Istio is a service mesh, which facilitates the communication between different microservices in an application.
While Istio is one of the top service meshes, and it is one of the few ones many are aware of, it is not the only one on the market. As service meshes become more widespread, more are emerging as worthy Istio competitors.
One of the problems people face when using Istio is that it can be pretty complex to set up, and it isn’t as fast as some other options. When there are more requests, latency increases; in real life, that means the application gets slower for the user.
There are other service meshes out there — including some that are much faster, as proven with testing. Today, we will be exploring seven Istio alternatives.
Also Read: Best Open-source Tools For Web Developers
A service mesh makes it easy to manage an application by bridging the gaps between the different microservices in the application. Not only can you connect the services using a service mesh, but you can monitor and control them, giving you flexibility over your application.
You won’t need to edit the code in the application itself to control how the different microservices in the application share data with each other or control access policies — a service mesh takes care of that.
A service mesh works as an infrastructure layer. By monitoring how different microservices and parts of an application interact with each other using the service mesh, you can detect flaws and fix them, leading to improved performance over the long run and less downtime.
To provide a great user experience, an app needs to have its parts communicating directly with each other and extracting information.
For example, Uber Eats needs to look at the different restaurants currently open, see which menu options are currently available, check for estimated delivery time and prices, check for updated estimated delivery time based on where the driver is, and then relay all that information to the user.
By using a service mesh like Istio — and Istio is used by many of the top companies — you can improve the user experience and provide a smoother, less interrupted user journey.
Not only that, but you can detect security flaws and fix them, avoiding problems with encryption or other security features down the road.
Since it layers on the existing infrastructure of the app, it doesn’t require additional developer overhead or you to code all of what it accomplishes into the services themselves.
Check Out: Best Swagger Alternatives
Are microservices the same as a service mesh? Don’t microservices already fulfill the purpose of a service mesh?
Microservices are individual services within an application. They work together to make the application a whole.
By individualizing these microservices and keeping them separate from each other, developers can work on and improve one of these microservices without needing to redeploy the entire application. Of course, since the microservices need to work together, you’ll need to make communication between them possible.
While you may code that into the microservices without using a service mesh, it can get complicated quickly. That’s where a service mesh comes into the picture, as it serves as an added layer of infrastructure to enable communication.
Explore: BitBucket vs GitHub
The best Istio alternative is Linkerd, a service mesh that is generally known to be a lot faster than Istio. Originally, Linkerd was created by Buoyant, which continues to support the project.
Both tests run by Linkerd and tests run by Kinvolk (now part of Microsoft) showed that Linkerd is substantially faster than Istio.
To run its test, Kinvolk aimed to increase the HTTP request rate per second, mimicking what an application would look like under stress to see resulting latencies and determine how the user experience would be affected in real life.
Using a constant rate of requests per second and comparing it against the same RPS (requests per second) without a service mesh, Kinvolk was able to determine the performance of the service mesh.
There was a slight hiccup in the testing process, in that the stock version of Istio used was not optimized for performance testing. Even when they tested again using a newly tuned version of Istio, they found that it was enforcing a CPU limit; they then removed that limitation, so they could be sure they were getting an accurate comparison of Istio vs Linkerd.
On the other hand, when they used Linkerd for the test, they did not do any tuning but instead stuck to the latest release, as is.
Here are the results from the test:
- Latency was increased by a wide margin when using Istio as compared to Linkerd. In other words, in real life, Istio is slower and provides a less optimal user experience for the customer.
- Istio, both the tuned and untuned versions, used up a lot more memory and CPU than Linkerd.
- When the load was the highest, however, Linkerd’s proxies used up more CPU than Istio.
To see the full details of the tests, which benchmarks and methods were used, and more, read about it on Kinvolk’s blog.
Later, Linkerd itself reran those tests with some variations. For example, while the Kinvolk tests used an RPS of 500-600, Linkerd’s tests, which also used an as-is version of Linkerd, tested for a broader RPS range: 20 RPS up to 2,000 RPS.
Also Read: Best Confluence Alternatives
The results were the same: Linkerd dramatically outperformed Istio, both in terms of speed and CPU consumption. You can view all the data from the results here.
The main difference between Istio and Linkerd, and the one leading to this dramatic difference, is that Istio uses the Envoy proxy (more on that later), albeit an extended version, while Istio uses a Rust-based proxy.
Envoy is an excellent proxy, but it is made for general purposes and not specifically designed for service meshes. Linkerd, using Rust, instead developed its own “micro proxy” with a service mesh use case only to avoid the vulnerabilities that can come with using Envoy.
Linkerd calls its proxy a “micro proxy” because, being that it is not designed as a general-purpose proxy with flexibility for many use cases, it is a lot less complex, thus allowing for more speed.
It’s also worth mentioning Conduit, once we’re talking about Linkerd.
