API Gateway vs. Service Mesh: How to Make a Choice? - Cloud Architects

  • Home
  • API Gateway vs. Service Mesh: How to Make a Choice?

The IT industry has gone through a significant transformation over the past decade. The companies have started embracing the DevOps approach, cloud-native technologies/tools, monolithic applications getting redesigned into microservices, etc. While adopting microservices has its own advantages, it also poses complexities and security risks that need to be addressed. For example, as a startup, it might seem very easy initially with the microservices architecture and small teams working on each service, but when the number of microservices grow along with the company, the inner and outer communications between services becomes complex. This is where API Gateways and service meshes come into play.

ape_gateway_vs

In this article, we will see both these topics in detail and try to understand the important similarities, differences, and when to use them.

API Gateway

API-Gateway-1536x864

API management and API Gateways were used as a primary technology for modern API use cases in data centers, services communication inside and outside, scaling of microservices, etc. API management has evolved to a great extent in recent times. When you employ microservices and when they scale, the number of application endpoints explode significantly. Every single endpoint is required to be secured and managed correctly. It is a huge task for developers and takes most of their time without APIs. API management helps in securing these endpoints appropriately.

API gateways are used to manage, transform, and secure APIs. They sit between the public-facing network and the back-end servers. The gateway can be configured to provide custom policies, authentication, logging, or monitoring for the APIs.

Consider a banking app created with various microservices working together but performing different tasks. When a user wants to see his/her account details, one microservice will search for this particular user’s data, and the other microservice shows the user’s data on the dashboard as a webpage. While both of these microservices get triggered when a user wants to see his/her account information, there needs to be an intermediary that can help this process to go in order and smoothly.

Here, an API Gateway serves as a gatekeeper that accepts the requests from outside, forwards the requests to the right microservices responsible, and sends the information back to the user.

Service Mesh

Service-Mesh-1536x864

Service mesh is an architecture that enables the management of service to service communication by implementing features like tracing, traffic management, monitoring, etc. In addition, service meshes can also provide observability for microservices architecture. In simple words, a service mesh is a protective layer for microservices in an application. It provides developers with observability and traffic management capabilities that were previously inaccessible.

Service meshes dramatically enhance service-to-service connectivity by making the network requests more robust, secure, and observable.

Even before the concept of the service mesh, the application and security teams used to implement network traffic policies, communication policies, security, observability, tracking, and error handling between microservices to enhance the connectivity of any outbound — or inbound — network requests that the application would either make or receive.

The teams used to implement these capabilities by writing more code in their services. Then different teams would write similar code to implement the same thing in different languages for compatibility. This creates more fragmentation and security risks for network connectivity. Service meshes remove these risks by completely outsourcing the network management.

Major similarities between API Gateway and Service Mesh

  • At a high level, both facilitate the communication between services and manage the network traffic.
  • Both API Gateway and service mesh help with service discovery
  • Both enable better observability of the system.

Significant differences between API Gateway and Service Mesh

  • An API Gateway operates at the application layer, whereas a service mesh operates at the infrastructure level.
  • One basic differing point between the two is the deployment model: deploying a proxy data plane alongside every replica of every service is a must in service mesh, whereas in API Gateway, no such proxy data plane is required.
  • An API Gateway focuses more on the business logic, whereas a service mesh focuses more on service-to-service communication.
  • An API Gateway manages internal and external apps and requests, whereas a service mesh is only for internal usage, it stands between the internal services and network communications.
  • An API Gateway can work with both monolithic and microservices architecture patterns, whereas a service mesh can only be employed with microservices architecture.
  • API Gateway is a traditional methodology, and there can be security challenges, whereas service meshes are built with more advanced technology to address these network and security challenges.
  • API Gateway is a more mature technology and involves manual security inputs compared to service meshes. Service mesh is a new advanced and emerging technology that involves automated security inputs.
  • API Gateway metrics help understand the overall application health, whereas service mesh metrics help understand the health of individual microservices and related components within the app.

Do you need an API Gateway or a Service Mesh?

When you see the overview, it looks like both do a similar job and have the same functionalities. But, the truth is they differ fundamentally in their focus, the differences we have already listed above. Even though API Gateway is still considered a most sought-after technology, service mesh technologies are suddenly evolving and are starting to take on some of the functionalities of an API gateway.

The enterprises benefit from using both API Gateway and service mesh at the same time. An API gateway can be used to simplify the way the application manages and handles external requests and traffic; a service mesh can be employed along with it in securely streamlining internal communication.

An API gateway may send a request that is coming from outside to a particular microservice, and from there, a service mesh acts upon in redirecting that request to another microservice internally in a secured fashion. Thus, having both an API Gateway and a service mesh is always a good option, so you get the best from both the world. But that doesn’t mean you have to use both of them and it is a must; you can use either of them according to your requirements. You can use either of them independently.

How and when to choose Service Mesh?

There are many offerings for service mesh; some of the notable ones include IstioLinkerDConsul ConnectKumaMaeshAWS App Mesh, etc.

Microservices adoption and container technology are growing rapidly in the cloud-native space. This means the enterprises need more advanced traffic management and a secured communication mechanism between services, which is only possible with service meshes.

Service mesh becomes very important,

  • When you have more workloads, and the number of microservices are increasing in your project
  • When you are using Kubernetes extensively in production
  • When you have a matured CI/CD pipeline, and you are frequently deploying to the production
  • When your app is complex and needs to be tightly secured
  • When you have a mix of application languages and frameworks

Which Service Mesh to use?

Although Istio is becoming a defacto standard service mesh, there are others that might easily solve your problems. Hence, there is no single and right or wrong answer to this question. Instead, you need to choose your service mesh depending on your current requirements, challenges, skills, and resources.

The cloud-native landscape is changing rapidly, service meshes have become an essential component of the modern cloud-native stack. Enterprises should invest themselves and experiment with these new technologies to solve their modern problems. Service meshes, like all other technologies, solve major issues that arise with adopting a microservices architecture. Since most organizations are embracing the microservices architecture towards their cloud-native journey, it becomes evident that service meshes will soon become a norm in every organization’s technology stack.

X