Hello readers, so before going into the difference between AWS App Mesh and Google Istio, initially we should know what is a Service Mesh. The concept of service has risen over a couple of years and we have a lot of alternatives. We have a number of options to choose from, i.e.
- Linkerd by Buoyant
- Envoy by Lyft
- Istio was Initially by Lyft, IBM, Google
- Conduit by Buoyant
AWS and Google each offer their own service mesh iterations. AWS offers App Mesh and Google uses its own naming i.e. Istio.
Features of a typical Service Mesh
- Control over the routing of requests (For CI/CD release)
- Cascading failure prevention (e.g. circuit breaking, retries)
- Load balancing algorithms
- Security features (Like TLS, encryption, authentication, and authorization)
- Metrics, which offer instrumentation at the service-to-service layer
In a microservice architecture, the service mesh is a key layer in determining how your applications will behave at runtime. The application functions that prevailed locally as part of a shared runtime now will occur as remote procedure calls. This call will be sent across an unreliable network. The information on these features which are implemented varies between providers.
Now we’ll see what Control Plane and Data Plane are. So, the control plane is the policy and set of configurations, which control traffic. The data plane, meanwhile, refers to the actual actions performed by data into and out of a microservice. An Envoy proxy is deployed along with each service that you start in your cluster. It also runs alongside services running on VMs.
AWS App Mesh
AWS App Mesh is a service mesh that provides application-level networking. This makes it easy for your services to communicate with each other across multiple types of computing infrastructure. App Mesh gives end-to-end visibility and high availability for your applications.
The AWS App Mesh makes it easy to run services by providing consistent visibility and network traffic controls. This helps you deliver secure services. The App Mesh removes the need to update the application code. This is done to see how it collects monitoring data or routes the traffic between services.
Features of AWS App Mesh
The App Mesh lets you configure services to connect directly to each other instead of requiring code within the application. It will also let you connect using a load balancer. When each service starts, its proxies connect to App Mesh. It receives configuration data about the locations of other services in the mesh. You can use controls in App Mesh to dynamically update traffic routing between services. Moreover, with no changes to your application code.
Client-side Traffic Policies
The proxies automatically load balance traffic from all clients in the mesh. Moreover, add and remove load balancing endpoints based on health checks and service registration. These capabilities make it easier to deploy new versions of your services. They also help tune applications to be resilient to failures.
The Mutual TLS (mTLS) enables transport-layer authentication. It provides service-to-service identity verification for the application components running in and outside service meshes.
Container orchestration native user experience
The App Mesh works with services managed by ECS, EKS, and K8 running on EC2. The workloads running on ECS, EKS, Fargate, or Kubernetes include the provided App Mesh proxy as part of the task or pod definition for each microservice. Also, configure the services’ application container to communicate directly with the proxy. When the service starts, the proxy automatically checks in with and the App Mesh configures it.
Fully managed – To clarify, the AWS App Mesh is a managed and highly available service. App Mesh allows you to manage services communications without needing to install or manage application-level infrastructure for communications management.
On the other hand, Istio is an open-source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes. Istio is designed for extensibility and can handle a diverse range of deployment needs.
Istio’s control plane runs on Kubernetes, and you can add applications deployed in that cluster to your mesh. Also, extend the mesh to other clusters, or even connect VMs or other endpoints running outside of Kubernetes.
Features of Google Istio
Traffic management – Istio’s traffic routing rules let you easily control the flow of traffic and API calls between services. Istio simplifies the configuration of service-level properties like circuit breakers, timeouts, and retries. They make it easy to set up important tasks like A/B testing, canary deployments, and staged rollouts with traffic splits.
Observability – Istio generates detailed telemetry for all communications within a service mesh. This telemetry provides observability of service behavior, empowering operators to troubleshoot, maintain, and optimize their applications. Istio’s telemetry includes detailed metrics, distributed traces, and full access logs.
Security capabilities – Istio includes a comprehensive security solution to give operators the ability to address all of these issues. It provides a strong identity, powerful policy, and transparent TLS encryption. It also authentication, authorization, and audit (AAA) tools to protect your services and data. Moreover, Istio’s security model is based on security-by-default, aiming to provide an in-depth defense. That defense allows you to deploy security-minded applications even across distrusted networks.
Finally, App Mesh and Istio both enable a more straightforward approach to orchestrating different endpoints and microservices. AWS has not only huge engineering resources at its disposal. But widespread popularity within the larger engineering community. Therefore, it will displace Istio despite currently lacking some of its features.