What is a Service Mesh and Why Should you Care About It

By Robert Hao

Over the past two years, you may have heard of something called a “service mesh” and related open source technology such as Istio or Linkerd.

In this article, we’ll explain what a service mesh is, why it’s needed, and lay out the service mesh startup landscape as it exists today. 


This article is a preview of Plug and Play’s full research report ‘Service Mesh - Innovation Insight,’ which is available for our corporate partners. Join Plug and Play's platform and access the latest trends.


First, microservices.

‘Divide and conquer’ is a strategy becoming more ubiquitous in the architectures of today’s web-scale cloud applications, such as Netflix, Airbnb, Lyft, and Spotify.

Developers are trending towards microservices architectures, which break down large, monolithic cloud applications into digestible bite-sized pieces called microservices. Each microservice is responsible for a concise, well-defined function. For example, Uber - which transitioned towards microservices architecture - may have a ‘billing microservice,’ a ‘ride scheduler microservice,’ and a ‘trip review microservice’ that all work in concert to deliver the full ‘Uber app’ seamlessly.

What is a Service Mesh Microservice

Source: DZone

By dividing up these formerly large structures, developers gain better flexibility, agility and scalability with their apps.

The Main Advantages of Microservices

  • A team can take responsibility to build and maintain a specific microservice.
  • Since microservices communicate over universal protocols such as REST, teams have the flexibility to choose the service’s underlying technology stack agnostic from the rest of the app.
  • When necessary, certain microservices can be taken out, updated, and pushed back into production effortlessly.
  • During periods of peak traffic, critical components can be scaled individually, rather than scaling the entire monolithic app which incurs unnecessary costs.

Industry surveys estimate 60% of enterprises deploy microservices in production and 90% plan to in the next five years.

Source: Camunda and Dimensional Research

It’s not all rainbows - the problems with microservice management

Despite all the benefits that microservices architecture brings to AppDev and DevOps teams, managing these distributed systems can become a nightmare.

‘Dividing and conquering’ into microservices creates an obstructing fog into application runtime simply due to the increase in number of services interconnected.

What is a Service Mesh Microservice Death Star Diagram

Source: AppCentrica

These are ‘death-star diagrams’ showcasing the sheer complexity of managing thousands of microservices all communicating among each other.

DevOps teams need better solutions to monitor, orchestrate, and secure these distributed networks effectively.

Enter the service mesh.

What Is a Service Mesh?

A service mesh is an abstracted layer which sits on top of the microservices and handles service-to-service communication. The mesh tracks, secures, and relays all data flow between services.

Meshes are usually implemented as network proxies deployed alongside microservices, which carries data flow in and out of the service. A central controller (referred to as the control plane) oversees and manages all the service traffic flows between the proxies.

Via this implementation, DevOps instantly gain an overarching view of application runtime. The controller offers them the ability to collect performance metrics, redirect traffic, and configure access control.

What Are the Advantages of a Service Mesh?

  • DevOps gain visibility into the microservices.
  • Application-wide TLS can be applied instantly.
  • Controlled deployment (canary, blue/green) is possible with granular traffic control.
  • Detect service failures and avoid them with circuit breakers.

Who’s in The Service Mesh Space?

Today’s service mesh technologies are spearheaded by many open-source initiatives:

  • Linkerd (control and data plane)
  • Istio (control plane)
  • Envoy (data plane)
  • Consul (control and data plane)
  • SuperGloo (multimesh)

In addition to these open-source projects, the service mesh landscape is dominated by startups, large corporate players. Both of which often build on top of open-source technologies by offering either managed services or extra features geared towards enterprises. These providers aim to make the adoption process seamless for large organizations.

Service Mesh Market Map Startups

Source: Plug and Play Ventures

Rarely, some build their own proprietary mesh technologies, such as Avi Networks and A10 Networks.

M&A activity is gaining heat, with the recent acquisitions of Avi Networks by VMware in June 2019 for $420M and of NGINX by F5 Networks in May 2019 for $250M.

Visibility first, security second.

From our conversations with service mesh providers and their customers, we find a common sentiment that visibility and management is the foremost critical feature - it’s what enterprises are badly needing. Layer 7 security - especially for internal APIs - comes as a second priority.

Nevertheless, microservices architecture exponentially widens the internal API attack surface, and hence a number of startups have emerged aiming at securing service-to-service communications. Redberry, which had recently been in stealth, provides visibility, orchestration, and leverages AI-based anomaly detection to secure traffic between an organization’s thousands of internal APIs.

Don’t forget the on-premise stuff!

A common pattern is that lower-layered (L4) vendors are acquiring higher-layered (L7) mesh technology providers as they prepare to move into this new space.

With the complexity of today’s web-scale applications, observability need to come from L7 to provide granular insights. Moreover, large organizations are increasingly migrating towards a cloud-native culture where networking is done at Layer 7. As such, lower-layered vendors - usually on-premise solution providers, must pivot to follow their customers.

However, the transition to cloud-native does not happen overnight. Many organizations today are midway in this process, deploying parts of their applications to public clouds, parts to private clouds, and parts remaining on-premise. Moreover, these organizations tend to deploy on complex topologies of mainframes, VMs, and containers.

IBM Research estimates around 85% of enterprises embrace a multi-hybrid-cloud model. Conservative verticals, such as financial institutions, are especially hesitant to migrate to public and even private clouds, and often have the majority of their workloads on-premise.

This complex landscape means service mesh technologies will need to embrace multi-domain features that allows Layer 7 meshes to be extended across cloud providers and on-premise data centers, across mainframes, VMs, and containers. Istio, for example, offers multi-cluster configuration. The greatest challenge in multi-domain support is configuring these meshes to become compatible with Layer 2-3 networking often found in on-premise sites.

Moreover, many commercial service mesh vendors are prioritizing multi-domain, these include IBM, VMware (with its NSX Service Mesh product), Avi Networks (which was acquired by VMware), and Aspen Mesh.

SuperGloo tackles multi-domain from another perspective by providing a multi-mesh orchestrator that allows DevOps to embrace a variety of mesh technologies and manage them via a single pane of glass.

Bayware offers a revolutionary way to solve the multi-domain problem and connecting L2-3 together with L4-7 networking. Its solution leverages an agent-based approach to ‘encapsulate’ the entire network in a software-defined, easy-to-configure environment that solves all the compatibility nightmares that arises with multi-domain networking.

Big Takeaways

Organizations that have been early adopters of service mesh are cloud-first, web-scale companies that already have most if not all of their workloads containerized and on the cloud. Organizations that have not yet fully gone cloud-native tend to adopt service mesh incrementally, starting from sandbox PoCs to per business-unit or department adoption. Usually, the back-office are the first adopters.

Service mesh is undoubtedly innovative. But we believe that for the technology to truly gain widespread enterprise adoption, it needs to emerge outside the comforts of Layer 7 networking and offer compatibility with a variety of domains and legacy systems.

The bold companies innovating in this new space need to consider their commercial strategy with many of the effective, ready-out-of-the-box open-source solutions.


Learn More

This article is a preview of Plug and Play’s full research report ‘Service Mesh - Innovation Insight,’ which is available for our corporate partners. Join Plug and Play's platform and access the latest trends.