Type | ALB | MSE | ASM | Kourier |
Product positioning | Focus on workloads at the application layer. ALB Ingresses provide Layer 7 load balancing and are deeply integrated with containerization technologies. ALB Ingresses support HTTP, HTTPS, and QUIC and are suitable for auto scaling and heavy traffic scenarios. ALB Ingresses provide various release policies, including canary release, A/B testing, and blue-green deployment. You can use ALB Ingresses with Web Application Firewall (WAF), Function Compute, PrivateLinks, and transit routers.
| MSE Ingresses can serve as traditional traffic gateways, microservices gateways, and security gateways. You can use features such as hardware acceleration, WAF local protection, and the WebAssembly plug-in marketplace to build high-performance, highly-scalable, and easy-to-integrate cloud-native Ingresses that support hot updates. MSE Ingresses provide traffic management and advanced routing features at Layer 7. MSE Ingresses provide multiple service discovery modes and service release policies, including canary release, A/B testing, blue-green deployment, and traffic distribution based on a custom ratio. MSE Ingresses are intended for workloads at the application layer. MSE Ingresses are deeply integrated with containerization technologies and can directly forward traffic to the IP addresses of backend pods.
| ASM provides a fully-managed service mesh platform and is compatible with open source Istio. ASM Ingresses can simplify inter-service traffic routing, splitting, and management and provide authentication and mesh observability for service communication to greatly reduce your development and O&M work. | Kourier Ingresses are lightweight Ingresses developed based on Envoy for Knative Serving. Kourier Ingresses provide routing and service discovery capabilities. |
Architecture | | MSE Ingresses are developed based on the open source Higress project, where Istio serves as the control plane and Envoy serves as the data plane. For more information about Higress, see Higress. MSE Ingresses are exclusive to users.
| The Istio control plane consists of fully-managed components and is compatible with open source Istio. Each ASM instance can serve applications deployed in multiple Kubernetes clusters or applications that run in Elastic Container Instance-based pods.
| |
Basic routing | Support routing based on content and source IP addresses. Support HTTP request header rewrite, redirect, throttling, cross-origin resource sharing (CORS), and session persistence. Support forwarding rules in the inbound and outbound directions.
| Support content-based routing. Support HTTP request header rewrite, redirect, throttling, cross-origin resource sharing (CORS), timeouts, and retries. Provide multiple load balancing modes, including round-robin, random, least connections, consistent hashing, and prefetching. Support thousands of Ingress rules.
| Support custom traffic routing rules. Support traffic management between applications in different Kubernetes clusters. Provide fine-grained traffic management. Provide out-of-the-box chaos engineering capabilities.
| |
O&M | Fully-managed O&M and zero configuration. Support auto scaling and provide ultra-large capacities. Support auto scaling to withstand traffic spikes.
| Fully-managed and O&M-free. | Install, deploy, and update with a few clicks. Fully-managed control plane components. Allow you to focus on the development of business applications. Comply with the specifications of open source Istio.
| You need to manually maintain components. Allow you to configure Horizontal Pod Autoscaling (HPA). Allow you to specify computing resource specifications for optimization.
|
Performance | Support one million QPS per instance. Support tens of millions of connections per instance. Use SSL hardware for acceleration by default.
| When the CPU utilization reaches 30% to 40%, the transactions per second (TPS) of MSE Ingresses is about 90% higher than the TPS of open source NGINX Ingresses. HTTPS service performance is improved by 80% after hardware acceleration is enabled.
| Support cross-region deployment, nearby access, and DNS intelligent resolution. Domain names are resolved to IP addresses that are closest to the clients. Access ASM Ingresses through Classic Load Balancer (CLB) instances. ASM Ingresses of TLS Acceleration Edition can accelerate HTTPS requests based on the Intel MultiBuffer technology to improve the QPS by 80%.
| Require manual tuning to optimize performance. |
Supported mainstream protocols | Support HTTP, HTTPS, QUIC, WebSocket, WSS, and gRPC. | Support HTTP, HTTPS, HTTP 3.0, WebSocket, and gRPC. Support HTTP and redirects from HTTPS to Dubbo.
| Support HTTPS and dynamic certificate loading. Allow you to access internal gPRC services through Ingress Ingresses and switch traffic between two gRPC versions. Support transcoding HTTP/JSON to gRPC, which allows you to use HTTP/JSON to access gRPC services in ASM. Allow you to access WebSocket services in ASM through Ingress Ingresses.
| Support HTTP, HTTPS, and gRPC. |
Observability | Support access log collection and metric collection. Allow you to view and analyze access logs in Simple Log Service. Allow you to view and analyze metrics in CloudMonitor. Support alerting. Allow you to view and analyze alerts in CloudMonitor.
| Support access log collection and allow you to view access logs in Simple Log Service and Managed Service for Prometheus. Allow you to configure monitoring and alerting in Managed Service for Prometheus. Support tracing and integration with Tracing Analysis and Apache SkyWalking.
| Support visualized mesh topology and topology analysis. Support integration with self-managed Prometheus systems. Support integration with Application Real-Time Monitoring Service (ARMS). Support integration with Simple Log Service. Support custom metrics. Support service-level objectives (SLOs).
| Support access log collection. |