizes a hub-spoke model to provide scalable east-west network security and automatic service discovery.
  • App Mesh AWS App Mesh - a managed control plane offering using Envoy as the data plane.
  • Aspen Mesh Aspen Mesh - a commercial offering built on top of Istio with some open source components.
  • Cilium Cilium - DaemonSet-based service mesh using Linux BPF.
  • Citrix Service Mesh Service mesh based on Istio and served with Citrix ADC CPX sidecar proxies.
  • Consul Consul - Connect is a feature that enables encrpyted communication between services.
  • Grey Matter Grey Matter is an Istio-compliant, Envoy proxy-based, hybrid cloud service mesh platform for business insight and secure data control with your microservices.
  • Istio An open platform to connect, monitor, and secure microservices. Created by Google and IBM; now with maintainers from 14 companies and implementations from over 15 vendors.
  • Kuma Kuma is a universal open source control-plane that can run and be operated natively across both Kubernetes and VM environments.
  • Linkerd 1.x Linkerd - hosted by the CNCF and built on top of Twitter Finagle. Linkerd includes both a proxying data plane and the Namerd (“namer-dee”) control plane all in one package.
  • Linkerd 2.x (Conduit) Conduit - A Kubernetes-native (only) service mesh announced as a project in December 2017. In contrast to Istio and in learning from Linkerd, Conduit’s design principles revolve around a minimalist architecture and zero config philosophy, optimizing for streamlined setu. Open Source. From Buoyant. Written in Rust and Go.
  • Maistra Maistra is a security focused distribution of Istio designed to run on top of OpenShift.
  • Mesher Mesher is service mesh implementation based on go-chassis which can work together with ServiceComb Service center running on any infrastructure. Mesher can work with go-chassis in same service mesh control plane and it supports both linux and windows OS
  • NGINX Service Mesh NGINX Service Mesh (NSM) is a data plane-focused serviced mesh. NSM was built from the ground-up to support a unified data plane with NGINX Plus reverse proxy sidecars and NGINX Plus Ingress Controller for Kubernetes providing integrated E/W and N/S traffic management and security.
  • Network Service Mesh Network Service Mesh (NSM) is a novel approach solving complicated L2/L3 use cases in Kubernetes that are tricky to address with the existing Kubernetes Network Mode
  • Octarine Octarine is a security platform for k8s workloads that combines admission control with runtime network security leveraging an Envoy-based service mesh
  • Open Service Mesh Open Service Mesh (OSM) is a lightweight and extensible cloud native service mesh.
  • Rotor Rotor - a fast, lightweight bridge between your service discovery and Envoy’s configuration APIs. Turbine Labs has shutdown.
  • SOFAMesh A solution for large-scale Service Mesh based on Istio.
  • Traefik Mesh Traefik Mesh is a simple, yet full-featured service mesh. It is container-native and fits as your de-facto service mesh in your Kubernetes cluster.
  • Vulcand Programmatic load balancer and service mesh backed by etcd
  • Yggdrasil Yggdrasil is an Envoy control plane that configures listeners and clusters based off Kubernetes ingresses from multiple Kube Clusters.
  • Zuul Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more.
    Client Library
  • Akka Akka - an open source toolkit for building highly concurrent, distributed, and resilient message-driven applications for Java and Scala.