Conduit was a “lighter” version of Linkerd developed by the Linkerd team, designed to be a simpler solution that still allowed for the benefits of a service mesh: communication between microservices, observability, monitoring, and more.
Originally, Conduit was separate from the main Linkerd ecosystem. Nevertheless, after the Linkerd team perfected Conduit to the point they felt it could be their main product, they used Conduit as the basis of their new Linkerd release.
Thus, Conduit and Linkerd are now the same, and there is no separate repository or product; you can view the Linkerd repository on GitHub here.
As I mentioned before, Linkerd is the best Istio alternative, so if you’ve seen Conduit mentioned online and want to try it, you should now use Linkerd instead.
Also Read: Best Firebase Alternatives
The next Istio alternative on our list is Kubernetes. Yes, it’s not a service mesh, but when we’re talking about microservices, we can’t possibly go on without talking a bit about containerization, which goes hand in hand with microservices.
Kubernetes allows you to automatically deploy and manage containerized applications. You can use Kubernetes with or without Istio; you don’t need Istio to use it.
Kubernetes is focused more on the deployment and scaling of applications, as opposed to the communication part. By communicating with the Kubernetes API Server, nodes in a Kubernetes cluster can get information about all services in the cluster.
One reason to use Kubernetes without Istio is that using Istio can lead to increased latency and use up more CPU as opposed to using the built-in functions in Kubernetes. However, it all depends on the size and scale of the application and how many pods there are.
Interesting Post: Kubernetes vs OpenShift
3. Kong Mesh
Kong is the next Istio alternative on our list. Unlike Istio, it isn’t primarily a service mesh but an API gateway, and, depending on your situation and needs, it might be a more appropriate tool for you to use.
Nevertheless, Kong also offers a service mesh as a separate product, called Kong Mesh, which is also built on Envoy. Kong Mesh is designed to work with both Kubernetes and Virtual Machines, making it one of the best service meshes if you use both — better than Istio, which was primarily created for Kubernetes.
For example, as seen in this case study, MS3 chose Kong Mesh due to that reason — its support for both virtual machines and Kubernetes and the ability to migrate between the two, as well as its high performance.
With multicloud, multicluster, and multiplatform support for Kubernetes and Virtual Machines, Kong’s service mesh discovers and connects to other services automatically.
So, what’s the difference between Istio or Kong Mesh and the Kong API gateway?
While a service mesh like Istio will only deal with communication between microservices in your application, an API gateway like Kong can go beyond that and route internal as well as external API calls.
An API gateway is a data pane that receives requests from the client and reverse proxies those requests to the APIs.
A service mesh like Istio has both a control pane and a data pane, but an API gateway like Kong can have the control pane bundled into the data plane.
You can use an API gateway like Kong together with a service mesh, which is actually better for security.
The topic of service mesh vs API gateway is a very complicated and technical one. A lot has been written about the differences between the two and whether you need an API gateway if you are using a service mesh.
While there is an overlap in technologies, as well as capabilities like traffic routing, a service mesh doesn’t replace API management. This blog post explains it well.
If you’d like to delve even deeper into the topic, Kong itself has an entire ebook dedicated just to the differences between an API gateway and service mesh.
Also Read: OpenShift vs Docker
Apigee is an API management tool and the next Istio alternative on our list. After being bought by Google, it is now part of Google Cloud.
From API discoverability to tracking and analytics, managing your APIs has never been easier than with Apigee. Apigee also serves as a proxy, isolating the front end from the back end and allowing you to make database changes and other changes without disrupting the usability of the app on the client’s end.
As you will need to be discovered by developers if you want them to use your API for external applications, Apigee allows you to do that and control different levels of access and capabilities; it gives you control over who can use each level of your API service and what they can do with it.
The cool part is that you can choose between Apigee and Apigee Hybrid. While Apigee is a SaaS solution hosted entirely in Apigee’s environment, the hybrid solution allows you to have the management pane hosted in Apigee, but the runtime pane hosted in a cloud provider of your choice or your own servers, thus keeping your data in a secure environment.
Apigee differs from Istio in that Istio focuses on the management of microservices, while Apigee helps you manage your APIs and make them available to developers to work with. While Istio and other service meshes focus on intercommunication within an application, Apigee and APIs allow you to connect with external applications made by third parties.
Nevertheless, after buying Apigee, the Google team collaborated with the Istio team to integrate API management into Istio. Until then, since there was no formal integration, you had to use Apigee outside Istio and connect it to your service mesh, with your service mesh being treated as any other target service.
With the native integration, you can now expose just one or two of your microservices as an API. Alternatively, if you already use Apigee, you can create a service mesh within it and move microservices into that mesh, as explained by Google.
Also Read: Best MuleSoft Alternatives
The next Istio alternative on our list is Envoy. It differs from Istio in that while Istio uses an extended version of the Envoy proxy, Envoy itself can be used to build other service meshes if you don’t want to use Istio for whatever reason.
