Istio Service Mesh in 5 minutes

Akshay Kapoor
Jul 12, 2018 Β· 3 min read

On my visit to Vancouver for the Openstack Summit 2018, I got an opportunity to attend a discussion on various aspects of Istio Service Mesh Framework explaining the functionality at a grass-root level


What is Istio ?

Istio is a layer 7 (In the TCP/IP Stack) traffic manager for micro-service applications deployed in your environment. It is deployed as a side-car to your existing apps with zero visibility or changes to the currently deployed code

Istio is a layer 7 traffic manager deployed as a side-car with your existing applications

Why is it needed ?

With the growing scale of applications these days, there are usually 10s and 100s of micro-services that work together to provide some capabilities to the end user. Enforcing communication policies, security aspects, throttling and scale issues between these micro components can be a daunting task and is better managed by a centralised invisible framework like Istio.

How does it work ?

Istio sits between different micro-services/applications deployed in your environment and regulates/controls the traffic between them. Let’s consider an example scenario of two services : A & B

Istio can mediate all the communication between these two applications without them knowing about it. All outgoing traffic from A to B can be throttled, blocked or allowed by configuration changes in Istio. Additionally, let’s suppose there is a third application β€˜B1’ running a different version of β€˜B’ and we want to route 90% of the traffic originating from A to B and the rest to B1. In the container world, we might think of having 9 containers with B and 1 container with B1 and routing the traffic across them β€” this is where a framework like Istio can really help

Secondly, if there is a lot of traffic originating from B targeted towards A, Istio can also help with the circuit breaker functionality by blocking the communication for some time. This could also be used in scenarios like DDoS mitigations

All of this with no code changes in the respective applications ? Yes !

Example Scenarios where Istio could be used

Istio could be used for some other use-cases like :

  • Observability into traffic and interactions between micro services
  • As a Circuit Breaker between components
  • Securing the communication between applications over TLS
  • Security policy implementations like DDoS mitigations

What’s planned next ?

  • Multi Cloud support β€” zero VPN across multi cloud applications β€” but still secured by TLS
  • Improvements to make it production ready
  • Improvements in documentation and UI support where one could do some policy adjustments and see live traffic migrate

Hope this gives you a brief idea about Istio and how it can help utilise service mesh capabilities. In a subsequent post, I will try to highlight the practical usage of Istio with some demos.

Follow us on Twitter 🐦 and Facebook πŸ‘₯ and join our Facebook Group πŸ’¬.

To join our community Slack πŸ—£οΈ and read our weekly Faun topics πŸ—žοΈ, click here⬇

If this post was helpful, please click the clap πŸ‘ button below a few times to show your support for the author! ⬇

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Akshay Kapoor

Written by

Faun

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium β€” and support writers while you’re at it. Just $5/month. Upgrade