Service meshes

	B	C	E	G	I	K	O	Q	S	T	U	V
1
2	Product			Istio	Linkerd2	Kuma	Consul connect	AWS App Mesh	NGINX Service Mesh	Open Service Mesh	Traefik Mesh	Network Service Mesh

3	1. General information
4		Link		https://istio.io/	https://linkerd.io/2/overview/	https://kuma.io/install/latest/	https://www.consul.io/mesh.html	https://aws.amazon.com/app-mesh/	https://nginx.com/products/nginx-service-mesh	https://openservicemesh.io/	https://traefik.io/traefik-mesh/
5		Written in		Go	Go / Rust	Go	Go		Go / C	Go	Go
6		Developed by		Google, IBM, Lyft	Buoyant	Kong	Hashicorp	Amazon	NGINX	Microsoft	Traefik Labs
7		License		Apache License 2.0	Apache License 2.0	Apache License 2.0	Mozilla License	Closed source	Closed source / Apache License 2.0	Apache License 2.0	Apache License 2.0
8		Platform	Comparison of service meshes	Kubernetes	Kubernetes	Agnostic	Agnostic	ECS, Fargate, EKS, EC2	Kubernetes	Kubernetes, Azure AKS	AKS, EKS, K3S, GKE
9		CNCF Maturity		N/A	Graduated	Sandbox	N/A	N/A		Sandbox	N/A
10
11	2. Data plane
12		Service proxy		Envoy	Linkerd proxy	Envoy	Built-in, Envoy	Envoy	NGINX Plus	Envoy	Maesh
13		Automatic sidecar injection		✔️	✔️	✔️	✔️	✔️	✔️	✔️	✖︎
14		Traffic mirroring		✔️	✖︎	✖︎	✖︎	✖︎		✖︎	✖︎
15		Default load balancing mechanism		round-robin	EWMA (Exponentially Weighted Moving Average)	Round Robin	Weighted	Round Robin		Weighted	Weighted
16		Load balancing options		round-robin, weighted, random, least requests	✖︎	Round Robin, Least Request, Ring Hash, Random, Maglev	✔️	Default		✖︎	✖︎
17		Lcality load balancing		✔️	✖︎	✔️	✖︎	✖︎		✖︎	✖︎
18		gRPC load balancing		✔️	✔️	✔️	✖︎	✔️		✖︎	✖︎
19		HTTP load balancing		✔️	✔️	✔️	✔️	✔️		✔️	✔️
20		TCP load balancing		✔️	✔️	✔️	✔️	✔️		✖︎	✖︎
21		HTTP request matching rules		✔️	✔️	✔️	✔️	✔️		✔️	✔️
22		L4 traffic matching rules		✔️	✖︎	✔️	✔️	✖︎		✔️	✔️
23		Rate limiting		✔️	✖︎	✔️	✔️	✖︎		✖︎	✖︎
24		Egress gateway		✔️	✖︎	✔️	✔️	✖︎		✔️	✖︎
25		Ingress gateway		✔️	✔️	✔️	✔️	✔️		✔️	✖︎
26		Multi-cluster communication		✔️	✔️	✔️	✔️	✔️		In Dev	✖︎
27		DNS Proxying		✔️	✖︎	✔️	✖︎	✖︎		✖︎	✖︎
28		Notes
29		Notes		Notes	Notes	Notes	Notes	Notes	Notes	Notes	Notes
30			How to contribute:
31	3. Supported protocols		Leave a comment or drop us a line at research@learnk8s.io
32		TCP	Leave a comment or drop us a line at research@learnk8s.io	✔️	✔️	✔️	✔️	✔️	✔️	✔️	✔️
33		UDP	License:	✖︎	✖︎	✖︎	✖︎	✖︎	✖︎	✖︎	✔️
34		HTTP/1.1	Apache 2.0	✔️	✔️	✔️	✔️	✔️	✔️	✔️	✔️
35		HTTP/2	Last updated:	✔️	✔️	✔️	✔️	✔️	✔️	✖︎	✖︎
36		gRPC	May 25, 2022	✔️	✔️	✔️	✔️	✔️	✔️	✔️	✖︎
37		gRPC-web		✔️	Treated as TCP	Treated as TCP	Treated as TCP	Treated as TCP		Treated as HTTP	✖︎
38		Mongo		✔️	Treated as TCP	Treated as TCP	Treated as TCP	Treated as TCP		Treated as HTTP	Treated as HTTP
39		Redis		✔️	Treated as TCP	Treated as TCP	Treated as TCP	Treated as TCP		Treated as HTTP	Treated as HTTP
