service mesh

2022-03-25 · 2 min read


A service mesh like linkerd is a tool for adding observability, security, and reliability features to “cloud native” applications by transparently inserting this functionality at the platform layer rather than the application layer.

  • Deployed as a sidecar alongside application in each pod.
  • Transparently proxies all inbound and outbound requests to the application container.
  • The proxies comprise the service mesh's data plane.
  • The proxies are configured and controlled by the control plane.

Pros: + Reduce complexity in application code. + Migrate common features needed by all your applications into the common service mesh layer. + Get useful features "for free" just by integrating a service mesh.


  • Added overhead from service mesh proxying all inbound and outbound requests.
  • Potentially added overall complexity by adding another moving part that needs its own configuration, monitoring, etc...

Trace a request through Linkerd #

  1. Service Routing: Linkerd applies dynamic routing rules to determine which destination the requester actually intended.
    1. Should the call be routed to service on the local cluster? a remote cluster? the current service version? the canary service? failover? etc...
  2. Of the available destination services in (1.), do client-side load balancing to choose the "best" one (by factoring together various health metrics).'
  3. Manage connection pools to each service. New connections must go through mTLS (mutual auth) handshake.
  4. Record request latency and error metrics for each service as we send them requests.
  5. Expose recorded service and request metrics for collection to a central aggregator.
  • Proxygen
  • ServiceRouter