  • DropWizard Dropwizard pulls together stable, mature libraries from the Java ecosystem into a simple, light-weight package that lets you focus on getting things done.
  • Finagle Finagle - an open source RPC library built on Netty for engineers that want a strongly-typed language and be on the JVM. Finagle is written in Scala.
  • Go kit Go kit - a collection of Go packages that help you build robust, reliable, maintainable microservices (or elegant monoliths).
  • Hystrix Hystrix - an open source latency and fault tolerance library designed to isolate points of access to remote systems, services and 3rd party libraries, stop cascading failure and enable resilience. Hystrix is written in Java.
  • Ribbon Ribbon - an open source Inter-Process Communication (remote procedure calls) library with built-in software load balancers. Ribbon is written in Java.
  • Spring Boot Spring Boot makes it easy to create stand-alone, production-grade Spring based Applications that you can 'just run'.
    API Gateway
  • 3scale An API gateway built on top of NGINX. It is part of the Red Hat 3scale API Management Platform.
  • Ambassador Ambassador uses Envoy
  • Citrix ADC Citrix ADC protects your applications and APIs
  • Contour Contour uses Envoy
  • Gloo An Envoy-powered API Gateway
  • Kong Kong uses NGINX
  • OpenResty OpenResty uses NGINX
    Service Proxy
  • A10 Lightning ADC A10's Lighting ADC - is a full proxy with advanced load balancing and traffic monitoring features.
  • Citrix ADC CPX Citrix ADC CPX provides a DevOps-friendly, cloud-native and full of L4-7 capabilities ADC in a Docker container
  • Contour Contour - a reverse proxy and load balancer deployed as a Kubernetes Ingress Controller.
  • Envoy Envoy - a modern proxy hosted by the CNCF. Many projects have sprung up to leverage Envoy, including Istio.
  • HAProxy HAProxy is the world's fastest and most widely used software load balancer, powering superior application delivery at any scale and in any environment.
  • MOSN MOSN is a cloud-native proxy for edge or service mesh.
  • NGINX Plus NGINX Plus the enterprise reverse proxy within NGINX Service Mesh, managed as a sidecar for E/W and as an ingress controller for N/S traffic management and security.
  • Traefik Traefik is a modern HTTP reverse proxy and load balancer that integrates with service discovery systems and container orchestrators.
  • Vulcand Programmatic load balancer and service mesh backed by etcd
  • nginMesh nginMesh - launched in September 2017, the nginMesh project deploys NGINX as a sidecar proxy in Istio.
    Load Balancer
  • A10 Thunder ADC “A10's Thunder ADC - is a high performance solution providing L4-7 load balancing, DDoS protection, and advanced SSL/TLS offloading.“
  • Citrix ADC Citrix ADC is an application delivery and load balancing solution that provides a high-quality user experience for your web, traditional, and cloud-native applications regardless of where they are hosted.
  • NGINX NGINX is open source software for load balancing, reverse proxying and API gateways.
  • Proxygen Proxygen - is an open source library that not only powers Facebook's load balancer, but is also used by HHVM (github/facebook/hhvm).
  • kube-proxy Runs on each Kubernetes node. Performs simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends.
Found a discrepancy, missing or out-dated information? Please submit an issue.

