Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case

Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case

Service Mesh has become essential for modern cloud-native applications by abstracting communication between microservices and providing zero-trust security, observability, and advanced traffic control without requiring code changes. This allows developers to leverage new network capabilities and foc...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2024-11
Hauptverfasser: Barr, Anat Bremler, Ofek Lavi, Naor, Yaniv, Rampal, Sanjeev, Tavori, Jhonatan
Format: Artikel
Sprache:eng
Schlagworte:
Consumption
Network latency
Performance evaluation
Security
Traffic control
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Barr, Anat Bremler
Ofek Lavi
Naor, Yaniv
Rampal, Sanjeev
Tavori, Jhonatan
description Service Mesh has become essential for modern cloud-native applications by abstracting communication between microservices and providing zero-trust security, observability, and advanced traffic control without requiring code changes. This allows developers to leverage new network capabilities and focus on application logic without managing network complexities. However, the additional layer can significantly impact system performance, latency, and resource consumption, posing challenges for cloud managers and operators. In this work, we investigate the impact of the mTLS protocol - a common security and authentication mechanism - on application performance within service meshes. Recognizing that security is a primary motivation for deploying a service mesh, we evaluated the performance overhead introduced by leading service meshes: Istio, Istio Ambient, Linkerd, and Cilium. Our experiments were conducted by testing their performance in service-to-service communications within a Kubernetes cluster. Our experiments reveal significant performance differences (in terms of latency and memory consumption) among the service meshes, rooting from the different architecture of the service mesh, sidecar versus sidecareless, and default extra features hidden in the mTLS implementation. Our results highlight the understanding of the service mesh architecture and its impact on performance.
format Article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_3124192384</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3124192384</sourcerecordid><originalsourceid>FETCH-proquest_journals_31241923843</originalsourceid><addsrcrecordid>eNqNisEKgkAUAJcgSMp_eNBZ0F0t8ypJh4KohY6yyBM13bW3Wr_fHvqATgMzs2AeFyIK0pjzFfOt7cIw5Ls9TxLhsYfEqtFtpXq44WhoyuCKVBsalK4QcjOMilprNJga7kjv1tkL2gYKUgN-DD1tBlPjpDzfQaKdIFcWN2xZq96i_-OabYujzE_BSOY1u6vszEzapVJEPI4OXKSx-O_6AuYjQH8</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3124192384</pqid></control><display><type>article</type><title>Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case</title><source>Free E- Journals</source><creator>Barr, Anat Bremler ; Ofek Lavi ; Naor, Yaniv ; Rampal, Sanjeev ; Tavori, Jhonatan</creator><creatorcontrib>Barr, Anat Bremler ; Ofek Lavi ; Naor, Yaniv ; Rampal, Sanjeev ; Tavori, Jhonatan</creatorcontrib><description>Service Mesh has become essential for modern cloud-native applications by abstracting communication between microservices and providing zero-trust security, observability, and advanced traffic control without requiring code changes. This allows developers to leverage new network capabilities and focus on application logic without managing network complexities. However, the additional layer can significantly impact system performance, latency, and resource consumption, posing challenges for cloud managers and operators. In this work, we investigate the impact of the mTLS protocol - a common security and authentication mechanism - on application performance within service meshes. Recognizing that security is a primary motivation for deploying a service mesh, we evaluated the performance overhead introduced by leading service meshes: Istio, Istio Ambient, Linkerd, and Cilium. Our experiments were conducted by testing their performance in service-to-service communications within a Kubernetes cluster. Our experiments reveal significant performance differences (in terms of latency and memory consumption) among the service meshes, rooting from the different architecture of the service mesh, sidecar versus sidecareless, and default extra features hidden in the mTLS implementation. Our results highlight the understanding of the service mesh architecture and its impact on performance.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Consumption ; Network latency ; Performance evaluation ; Security ; Traffic control</subject><ispartof>arXiv.org, 2024-11</ispartof><rights>2024. