Service mesh

A service mesh is an infrastructure layer for handling service-to-service communication for cloud-native applications using APIs. It provides a way to connect, secure, and monitor your microservices. Citrix provides two solutions to meet your service mesh requirements:

  • Service mesh lite
  • Service mesh (Citrix ADC integration with Istio)

Service mesh lite

A full-fledged service-mesh implementation is complex and requires a steep learning curve. If you are looking for a simplified implementation of a service mesh with similar benefits, Citrix offers a solution called service mesh lite with lesser complexity. In this solution, a Citrix ADC CPX runs as a centralized load balancer in the Kubernetes cluster and load balances East-West traffic among microservices. Citrix ADC CPX enforces policies for inbound and inter-container traffic.

The following diagram shows a service mesh lite architecture.

Service mesh lite

For information, see the service mesh lite documentation.

Service mesh (Citrix ADC integration with Istio)

Citrix provides a service mesh solution by integrating Citrix ADC with Istio. Istio, an open source and platform-independent service mesh, is one of the most popular service mesh implementations. By integrating Citrix ADC with Istio, you can take advantage of the Citrix ADC features to secure and optimize the traffic for applications in the service mesh.

Citrix ADC can be integrated with Istio in the following ways:

  • Citrix ADC MPX, VPX, or CPX as an Istio Ingress Gateway to the service mesh to expose traffic to the Kubernetes cluster.
  • Citrix ADC CPX as a sidecar proxy with application containers in the service mesh to control communication between applications.

You can use either integration independently or you can combine both ways to have a unified data plane solution.

The following diagram shows a service mesh architecture.

Service mesh

Service mesh is ideal for highly secure applications and also offers the following benefits.

  • Offers fine-grained (modularized) traffic management per container
  • Ensures richer observability, analytics, and security (Mutual TLS) due to sidecar implementation
  • Enables automated canary deployment for each container with embedded Citrix ADC CPX
  • Supports cloud portability
  • Allows offloading of some of the functions performed by applications to the sidecar
  • Provides lower sidecar latency
  • Provides integrations with open-source tools
  • Offers scalability

For more information, see the Citrix ADC integration with Istio documentation.

Service mesh