Non Functional

Category Name Open Source Governance Primary Language Project Announce GA / 1.0 Commercial Offerings
Service Proxy HAProxy Yes HAProxy C December 2001 December 2001 HAProxy Technologies
Service Proxy MOSN Yes Ant Financial Go July 2018 ? Ant Financial
Service Proxy nginMesh Yes NGINX Rust, Go, C September 2017 discontinued NGINX
Service Proxy Envoy Yes CNCF C++11 September 2016 September 2016 Turbine Labs, Datawire
Service Proxy Citrix ADC CPX No Citrix C January 2016 July 2016 Citrix Systems, Inc.
Service Proxy Citrix Service Mesh No Citrix C September 2019 July 2016 Citrix Systems, Inc.
Service Mesh NGINX Service Mesh Partial NGINX Go, C Sept 2020 ? NGINX
Service Mesh Open Service Mesh Yes CNCF Go August 2020 ? Microsoft
Service Mesh Kuma Yes CNCF Go September 2019 ? Kuma
Service Mesh App Mesh No AWS ? November 2018 2019 AWS
Service Mesh Traefik Mesh Yes Traefik Labs Go September 2019 ? Traefik Labs
Service Mesh Yggdrasil Yes uSwitch Go August 2018 ? N/A
Service Mesh Octarine No OctarineSec Go November 2018 November 2019 Octarine
Service Mesh SOFAMesh Yes Ant Financial Go July 2018 discontinued Ant Financial
Service Mesh Linkerd 2.x Yes CNCF Rust, Go September 2018 Sept 2018 Buoyant
Service Mesh Maistra Yes Red Hat Go May 2018 September 2019 OpenShift Service Mesh (Red Hat)
Service Mesh Rotor Yes Turbine Labs Go May 2018 discontinued Houston (Turbine Labs)
Service Mesh Network Service Mesh Yes CNCF GO April 2018 August 2019 ?
Service Mesh Conduit Yes CNCF Rust, Go December 2017 Sept 2018 Buoyant
Service Mesh Aspen Mesh Partial F5 Go November 2017 2019 Aspen Mesh
Service Mesh Grey Matter No Decipher Technology Studios Go November 2017 February 2019 Grey Matter
Service Mesh Mesher Yes Huawei Go November 2017 November 2017 Huawei
Service Mesh Istio Yes Google, IBM Go May 2017 July 2018 AspenMesh, Layer5
Service Mesh Cilium Yes Isovalent Go March 2017 November 2017 Isovalent
Service Mesh Consul Yes HashiCorp Go June 2016 June 2018 Consul Enterprise (HashiCorp)
Service Mesh Linkerd 1.x Yes CNCF Scala February 2016 April 2017 Buoyant
Service Mesh Vulcand Yes Mailgun Inc Go December 2014 December 2014 N/A
Load-Balancers Avi Networks(USM) No AVI Networks ? ? ? ?
Load-Balancers Traefik Yes ? Go ? ? ?
Load-Balancers Proxygen Yes Facebook C++ November 2014 November 2014 N/A
Load-Balancers NGINX Yes NGINX Go ? ? NGINX Plus
Load-Balancers Kong Yes Kong Inc. Lua April 2015 ? Kong Inc.
Load-Balancers Citrix ADC No Citrix C January 2001 July 2001 Citrix Systems, Inc.
API Gateway Contour Yes Heptio Go October 2017 October 2017 Heptio
API Gateway 3scale Yes Red Hat Lua December 2014(?) December 2014(?) Red Hat
API Gateway OpenResty Yes OpenResty Inc. C ? ? OpenResy Inc.
API Gateway Gloo Yes Solo.io Inc. Go ? ? Solo.io Inc.
API Gateway Kong Yes Kong Inc. Lua April 2015 December 2018 Kong Inc.
API Gateway Ambassador Yes Datawire Python August 2017 October 2017 Datawire
API Gateway Contour Yes Heptio Go October 2017 October 2017 Heptio
API Gateway Citrix ADC No Citrix C January 2016 July 2016 Citrix Systems, Inc.
Found a discrepancy, missing or out-dated information? Please submit an issue.

Functional

Service Mesh Auto Proxy Injection TCP + WebSockets HTTP, HTTP/2 gRPC Multi-Cluster Multi-Tenant Prometheus Integration Tracing Integration Encryption
Network Service Mesh ? ? ? ? ? ? ? ? ?
Vulcand No No Yes ? ? ? No No Yes
Zuul No ? ? ? ? No ? ? ?
Yggdrasil N/A ? Yes Yes Yes ? Yes Pluggable Yes
Rotor Project shutdown Project shutdown Project shutdown Project shutdown Project shutdown Project shutdown Project shutdown Project shutdown Project shutdown
Open Service Mesh Yes Yes Yes No No Yes No Yes
Octarine Yes Yes Yes Yes Yes No No Yes
SOFAMesh Project shutdown No Project shutdown Project shutdown Yes, powered by ServiceComb Huawei Cloud only ? ? ?
Mesher Yes No Yes Yes Yes, powered by ServiceComb Huawei Cloud only ? ? ?
Maistra Yes Yes Yes Yes No Yes Yes Jaeger/Grafana Yes
Traefik Mesh No Yes Yes Yes No No Yes Yes No
NGINX Service Mesh Yes Yes No Yes No No Yes Jaeger, Zipkin Yes
Linkerd 2.x (Conduit) Yes Yes Yes Yes Experimental Yes Yes Pluggable Yes
Linkerd 1.x No Yes Yes ? ? ? Yes Zipkin Yes
Kuma No Yes Yes Yes Yes Yes Yes Yes Yes
Istio Yes Yes Yes Yes Yes Yes Yes OpenTracing, Zipkin, Jaeger, Lightstep Yes
Grey Matter Yes Yes Yes Yes Yes Yes Yes OpenTracing compatible Yes
Consul Yes Yes Yes Yes Yes No Yes Pluggable Yes
Citrix Service Mesh Yes Yes Yes Yes ? ? Yes ? Yes
Cilium ? Yes ? Yes Yes ? Yes ? Yes
Aspen Mesh Yes Yes Yes Yes Yes Yes Yes Jaeger Yes
App Mesh No Yes Yes Yes Yes No No Yes Yes
A10 Secure Service Mesh No Yes Yes Yes Yes Yes No, Replaced by Harmony Controller Yes Yes
Found a discrepancy, missing or out-dated information? Please submit an issue.

