The Cloud Native Computing Foundation (CNCF) has voted to accept the Network Service Mesh effort as a new sandbox project.
Network Service Mesh should not be confused with Istio, which is a different open source effort that is providing a service mesh that can work in cloud native environments, including the Kubernetes container orchestration platform. Istio is an increasingly popular approach for service mesh that now has multiple commercial vendors supporting it and providing their own supported implementations.
With a service mesh, networking connectivity and security policies are managed and deployed in a fabric that can span multi-cloud environments.
Networking in Kubernetes can be achieved with different approaches, including the use of the Container Networking Interface (CNI), which enables plugins to different networking technologies and vendor hardware. Network Service Mesh does not require users to have a new version of Kubernetes or a specific Container Networking Interface (CNI) plugin.
According to a presentation delivered by Cisco engineer Ed Warnicke to the CNCF Technical Oversight Committee on April 9, Istio is suitable for layer 7 application data traffic. Network Service Mesh however is for layer 3 (IP) and layer 2 (Ethernet) payloads.
“Inspired by Istio, Network Service Mesh maps the concept of a Service Mesh to L2/L3 payloads as part of an attempt to re-imagine NFV in a Cloud-native way,” the Network Service Mesh github project page explains.
There are three core concepts that enable the Network Service Mesh
- Network Service (NS) – L2/L3 payout sent to and from the network service to execute an action
- Network Service Endpoint – Provides a Kubernetes pod that enables the requested Network Service 3.
- L2/L3 Connections – Connects pods and NSEs
Network Service Mesh already benefits from the support of multiple sponsors including Cisco, Red Hat, VMware, Lumina Networks, Orange and Bell Canada. The project has had 22 code contributors thus far and has weekly meetings. Warnicke submitted the proposal to add Network Service Mesh as a sandbox project on February 28, with formal board presentation ending up on April 9.
“Thanks! NSM is now in the sandbox,” CNCF COO, Chris Aniszczyk wrote in a github commit message.
The CNCF has multiple tiers for projects, with the sandbox level being the entry point. From there, a project can move to the incubating level and finally when a project has reached a stage of maturity and adoption it can move to the graduated project status. Currently, there are six graduated projects within the CNCF including: Kubernetes (orchestration), Prometheus (monitoring), Envoy (service proxy), CoreDNS (service discovery), containerd (container runtime) and Fluentd (logging).
Sean Michael Kerner is a senior editor at EnterpriseNetworkingPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.