HashiCorp’s Consul Adds Layer 7 to Become a Full-Fledged Service Mesh
HashiCorp, the company behind multicloud infrastructure automation software such as Terraform, Vault, Nomad and Consul, is working to meet the expectations set by other service meshes and expand those same expectations at the same time. At the HashiConf EU conference this week, the company unveiled a beta of Consul 1.6, calling it a “full-featured service mesh” with the addition of Layer 7 traffic management, and multi-platform and multicloud service networking capabilities as part of a feature called Mesh Gateways.
By adding support for Layer 7, the application layer of the seven-layer OSI model, to Consul’s management and observability functions, the service mesh can now provide HTTP traffic routing, traffic shaping, and a tight control over resolution of service, providing failover and rerouting capabilities. Previously, Consul operated at Level 3 and 4, which meant it was agnostic to what protocol an application was communicating in, but it didn’t provide this level of granular functionality.
In an interview with The New Stack, HashiCorp founder and co-Chief Technology Officer Armon Dadgar defended the idea of Consul as a full-service mesh, explaining that the product now meets those expectations, while simultaneously pushing the boundaries for what a service mesh provides.
“With the announcement of both the Mesh Gateway and the layer seven capabilities, we now see Consul as a full-service mesh. The feedback we received with Consul before was ‘Can you call it a service mesh without the layer seven features?’ Our view was yes because it depends on your definition of a service mesh. For us, the focus was more on the security and networking aspects of it, and so, from our perspective, even without level seven awareness, we were solving the networking and security challenges,” said Dadgar. “Part of the challenge is the market doesn’t really have a cohesive definition for a service mesh. Our response was, okay fine, if there’s these critics that say you’re not a full-service mesh with without the level seven capability, let’s go ahead and add the level seven capability and meet that criticism. Now it’s a full-service mesh sort of regardless of whether you think level seven is needed or not.”
Where Consul now pushes the boundaries is with its introduction of Mesh Gateways, which are built using the Envoy proxy and “provide simplified and secure cross-cluster communication without the need to configure a Virtual Private Networking nor create complex routing rules.”
“If you compare it to a lot of the existing things out there, whether Linkerd or Istio, they’re talking about services within one cluster, talking to each other. I think that’s somewhat interesting, but they can kind of already talk to each other within a cluster. That’s not the hard part,” said Dadgar. “The hard part is, they can’t talk outside of the cluster, or between clusters, or between data centers. This really lets you solve those more difficult thorny networking challenges.”
Whether by choice or necessity, Dadgar explained, companies are going multicloud, and those disparate pieces need to be able to communicate with each other in a secure and seamless manner. Mesh Gateway, he said, solves that emerging problem where others fail.
“At a high level, the use case of the problem we’re trying to solve is really one of the network complexities. If I have two Kubernetes clusters within one data center, how do they talk to each other easily? Mesh Gateways gives us a really easy answer. You can run one Mesh Gateway for each of these clusters, and this allows us to seamlessly have traffic go between them, even though they might not be networked in a way that would work at a pure IP level,” said Dadgar. “I can have a Kubernetes cluster on-prem and off-prem, or in different data centers, or I could have one side of this be Kubernetes, a different side of this be VM-based applications. There’s an endless number of permutations. The reality is that customers exist in this world of endless computation. That’s been one of the biggest challenges we see with multicloud — the networking. Mesh Gateways lets us dramatically simplify it.”
Consul 1.6 is currently available in beta, with general availability expected for later this summer.