While Envoy isn’t the only proxy available, it is one of the best options. Written in C++ and originally created at Lyft (the ride-sharing company), it is easily extendable, and it is lightweight and easy to work with.
By itself, Envoy can be used for individual services and applications as well, without a service mesh like Istio. However, when you build a service mesh and use Envoy as the proxy for sidecars and the edge proxy, you will be able to observe your entire network of services and fix problems as they arise.
Envoy is entirely open source, making it a good choice to work with. It has a small footprint and you can use it with any application language.
Envoy is high performance. With features like automatic retries and global rate limiting, Envoy also allows for advanced load balancing.
Check Out: Best Trello Alternatives
6. AWS App Mesh
Another good alternative to Istio is AWS App Mesh, which is also a service mesh designed to improve communication between services across all types of computing infrastructure.
If you run your applications on Amazon infrastructure, then Amazon Web Services App Mesh is the best Istio alternative for you. Like Linkerd, it uses the Envoy proxy.
To be more specific, AWS App Mesh supports the following compute infrastructure:
- Amazon EC2
- Amazon ECS
- Amazon EKS
- AWS Fargate
- Kubernetes running on Amazon Web Services
- AWS Outposts for services running on-premises
AWS App Mesh connects all your services, routes traffic between them, and allows you to monitor and control traffic without updating the code of each service in the application and building those rules into them. You can set authentication access so only services you allow connect with each other, and you can encrypt all network traffic even when they are within your private network.
Also, AWS App Mesh integrates with monitoring and tracing tools from Amazon. You can use it to export your monitoring data to the Amazon CloudWatch monitoring service or the AWS X-Ray distributed tracing system.
In fact, you can export the data to any AWS partner for monitoring. According to Amazon, those Amazon Web Services partners include Datadog, Neuvector, Weaveworks, Aqua, and many others.
According to Vedcraft, AWS App Mesh is also a better choice than Istio if you have services in multiple programming languages, and you need them to communicate with each other.
Also, Istio can incur higher operational costs than AWS Service Mesh, and you will have to deal with higher operational overhead unless you are using the managed service of Istio. AWS App Mesh is an entirely managed service, so you will not need to install infrastructure on your end.
Also Read: Jira vs Asana
The final Istio alternative on our list is Consul, a multiplatform service mesh. Using Consul, you can set up a service mesh between multiple clusters and environments while maintaining and enforcing consistent policies and security features for network traffic between services.
You can observe your metrics inside the Consul user interface or export your data to a third-party monitoring platform to check for health issues.
You can use Consul either for cloud applications or those running on-premises. It can also be used for hybrids.
There are a number of benefits of using the Consul service mesh instead of Istio. For example, to fully enjoy Istio, you must deploy multiple services, and a third-party service catalog is required; Consul includes all that and negates the need for external systems, though external systems can be used to augment behavior.
For a deeper comparison of Istio vs Consul and the benefits Consul offers over Istio, check out Consul’s own blog post about it.
Consul, developed by Hashicorp, is overall easier to use and less complex than Istio. In this way, it is similar to Linkerd, making it a great Istio alternative if you are already familiar with Hashicorp products.
Also, according to Logz.io, Consul supports certain tracing backends such as OpenTracing, DataDog, and Honeycomb, while Istio does not.
Explore: Best BrowserStack Alternatives
The service mesh scene is still pretty new. There aren’t that many alternatives to Istio on the market just yet.
While Istio is perhaps the most well-known, along with Linkerd, it does come with some drawbacks, as I’ve made clear throughout this article. For example, it can be pretty complex to set up; it uses an extended version of a general-purpose proxy as opposed to a micro proxy like Linkerd.
Overall, Linkerd is the best Istio alternative, beating Istio hands down in terms of ease of use, speed, and CPU usage. Nevertheless, there are some other great alternatives as well — if you like Amazon Web Services, AWS Service Mesh is the best choice.
Service meshes like Consul Connect are not well known, but more and more are popping up with time. They promise additional speed, and the spotlight is slowly turning away from Istio as more people become aware of services meshes and these Istio alternatives, even if Istio is still the industry standard.
In a few years, don’t be surprised if even more Istio alternatives emerge on the market as more people start to look for something faster and less complex.
If you are already using Istio, however, switching to another service mesh like Linkerd might be a bit of a complicated process. In that case, you would have to ask yourself whether it’s worth the effort.
Also Read: Best GitLab Alternatives
Linkerd is the best Istio alternative.
As I demonstrated, and as proven by tests, it is a lot faster than Istio, with decreased latency in real-world situations.
Scott L. Macarthur is a marketing consultant and an online author. He is mostly engaged in providing his expertise to startups and SMBs. He is also an author on TheNextWeb.