A service mesh addresses challenges associated with a microservices architecture. However, the service mesh itself introduces new challenges.

Challenges a Service Mesh Addresses

A service mesh is an abstraction layer on top of a microservices application that provides the following capabilities:

  • Service-to-service communication (including service discovery and encryption)

  • Observability (monitoring and tracing)

  • Resiliency (circuit breaking and retries)

  • Traffic management (routing, load balancing)

  • Security (authorization, encryption)

Before service mesh, client libraries and application programming interface (API) gateways were used to address some of the issues introduced by by a microservices architecture. These solutions, however, have challenges of their own.

A service mesh solves some of the challenges introduced by distributed microservices by abstracting necessary functions (service discovery, connection encryption, error and failure handling, and latency detection and response) to a separate entity called proxy.

The proxy sits in front of each microservice, and all inbound and outbound communications flow through it. The proxy provides the functions noted above and metrics for observability purposes.

Challenges a Service Mesh Does Not Address

Although most service mesh implementations prove effective in connecting services and securing service-to-service communication, because of inherent limitations, they don't address these challenges:

  • Limited scope. Service meshes focus on services alone. They do not extend the scope from service-to-service communication to users-to-service-to-data communication. However, application flows are not limited to interservice communications. Service meshes do not process the full end-to-end requests because they flow from end users through the services, and on to the data.

  • Challenges related to highly distributed heterogeneous platforms. In a multicloud, multiplatform environment, each cloud or platform has its own service mesh technology and uses different operational and security models. Service meshes do not provide the same capabilities (traffic management, security, and observability) across applications deployed in multiple clouds or platforms.

  • Federation challenges. Traditional service meshes do not deliver security, control, and observability across different administrative boundaries, technologies, and service meshes. Traditional service meshes do not provide connectivity, control, observability, and security outside the service mesh.

Tanzu Service Mesh solves these challenges and more.