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>780,784</link.rule.ids></links><search><creatorcontrib>Barr, Anat Bremler</creatorcontrib><creatorcontrib>Ofek Lavi</creatorcontrib><creatorcontrib>Naor, Yaniv</creatorcontrib><creatorcontrib>Rampal, Sanjeev</creatorcontrib><creatorcontrib>Tavori, Jhonatan</creatorcontrib><title>Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case</title><title>arXiv.org</title><description>Service Mesh has become essential for modern cloud-native applications by abstracting communication between microservices and providing zero-trust security, observability, and advanced traffic control without requiring code changes. This allows developers to leverage new network capabilities and focus on application logic without managing network complexities. However, the additional layer can significantly impact system performance, latency, and resource consumption, posing challenges for cloud managers and operators. In this work, we investigate the impact of the mTLS protocol - a common security and authentication mechanism - on application performance within service meshes. Recognizing that security is a primary motivation for deploying a service mesh, we evaluated the performance overhead introduced by leading service meshes: Istio, Istio Ambient, Linkerd, and Cilium. Our experiments were conducted by testing their performance in service-to-service communications within a Kubernetes cluster. Our experiments reveal significant performance differences (in terms of latency and memory consumption) among the service meshes, rooting from the different architecture of the service mesh, sidecar versus sidecareless, and default extra features hidden in the mTLS implementation. Our results highlight the understanding of the service mesh architecture and its impact on performance.</description><subject>Consumption</subject><subject>Network latency</subject><subject>Performance evaluation</subject><subject>Security</subject><subject>Traffic control</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNqNisEKgkAUAJcgSMp_eNBZ0F0t8ypJh4KohY6yyBM13bW3Wr_fHvqATgMzs2AeFyIK0pjzFfOt7cIw5Ls9TxLhsYfEqtFtpXq44WhoyuCKVBsalK4QcjOMilprNJga7kjv1tkL2gYKUgN-DD1tBlPjpDzfQaKdIFcWN2xZq96i_-OabYujzE_BSOY1u6vszEzapVJEPI4OXKSx-O_6AuYjQH8</recordid><startdate>20241104</startdate><enddate>20241104</enddate><creator>Barr, Anat Bremler</creator><creator>Ofek Lavi</creator><creator>Naor, Yaniv</creator><creator>Rampal, Sanjeev</creator><creator>Tavori, Jhonatan</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20241104</creationdate><title>Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case</title><author>Barr, Anat Bremler ; Ofek Lavi ; Naor, Yaniv ; Rampal, Sanjeev ; Tavori, Jhonatan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_31241923843</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Consumption</topic><topic>Network latency</topic><topic>Performance evaluation</topic><topic>Security</topic><topic>Traffic control</topic><toplevel>online_resources</toplevel><creatorcontrib>Barr, Anat Bremler</creatorcontrib><creatorcontrib>Ofek Lavi</creatorcontrib><creatorcontrib>Naor, Yaniv</creatorcontrib><creatorcontrib>Rampal, Sanjeev</creatorcontrib><creatorcontrib>Tavori, Jhonatan</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Barr, Anat Bremler</au><au>Ofek Lavi</au><au>Naor, Yaniv</au><au>Rampal, Sanjeev</au><au>Tavori, Jhonatan</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case</atitle><jtitle>arXiv.org</jtitle><date>2024-11-04</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>Service Mesh has become essential for modern cloud-native applications by abstracting communication between microservices and providing zero-trust security, observability, and advanced traffic control without requiring code changes. This allows developers to leverage new network capabilities and focus on application logic without managing network complexities. However, the additional layer can significantly impact system performance, latency, and resource consumption, posing challenges for cloud managers and operators. In this work, we investigate the impact of the mTLS protocol - a common security and authentication mechanism - on application performance within service meshes. Recognizing that security is a primary motivation for deploying a service mesh, we evaluated the performance overhead introduced by leading service meshes: Istio, Istio Ambient, Linkerd, and Cilium. Our experiments were conducted by testing their performance in service-to-service communications within a Kubernetes cluster. Our experiments reveal significant performance differences (in terms of latency and memory consumption) among the service meshes, rooting from the different architecture of the service mesh, sidecar versus sidecareless, and default extra features hidden in the mTLS implementation. Our results highlight the understanding of the service mesh architecture and its impact on performance.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2024-11
issn 2331-8422
language eng
recordid cdi_proquest_journals_3124192384
source Free E- Journals
subjects Consumption
Network latency
Performance evaluation
Security
Traffic control
title Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-12T15%3A25%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Technical%20Report:%20Performance%20Comparison%20of%20Service%20Mesh%20Frameworks:%20the%20MTLS%20Test%20Case&rft.jtitle=arXiv.org&rft.au=Barr,%20Anat%20Bremler&rft.date=2024-11-04&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E3124192384%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3124192384&rft_id=info:pmid/&rfr_iscdi=true