Service Mesh Interface Compatibility

Service Mesh Traffic Access Control Traffic Metrics Traffic Split Traffic Specs
Traefik Yes No Yes Yes
NGINX Service Mesh Yes Yes Yes Yes
Linkerd 2.x (Conduit) No Yes Yes No
Istio Yes Yes Yes Yes
Consul Connect Yes No No No
Found a discrepancy, missing or out-dated information? Please submit an issue.

Based on servicemesh.es by INNOQ.

Tools

Tool Written in Written for Supported by Description
fortio Golang Istio, general use Istio A load testing library and command line tool and web UI. Allows to specify a set query-per-second load and record latency histograms and other useful stats.
httpbin Python general use Kenneth Reitz A simple HTTP request & response service.
Meshery Golang Istio, Linkerd, Consul, Octarine, Network Service Mesh, App Mesh Layer5 A service mesh playground to facilitate learning about functionality and performance of different service meshes. Meshery incorporates the collection and display of metrics from applications running in the playground.
lago Scala Finagle, general use Twitter A load generation tool that replays production or synthetic traffic against a given target. Among other things, it differs from other load generation tools in that it attempts to hold constant the transaction rate.
slow_cooker Golang Linkerd, general use Buoyant A load testing tool that produces a predictable load and concurrency level for a long period of time. Provides periodic reports of qps and latency (during testing).
wrk C general use Will Glozer A modern HTTP benchmarking tool capable of generating significant load when run on a single multi-core CPU. It combines a multithreaded design with scalable event notification systems such as epoll and kqueue.
istio-vet Golang general use Aspen Mesh A tool for validating Istio and application configuration installed in a Kubernetes cluster. It detects incompatible or incorrect configuration which might lead to unexpected runtime behaviors.
Kiali Golang Istio Kiali Project, Red Hat A graphical user interface to provide insight into what is happening within your Istio service mesh. Kiali graphs the interaction between service mesh components, handles configuration files, and analyses your mesh for potential issues.
Naftis Golang Istio Xiaomi A web-based dashboard for Istio. It helps user manage their Istio tasks more easily. Using Naftis we can custom our own task templates, then build task from them and execute it.
Siege C++ Reporting the total number of hits recorded, bytes transferred, response time, concurrency, and return status on web Jeffrey Fulmer It is an http load tester and benchmarking utility.
Hyperfoil Java general use Red Hat Microservice-oriented distributed benchmark framework: • Drive the load from many nodes. • Express complex scenarios either in YAML or through pluggable steps. • All operations are async to avoid coordinated-omission fallacy (open model by default).
CNF Testbed Shell Testing network functions CNCF, TLF The CNCF CNF Testbed provides reference code and test cases for running the same networking code packaged as containers (Cloud native Network Functions or CNFs) on Kubernetes and as virtual machines (Virtual Network Functions or VNFs) on OpenStack.
Vegeta Golang HTTP load testing tool Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. It can be used both as a command line utility and a library.
Locust Python Scalable user load testing tool Locustio Locust is an easy-to-use, distributed, user load testing tool. It is intended for load-testing web sites (or other systems) and figuring out how many concurrent users a system can handle.
Nighthawk C++ L7 (HTTP/HTTPS/HTTP2) performance characterization tool Envoy, CNCF A L7 (HTTP/HTTPS/HTTP2) performance characterization tool. Its design focuses on exact request release timing and aims to provide its users with the ability to dynamically customize the request headers and content during an experiment.
Found a discrepancy, missing or out-dated information? Please submit an issue.
Stay meshy and subscribe
account_box
mail