← Back to Glossary

What is a Service Mesh?

by Iwan Price-Evans on Microservices • June 23, 2022

A service mesh can be added to a cloud-based application to control the delivery of service requests between microservices.

The service mesh is a layer of infrastructure that uses a 'mesh' of proxies to facilitate service-to-service communication. The mesh abstracts the service communication logic out of individual services to a layer of infrastructure.

Implementing a service mesh creates an array of proxies that sit alongside each microservice. These proxies are called 'sidecars' because they sit next to the service similar to a motorbike and sidecar. The sidecars intercept and filter traffic to and from their assigned service.


Why do Microservices need a Service Mesh?

Modern applications are built using a microservices architecture where each service is independent and communicates with other services to create a functional application. Microservices are scalable by nature which makes service-to-service communication between multiple ephemeral instances complex. 

Each microservice must use communication logic that specifies how requests get from source to destination. In standard microservices infrastructure, this service-to-service communication logic is coded into each service. When communication logic is implemented this way application developers must spend time coding the logic into each service. This internal service communication logic makes it difficult to diagnose application issues such as service failures. This is one of many areas where a service mesh is really valuable.

How does a Service Mesh work?

A service mesh has a control plane and a data plane.

The mesh data plane provides communication between services that are part of the mesh.

The control plane performs the management of service communication. The control plane manages the dynamically changing environment, holding configurations and orchestrating the sidecar proxies within the mesh.

Each sidecar proxy is attached to the control plane which manages and configures it. Each sidecar proxy intercepts and filters the traffic for its assigned service based on the configuration specified by the control plane.

On a practical level, a new sidecar proxy is created with each service instance created in a container, cluster, or VM.

Benefits of Service Mesh

Abstracting service-to-service communication using the service mesh design pattern makes application monitoring and maintenance easier. Application capabilities such as observability, security, and traffic management don't need to be implemented within the application code.

A service mesh can improve the visibility of the interaction between the many microservice interactions within an application. It makes service-to-service communication fast and reliable because it provides a uniform method of proxying service traffic within the mesh.

Service Mesh Benefits:

  • Observability - Provides visibility of service-to-service communications. 
  • Traffic management - The mesh identifies traffic types, where it's come from, and where it's going.
  • Security - Provides uniform methods to encrypt and secure connections. 
  • Reliability - The mesh can automate retries and failure recovery.

There are other benefits to using a service mesh. They can make it easier to deploy and manage operations such as canary deployments, authentication, access control, A/B testing, and more.

Implementing a service mesh enables service-to-service communication, load balancing, authentication, and monitoring without needing to add these functions as code.