What is Istio ?
Istio is a layer 7 (In the TCP/IP Stack) traffic manager for micro-service applications deployed in your environment. It is deployed as a side-car to your existing apps with zero visibility or changes to the currently deployed code
Istio is a layer 7 traffic manager deployed as a side-car with your existing applications
Why is it needed ?
With the growing scale of applications these days, there are usually 10s and 100s of micro-services that work together to provide some capabilities to the end user. Enforcing communication policies, security aspects, throttling and scale issues between these micro components can be a daunting task and is better managed by a centralised invisible framework like Istio.
How does it work ?
Istio sits between different micro-services/applications deployed in your environment and regulates/controls the traffic between them. Let’s consider an example scenario of two services : A & B
Istio can mediate all the communication between these two applications without them knowing about it. All outgoing traffic from A to B can be throttled, blocked or allowed by configuration changes in Istio. Additionally, let’s suppose there is a third application ‘B1’ running a different version of ‘B’ and we want to route 90% of the traffic originating from A to B and the rest to B1. In the container world, we might think of having 9 containers with B and 1 container with B1 and routing the traffic across them — this is where a framework like Istio can really help
Secondly, if there is a lot of traffic originating from B targeted towards A, Istio can also help with the circuit breaker functionality by blocking the communication for some time. This could also be used in scenarios like DDoS mitigations
All of this with no code changes in the respective applications ? Yes !
Example Scenarios where Istio could be used
Istio could be used for some other use-cases like :
- Observability into traffic and interactions between micro services
- As a Circuit Breaker between components
- Securing the communication between applications over TLS
- Security policy implementations like DDoS mitigations
What’s planned next ?
- Multi Cloud support — zero VPN across multi cloud applications — but still secured by TLS
- Improvements to make it production ready
- Improvements in documentation and UI support where one could do some policy adjustments and see live traffic migrate
Hope this gives you a brief idea about Istio and how it can help utilise service mesh capabilities. In a subsequent post, I will try to highlight the practical usage of Istio with some demos.
To join our community Slack 🗣️ and read our weekly Faun topics 🗞️, click here⬇