Linkerd vs. Istio is the main event in the battle of service mesh heavyweights. And, pound for pound, underdog Linkerd has held its own against the Google goliath so far.

It's still early for service mesh adoption among mainstream enterprises, many of which still struggle with Kubernetes and containers in production. A microservices infrastructure built on containers is a key precursor to service mesh, a set of network orchestration tools that provide fine-grained control over telemetry, security and network provisioning.

Linkerd, an open source project, was the first service mesh available in 2016, and the revamped Linkerd 2 -- initially dubbed Conduit -- arrived in 2018, with a focus on Kubernetes integration. Another open source project, Istio, was also released in 2018 by powerful backers, such as Google, IBM and Lyft, and soon captured much of the market's attention.

Initially, service mesh was the domain of web-scale companies, such as Netflix and Twitter, but it's headed for mainstream enterprise use.

"The complexities of east-west traffic management are growing for anyone with a reasonably large microservices footprint," said Fintan Ryan, analyst at Gartner. "Service mesh will become essential to microservices, and more people are getting serious about evaluating it."

There are numerous service mesh competitors in the market, with products from HashiCorp, Kong and NGINX, among others. But Linkerd 2 and Istio both focus on integration with Kubernetes. And by virtue of the container orchestration tool's momentum, they are at the center of the service mesh conversation in its early days.

Linkerd vs. Istio: Simplicity vs. versatility Linkerd 2 doesn't yet match Istio's features. Linkerd 2.2, released this week, introduces automatic network request retries and timeouts and moves sidecar proxy auto-injection from an experimental phase to a fully supported feature. Both features were in Istio since its 1.0 release in July 2018. Mutual TLS (mTLS) encryption, a popular application security feature for service mesh early adopters, remains experimental in Linkerd 2.2. Linkerd 2 is also more limited in its ability to perform dynamic tracing, and Linkerd 2's tight integration of the control plane, service discovery and sidecar layers limits configuration choices, compared with what's offered by Istio. But, as IT pros experiment with service mesh deployments, the more significant difference is they've only been able to get one of these utilities to work, even just to kick the tires in test environments. "[Istio] was complex to install, and you need to define external calls," said Jerome Mirc, senior software developer for Expedia Inc., an online travel service provider based in Bellevue, Wash. "It was not very friendly for the developer to know which server they need to be connected to and which port to open." By contrast, Linkerd 2 was simple to install and use for Mirc, who primarily wants to use service mesh for advanced monitoring and telemetry on microservices apps. This also happens to be Linkerd 2's primary focus of development. "Service mesh gives us a real-time view into microservices performance, and we can react quickly instead of waiting for Grafana or Graphite to update, or to check Splunk logs," Mirc said. Linkerd 2 doesn't yet include tracing gRPC traffic on a TCP transport layer, but Mirc said he will try to bridge that gap with another tool. Otherwise, Linkerd 2 meets Mirc's needs for granular microservices monitoring. Another early advantage for Linkerd 2 is its low performance overhead. One published benchmark test showed significantly higher queries-per-second performance on Linkerd vs. Istio, and this has been the anecdotal experience for early service mesh adopters, as well. "Linkerd is very fast for a user space service mesh," said Christian Hüning, systems architect at Figo.io, a fintech startup in Hamburg, Germany, which plans to put Linkerd 2 into production this month alongside its first deployment of Kubernetes. "Its data plane is written in Rust, a very low-level and efficient language, and is decentralized, which avoids bottlenecks with control components." While mTLS officially remains an experimental feature, it already works well for Figo, Hüning added. Istio maintainers acknowledge manageability problems and formed the User Experience Working Group to address those issues. A Google spokesperson said users have reduced performance overhead by as much as 50% when they turned off Istio's Mixer policy feature, under which each sidecar proxy calls out to a centralized Mixer to validate every network call. Linkerd 2.2 UI offers visibility into Kubernetes namespaces.