Service mesh

A service mesh is an infrastructure layer for handling service-to-service communication for cloud-native applications using APIs. It provides a way to connect, secure, and monitor your microservices. NetScaler provides two solutions to meet your service mesh requirements:

  • Service mesh lite
  • Service mesh (NetScaler integration with Istio)

Service mesh lite

A full-fledged service-mesh implementation is complex and requires a steep learning curve. If you are looking for a simplified implementation of a service mesh with similar benefits, NetScaler offers a solution called service mesh lite with lesser complexity. In this solution, a NetScaler CPX runs as a centralized load balancer in the Kubernetes cluster and load balances East-West traffic among microservices. NetScaler CPX enforces policies for inbound and inter-container traffic.

The following diagram shows a service mesh lite architecture.

Service mesh lite

For information, see the service mesh lite documentation.

Service mesh (NetScaler integration with Istio)

NetScaler provides a service mesh solution by integrating NetScaler with Istio. Istio, an open source and platform-independent service mesh, is one of the most popular service mesh implementations. By integrating NetScaler with Istio, you can take advantage of the NetScaler features to secure and optimize the traffic for applications in the service mesh.

NetScaler can be integrated with Istio in the following ways:

  • NetScaler MPX, VPX, or CPX as an Istio Ingress Gateway to the service mesh to expose traffic to the Kubernetes cluster.
  • NetScaler CPX as a sidecar proxy with application containers in the service mesh to control communication between applications.

You can use either integration independently or you can combine both ways to have a unified data plane solution.

The following diagram shows a service mesh architecture.

Service mesh

Service mesh is ideal for highly secure applications and also offers the following benefits.

  • Offers fine-grained (modularized) traffic management per container
  • Ensures richer observability, analytics, and security (Mutual TLS) due to sidecar implementation
  • Enables automated canary deployment for each container with embedded NetScaler CPX
  • Supports cloud portability
  • Allows offloading of some of the functions performed by applications to the sidecar
  • Provides lower sidecar latency
  • Provides integrations with open-source tools
  • Offers scalability

For more information, see the NetScaler integration with Istio documentation.

Service mesh