Consul is easy to understand and use. It is highly available and dynamically distributed. This section will detail how Consul works as a service mesh and its architecture components for the control plane and data plane.

Consul is configured as a control plane that provides four main functionalities: service discovery, secure communication, resource configuration, and network segmentation. These components are managed by a cluster manager (Consul server) to provide a robust service mesh.

Consul provides a data plane through the use of a proxy and native integration model with microservices. It is shipped with the popular sidecar Envoy (built by Lyft) proxy. This can be seen in the following diagram:

The preceding diagram shows the Consul control and data planes. Some primary features of Consul's control plane are as follows:

• Consul can discover and register services by enabling service discovery through API or database calls. Consul also enables service tracking through DNS or HTTP protocols to identify application dependency. Users can also leverage Consul to discover microservice providers and their end-to-end deployment definitions.
• The Consul server (leader) writes to a key-value store to record the states of the services, agents, clients, and servers. It can also hold configuration parameters for individual services through the use of name-value pairs. The central configuration can be pushed down to services dynamically, providing a consistent view of all services as opposed to individual configurations for each service. 
• Consul provides network segmentation, thereby allowing certain services to communicate securely in a flat network.
• Consul can conduct health checks for running services, validate whether the server or client of the service side is routing traffic, and discover how many network requests are being transmitted and received. Consul collects physical node metrics to track CPU and memory utilization, along with other monitoring data. This data is used to monitor overall applications, platforms, infrastructure health, and performance. These metrics can also enable load balancing and traffic routing to avoid unhealthy service containers/pods.
• Microservices can access Consul's key-value store through REST API calls for dynamic service configurations, feature flagging, network request coordination, and so on.
• Consul Connect can configure secure connections to services by assigning TLS certificates for service-to-service communication. This will establish a mutual TLS (mTLS) for services by assigning sidecar proxies and defining Intentions to enable this communication.
• Consul Intentions is a service that defines access control through Consul Connect. Intentions are enforced by service-integrated sidecar proxies for inbound connections. It can also manage network segmentation and apply real-time changes to services.
• Multi-data center are provided out of the box, and Consul supports multiple data centers. This capability allows services and the Consul mesh to be scaled without us having to define additional abstraction layers on the network.

When IP addresses change in a dynamic infrastructure environment, connecting to a service through its IP address is no longer a reliable method unless DNS or iptables are used to update endpoints dynamically. Consul provides service discovery within an infrastructure in which applications can discover available services through the Consul agent running on the node, which then forwards queries to Consul server in a data center. Since Consul servers from one data center are connected to Consul servers in all the other data centers through the WAN gossip protocol, local Consul servers can forward the discovery request to the appropriate remote data centers.

Now, let's explore Consul's agent configuration.