Service Meshes Decoded: Is Istio Ambient worth it?

TOC:

What is Istio Ambient?

This blog is the second part of our service mesh comparison series. We recommend reading Service Meshes Decoded: Istio vs Linkerd vs Cilium first, where we compare three popular open-source service meshes Cilium, Istio, and Linkerd.

We received a lot of feedback after our Service Meshes Decoded (Part 1): A performance comparison of Istio vs Linkerd vs Cilium post that compared popular open-source service meshes Cilium, Istio and Linkerd – particularly requests to include Istio Ambient in our comparison. We agreed this was a reasonable ask and have now incorporated Istio Ambient into our review.

In addition to including Istio Ambient in our initial study, we also conducted a comparison of resource usage between Istio Ambient and Istio Sidecar. As a result, the report have two sections:

This blog post, like the previous one, will provide you with performance test results and summaries, whilst the full Test Report - Istio Ambient vs Istio Sidecar can be found in our public GitHub repository.

Service Mesh Comparison Continued

This section continues our initial Service Mesh comparison study, preserving and reproducing all conditions to compare Istio Ambient vs Istio Sidecar.

This study’s goal is to add Istio Ambient to our Service Mesh Comparison. To achieve this, we replicated the environments with the same configurations as in our original study, followed the existing test approach, used the Bookinfo test application, and adhered to the same principles to guarantee a fair comparison.

Therefore, we set up three environments:

Note: Make sure to review the Test Approach and Environment Details in our initial Service Mesh Test Report.

After conducting tests, we have received the following results:

Istio Sidecar

Istio Sidecar is 21% slower than the baseline for internal communications and 28% slower for external communications. The resource utilisation of Istio’s Sidecars is relatively high when compared to Ambient as the amount of resources needed scales with the amount of sidecar enabled pods. More pods, more sidecars. For a base resource comparison let’s take the unrealistic scenario where there is only one pod in a service mesh, Istio Sidecar consumes the same amount of CPU as Istio Ambient, but still four times more memory than Istio Ambient.

Istio Ambient

Istio Ambient is 15% slower for internal communications and 21% slower for external communications compared to the baseline, meaning Istio Ambient is faster than Istio Sidecar in all tested communications. The resource utilisation of Istio Ambient is relatively low due to the decoupled nature of the new design. More pods no longer result in more sidecars and the per-node resource requirement remains relatively constant. The difference in resource usage becomes more significant as the number of pods increases.

Below you can see the diagrams that visualise the difference in Response Time:

Internal Communications Test Results Diagram:

Chart Pod

External Communications Test Results Diagram:

Chart VM

To conclude, we can easily say that Istio Ambient is faster than Istio Sidecar and consumes fewer resources.

Resource Utilisation Comparison

In this section, we employ an alternative testing methodology to compare the resource utilisation of Istio Ambient vs Istio Sidecar, thus providing additional insights beyond those in our initial Service Mesh comparison.

For this test, we replicated environments with the same configuration as in our original study and only changed the node type to c5.xlarge in order to deploy a higher number of replicas for this test.

We also modified the test approach. Firstly, we reduced the duration of tests to 30000 requests to iterate quickly. Then, we ran tests for 1, 2, 4, 6, and 8 replicas of the productpage deployment successively. This approach allowed us to gradually see the difference between meshes at scale. The collected results show the resource usage of the test application, service mesh components, proxies, and the load testing job.

Test App Resource Usage

We obtained the results and prepared the diagrams to visualise the difference in resource usage:

Test App CPU usage
Test App RAM usage

And here is a small summary that explains the graphs above:

Load Testing Job Resource Usage

When it comes to the load testing job, the results remain the same as in the first section of this blog post. Below, you can see the diagrams that visualise the difference.

Load Testing Job CPU usage
Load Testing Job RAM usage

Istio Ambient Summary

In summary, Istio Ambient is a great product, which is definitely faster and more performative than Istio Sidecar. Leveraging the strengths of Istio Sidecar, Istio Ambient effectively addresses resource overhead, drives significant cost optimisation and becomes a strong contender to all products from our service mesh comparison.

Make sure to review the Test Report - Istio Ambient vs Istio Sidecar for more information on test results, operations, and compliance before implementing Istio Ambient.

This blog is the second part of our service mesh comparison series. If you are interested in this topic, read Service Meshes Decoded: Istio vs Linkerd vs Cilium, where we compare three popular open-source service meshes Cilium, Istio, and Linkerd. Also, feel free to book a meeting with one of our Cloud Platform Engineers to talk more about our studies.