40		Kafka		Treated as TCP	Treated as TCP	✔️	Treated as TCP	Treated as TCP		Treated as HTTP	Treated as HTTP
41		Automatic protocol detection		HTTP, HTTP/2	HTTP, HTTP/2, gRPC	HTTP, gRPC, Kafka, TCP	✖︎	✖︎		✖︎	✖︎
42		Client initiated HTTP		HTTP, HTTP/2	Treated as TCP	HTTP, gRPC, Kafka, TCP	✖︎	✖︎		Treated as HTTP	Treated as HTTP
43		Notes
44		Notes		Notes	Notes	Notes	Notes	Notes	Notes	Notes	Notes
45			Find more research at:
46	4. Monitoring		https://learnk8s.io/research
47		Prometheus integration		✔️	✔️	✔️	✔️	✔️	✔️	✔️	✔️
48		Dedicated dashboard		✔️	✔️	✔️	✔️	✔️	✔️	✔️	✖︎
49		Grafana dashboards		✔️	✔️	✔️	✔️	✔️		✔️	Grafana Support
50		Custom metrics		✔️	✖︎	✖︎	✖︎	✖︎		In Dev	✖︎
51		Tracing backends		Jaeger, Open Tracing, Zipkin, Lightstep	Jaeger, OpenTracing	Jaeger, DataDog, zipkin	Jaeger, Open Tracing, Zipkin	Jaeger, OpenTracing, Zipkin, AWS X-Ray	Jaeger, Open Tracing, Zipkin, Datadog	Jaeger	Jaeger
52		Logging		Envoy access logs	✔️	✔️	✔️	✔️		Fluent Bit Log Forwarding	✔️
53		Notes
54		Notes		Notes	Notes	Notes	Notes	Notes	Notes	Notes	Notes
55
56	5. Resilience
57		Circuit breaking		✔️	✔️	✔️	✔️	✔️	✔️	✖︎	✔️
58		Retries and timeout		✔️	✔️	✔️	✔️	✔️	✔️	In Dev	✔️
59		Retry budget		✖︎	✔️	✖︎	✖︎	✖︎		In Dev	✖︎
60		Timeout per retry		✔️	✖︎	✔️	✖︎	✖︎			✖︎
61		Abort injection (Fault injection)		✔️	✔️	✔️	✖︎	✖︎	✖︎	✔️	✔️
62		Delay injection (Fault injection)		✔️	✖︎	✔️	✖︎	✖︎	✖︎	✖︎	✖︎
63		Response Bandwidth (Fault injection)		✖︎	✖︎	✔️	✖︎	✖︎		✖︎	✖︎
64		Canary Releases		✔️	✔️	✖︎	✔️	✖︎		✔️	✔️
65		Control plane HA		✔️	✔️	✔️	✔️	✔️		✔️	✖︎
66		Health Checks		✔️	✔️	✔️	✔️	✔️		✔️	✖︎
67		Notes
68		Notes		Notes	Notes	Notes	Notes	Notes	Notes	Notes	Notes
69
70	6.Security
71		mTLS		✔️	✔️	✔️	✔️	✔️	✔️	✔️	In Planning
72		mTLS permissive mode		✔️	✔️	✔️	✖︎	✔️		✖︎	✖︎
73		Built-in CA		✖︎	✖︎	✔️	✔️	✔️ (via ACM PCA)		✔️	In Planning
74		External CA certificate		✔️	✔️	✔️	✔️	✔️	✔️	✔️	In Planning
75		Authentication policies		✔️	✖︎	✔️	✔️	✖︎		✖︎	✖︎
76		Peer authentication		✔️	✖︎	✔️	✖︎	✔️		✖︎	✖︎
77		Request authentication		✔️	✖︎	✔️	✖︎	✖︎		✖︎	✖︎
78		Workload to workload authorization		✔️	✔️	✔️	✔️	✖︎		✖︎	✖︎
79		End-user to workload authorization		✔️	✖︎	✔️	✖︎	✖︎		✖︎	✖︎
80		Multi-tenancy		✔️	✖︎	✔️	✖︎	✔️		✖︎	✖︎
81		Notes
82		Notes		Notes	Notes	Notes	Notes	Notes	Notes	Notes	Notes
83
84	7. Service Mesh Interface
85		Access control/Traffic Access		✔️	✖︎	✖︎	✔️	✖︎	✔️	✔️	✔️
86		Traffic split		✔️	✔️	✔️	✖︎	✖︎	✔️	✔️	✔️
87		Traffic specs		✔️	✖︎	✖︎	✖︎	✖︎	✔️	✔️	✔️
88		Metrics		✔️	✔️	✔️	✖︎	✖︎	✔️	✔️	✖︎
89		Diagnostic tool		Istioctl	✖︎	✔️	✖︎	✖︎		osm-health	✖︎
90		Notes
91		Notes		Notes	Notes	Notes	Notes	Notes	Notes	Notes	Notes
92
93	8. Extensibility
94		Multi-cluster federation				✔️	✔️	✔️		In-dev	✖︎
95		Cross-cluster deployment		✔️	✔️	✔️	✔️	✔️	✔️	✖︎	✖︎
96		Proxy extension		WASM API	✖︎	✔️	✖︎	✖︎		In-dev	✖︎
97		Notes
98		Notes		Notes	Notes	Notes	Notes	Notes	Notes	Notes
99
100