Application Service Mesh (ASM)

The term “service mesh” is used to describe the network of microservices that make up applications and the interactions between applications. With the popularization of microservices, a service mesh grows in size and complexity, and it can become harder to understand and manage. Greater challenges also emerge in the basic operations and advanced O&M of the distributed microservice architecture.

Application Service Mesh (ASM) is a non-intrusive solution for you to manage microservice lifecycle and traffic. ASM’s diverse feature set, such as load balancing, outlier detection, and fault injection, lets you successfully and efficiently run a distributed microservice architecture, and provides a unified way to secure, connect, and monitor microservices. ASM also helps reduce the complexity of application deployments and eases the strain on your development teams.

ASM is developed based on Istio and seamlessly interconnects with Cloud Container Engine (CCE), an enterprise-grade Kubernetes cluster service on Open Telekom Cloud. It also provides diversified built-in grayscale releases, including canary release and blue-green deployment, for one-stop, automated releases. With better usability, reliability and visualization, ASM provides you with out-of-the-box features and an enhanced user experience.

Person with tablet uses Application Service Mesh in the Open Telekom Cloud

Reasons for ASM in the Open Telekom Cloud

Icon composition of button and connections symbolize simplified user-friendliness

Ease of use

The out-of-the-box usability allows you to use a service mesh without any code rewrite or manual installation. The Build-in Canary Release and Blue-Green Deployment help users deploy the grayscale version and switchover traffic with a few clicks.

Flexibility

ASM provides policy-based Intelligent Routing and Flexible Traffic Management. Load balancing, service routing, fault injection, and outlier detection policies can be intuitively configured. Microservice traffic management can be real-time, visualized, intelligent, and automated, needing no modifications to your applications.

Monitoring

You benefit from Graphical Application Topology and Visualized Traffic Management. ASM provides visualized traffic monitoring, which clearly displays information on tracing health status, abnormal responses, responses with long latency, and traffic status topology.

Icon composition of speedometer and thumbs up symbolize high reliability

Performance and
reliability

The performance and reliability of the control plane and data plane are enhanced based on the community version.

Key Features of Application Service Mesh

Grayscale release

Grayscale policies based on request content: You can set criteria based on request content, such as header and cookie. Only requests meeting the criteria will be distributed to the grayscale version.
Grayscale policies based on traffic ratio: You can set specific ratios for the traffic to be distributed to the grayscale version.
Canary release: Guidance will be provided to help you perform canary release on a service, including rolling out a grayscale version, observing the running and traffic of the grayscale version, configuring grayscale release policies, and diverging the traffic.
Blue-green deployment: Guidance will be provided to help you perform blue-green deployment on a service, including rolling out a grayscale version, observing the running of the grayscale version, observing traffic, and switching traffic.

Traffic Management

Layer-7 connection pool management: You can set the maximum number of HTTP requests, maximum number of retry times, maximum number of pending requests, maximum number of requests for each connection, and maximum connection idle period.
Layer-4 connection pool management: You can set the maximum TCP connections, connection timeout duration, maximum non-responses, minimum idle period, and health check interval.
Outlier detection: You can configure outlier detection rules, such as the number of consecutive errors allowed before a pod is evicted, check period, base ejection time, and maximum percentage of ejected pods.
Retry: You can configure the number of HTTP retry times, retry timeout duration, and retry condition.
Timeout: You can configure the HTTP request timeout duration.
Load balancing: You can configure multiple load balancing policies, such as random, round robin, least connections, and consistent hashing.
HTTP header: You can flexibly add, edit, and remove HTTP headers, including the operations on the HTTP headers before the request is forwarded to the destination service and before the response is returned to the client.
Fault injection: You can configure delay and abort faults.

Security

Service security certification, authentication, and audit lay a solid foundation for service security assurance.

Peer authentication: Peer authentication defines how traffic reaches the current service pod, either through the tunnel or not. Currently, three authentication policies are supported: UNSET, PERMISSIVE, and STRICT.
Access authorization: Access authorization controls the access to services in the mesh and determines whether a request can be sent to the current service.

Observability

Application access topology: An application access topology shows the dependencies between services.
Service running monitoring: Service access information, including service information, different versions of the service, QPS, and latency can be monitored.
Access logs: Service access logs can be collected and searched.
Tracing: Non-intrusive tracing points. You can use the tracing data to demarcate and locate faults.

Framework of the mesh
data plane

Spring Cloud: supports unified management of services developed using Spring Cloud SDK.
Dubbo: supports unified management of services developed using Dubbo SDK.

Compatibility and extension

The HTTP, gRPC, TCP, TLS, and Dubbo protocols are supported. Integration solutions for traditional microservice SDKs such as Spring Cloud and Dubbo are provided. Services developed using traditional microservice SDKs can be migrated to cloud-native containers and mesh running environments without major code modification.

Community compatibility: ASM APIs are fully compatible with the Istio community.
Support for community add-ons: Tracing, Prometheus, Kiali, and Grafana are supported.

Use cases

Grayscale Release

In traditional iterations, a new service version is directly released to all users at a time. This is risky, because once an accident or bug occurs online, the impact on users is great and it could take a long time to fix the issue. Sometimes, the version has to be rolled back, which severely affects user experience.

Grayscale release is a smooth iteration mode for version upgrade. During the upgrade, some users use the new version, while other users continue to use the old version. After the new version is stable and ready, it gradually takes over all the live traffic.

ASM provides multiple grayscale release functions for application governance. It allows you to detect and fix issues at the early stage and ensure that the iteration goes smoothly and efficiently.

Traffic Management Service

Traffic management entails a wide range of operations, including:

Dynamically modifying load balancing policies for cross-service access, such as configuring consistent hashing to send traffic to specific service pods
Distributing a certain proportion of traffic to a specific version of a service when the service has two online versions
Protecting services, for example, limiting the number of concurrent connections and requests, and isolating faulty service pods
Dynamically modifying the content of a service or simulating a service running fault

No code refactoring is required when you use ASM to manage traffic.

Non-intrusive traffic management capabilities are provided based on Istio. Policy- and scenario-based network connection management is provided to suit different service protocols. Different management rules can be configured for different service APIs on the topology to meet your service requirements.

Service Running Monitoring

Container-based infrastructure brings a series of new challenges. It is necessary to evaluate and enhance the performance of API endpoints and identify potential risks of infrastructure. Istio service mesh enables you to enhance API performance without code refactoring and service delays.

ASM generates detailed telemetry for all service communications within the mesh. It provides observability of service behaviors and allows operators to easily troubleshoot, maintain, and optimize their applications. With ASM, operators can better understand how services interact with other services and their components.

Find out more

Pricing overview

Price calculator
Pricing models: Management & Applications
Service description incl. price list (PDF)

Book now and claim starting credit of EUR 250* (code: 4UOTC250)

Book now

Take advantage of our consulting services!
Our experts will be happy to help you.

We will answer any questions you have regarding testing, booking and usage – free and tailored to your needs. Try it out today!

Hotline: 24 hours a day, seven days a week

0800 3304477from Germany

+800 33044770from abroad

Write an E-mail

* Voucher can be redeemed until December 31, 2024. Please contact us when using the voucher for booking. The discount is only valid for customers with a billing address in Germany and expires two months after conclusion of the contract. The credit is deducted according to the valid list prices as per the service description. Payment of the credit in cash is excluded.