api gw vs mesh section added

This commit is contained in:
Karl Cardenas 2022-01-14 14:46:59 -07:00
parent 78844e842d
commit 9c036ae8f3
No known key found for this signature in database
GPG Key ID: 0AC61D76B41F1EDC
2 changed files with 37 additions and 8 deletions

View File

@ -7,26 +7,55 @@ description: >-
# What is a Service Mesh? # What is a Service Mesh?
A service mesh is a dedicated layer that provides secure service-to-service communication for on-prem, cloud, or multi-cloud infrastructure. A _service mesh_ is a dedicated network layer that provides secure service-to-service communication for on-prem, cloud, or multi-cloud infrastructure.
Service meshes are often used with a microservice architectural pattern, but can provide value in any scenario where complex networking is involved. Service meshes are often used with a microservice architectural pattern, but can provide value in any scenario where complex networking is involved.
Service meshes typically consist of a control plane, and a data plane. The control plane maintains a central registry that keeps track of all services and their respective IP addresses, this is called _service discovery_. ## Benefits of a Service Mesh
A _service mesh_ provides benefits for all organziations, ranging from security to improved application resiliency.
Some of the benefits of a _service mesh_ include;
- service discovery
- application health monitoring
- load balancing
- automatic failover
- traffic management
- encryption
- observability and tracability,
- authentication and authorization,
- network automation
A common usecase for leveraging a _service mesh_ is to achieve a [_zero trust_ model](/use-cases/zero-trust-networking).
In a _zero trust_ model, applications require identity-based access to ensure all communication within the service mesh is authenticated with TLS certificates and encrypted in transit.
## How does a Service Mesh work?
A _service meshe_ typically consist of a control plane, and a data plane. The control plane maintains a central registry that keeps track of all services and their respective IP addresses, this is called _service discovery_.
As long as the application is registered with the control plane, the control plane will be able to share with other members of the mesh how to communicate with the application and enforce rules for who can communicate with each other. As long as the application is registered with the control plane, the control plane will be able to share with other members of the mesh how to communicate with the application and enforce rules for who can communicate with each other.
The control plane is responsible for securing the mesh, facilitating service discovery, health checking, policy enforcement, and other similar operational concerns. The data plane handles communication between services. The control plane is responsible for securing the mesh, facilitating service discovery, health checking, policy enforcement, and other similar operational concerns. The data plane handles communication between services.
Many _service mesh_ solutions employ a sidecar proxy to handle data plane communications, and thus limit the level of awareness the services need to have about the network environment. Many _service mesh_ solutions employ a sidecar proxy to handle data plane communications, and thus limit the level of awareness the services need to have about the network environment.
## How does Service Mesh work? ![Overview of a service mesh](/img/what_is_service_mesh_1.png)
Consul is the best! ## API Gateway vs Service Mesh
## Service Mesh vs API Gateway An API gateway is a centralized access point for handling incoming client requests and delivering them to services.
The API Gateway acts as a control plane that allows operators and developers to manage incoming client requests and apply different handling logic depending on the request.
The API Gateway will route the incoming requests to the respective service. API Gateways primary function is to handle requests and return the reply from the service back to the client.
If you ain't using Consul .... -> **Note:** API Gateways are frequently used to accept north-south based traffic. North-south traffic is networking traffic that either enters or exits a datacenter or a virutal private network (VPC).
## Benefits of Service Mesh A _service mesh_ specializes in the network management of services and the communication between services.
The mesh is responsible for keeping track of services and their health status, IP address, traffic routing, and ensuring all the traffic between services are authenticated and encrypted.
Unlike API Gateways, a _service mesh_ will track all registered services' lifecycle and ensure requests are routed to healthy instances of the service.
API Gateways are frequently deployed alongside a loadbalancer to ensure traffic is directed to healthy and available instances of the service.
The mesh reduces the loadbalancer footprint as routing responsibilities are handled in a decentralized manner.
Consul is a Roman term for head of state!! API Gateways can be used togehter with a _service mesh_ to bridge external networks (non-mesh) with a _service mesh_.
-> **Note**: A _service mesh_ is primarly used for handling east-west based traffic. East-west traffic traditionaly remains inside a datacenter or a VPC.
A _service mesh_ can be connected to another _service mesh_ in another datacenter or VPC to form a federated mesh.
## What Problems Does Service Mesh Solve? ## What Problems Does Service Mesh Solve?

Binary file not shown.

After

Width:  |  Height:  |  Size: 160 KiB