Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case

TL;DR

This study evaluates how different service mesh frameworks impact application performance, focusing on the overhead caused by mTLS security protocols in terms of latency and resource usage within Kubernetes environments.

Contribution

It provides a comparative analysis of leading service meshes' performance impacts due to mTLS, highlighting architectural differences affecting latency and memory consumption.

Findings

Significant performance differences among service meshes

Architecture influences latency and resource consumption

Default features in mTLS affect overall performance

Abstract

Service Mesh has become essential for modern cloud-native applications by abstracting communication between microservices and providing zero-trust security, observability, and advanced traffic control without requiring code changes. This allows developers to leverage new network capabilities and focus on application logic without managing network complexities. However, the additional layer can significantly impact system performance, latency, and resource consumption, posing challenges for cloud managers and operators. In this work, we investigate the impact of the mTLS protocol - a common security and authentication mechanism - on application performance within service meshes. Recognizing that security is a primary motivation for deploying a service mesh, we evaluated the performance overhead introduced by leading service meshes: Istio, Istio Ambient, Linkerd, and Cilium. Our experiments were conducted by testing their performance in service-to-service communications within a Kubernetes cluster. Our experiments reveal significant performance differences (in terms of latency and memory consumption) among the service meshes, rooting from the different architecture of the service mesh, sidecar versus sidecareless, and default extra features hidden in the mTLS implementation. Our results highlight the understanding of the service mesh architecture and its impact on performance.