Istio's architecture

While discussing the service mesh, you will come across L4/L5 or L7 Layers. These terms originated from the Open System Interconnect (OSI) model (https://tinyurl.com/y4g7zuce), which explains that there's seven types of layers for communication, as follows:

  • Layer 1: Physical Layer
  • Layer 2: Data Link Layer
  • Layer 3: Network Layer
  • Layer 4: Transport Layer
  • Layer 5: Session Layer
  • Layer 6: Presentation Layer
  • Layer 7: Application Layer

A service mesh manages traffic between microservices at Layer 7 of the OSI model.

Overall, the service mesh is an infrastructure for handling service-to-service communication. This chapter will provide a high-level overview of the control plane and the data plane.

Let's understand what the control and data planes are. The terms control plane and data plane were used initially in software-defined networks. Routers and switches use a conceptual model called planes. You can think of the control plane as the brain of the network (altering and filtering data) and the data plane as the device that the network traffic flows through (it forwards the traffic). For example, let's say you bought a router a few years ago that came with its own software. Later, you found that you could upgrade the software without changing the hardware. The software is the control plane, while the physical devices are the data or forwarding plane.

The same concept applies to a service mesh architecture, where a proxy handles the communication between services. The control plane manages proxies running in a data plane through policies and configurations. This can be seen in the following diagram:

These two abstract components essentially define Istio's architecture, as shown in the following diagram:

Istio uses an extended version of the Envoy proxy. Envoy is a battle-tested, highly performant, low latency, independent component. It collects shapes, shifts, and splits and routes traffic and collects telemetry for all of the service calls. It can filter L3 and L4 layers for byte-in and byte-out data through multiple protocols, such as HTTP/1.1, HTTP/2, gRPC, and TCP.

The proxy is deployed alongside all of the service pods as a sidecar proxy to intercept calls between the services and the clients. Envoy isn't a library but a separate container that can be updated independently from the microservice it is proxying.

Taking this information forward, let's go through the control and data planes to understand the concept of Istio's service mesh.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.218.230