All Products
Search
Document Center

Alibaba Cloud Service Mesh:Features

Last Updated:Sep 14, 2024

Service Mesh (ASM) provides the following editions that support different features and capabilities: Standard Edition, Enterprise Edition, and Ultimate Edition. Standard Edition is free of charge, and the other editions are commercial editions. This topic describes the features supported by different ASM editions.

Note

Compared with Standard Edition, Enterprise Edition and Ultimate Edition support more protocols, enhance dynamic extension capabilities, provide fine-grained service governance, and improve the zero-trust security system. In addition, Enterprise Edition and Ultimate Edition enhance performance, provide better support for large-scale clusters, and simplify the use of ASM instances in production environments. Enterprise Edition and Ultimate Edition are applicable to scenarios in which you require cross-language interoperability and fine-grained service governance and want to apply the service mesh technology in production environments on a large scale. For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance. For more information about ASM editions, see Announcement on the launch of commercial editions.

Features supported on the ASM control plane

Mesh management

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Full lifecycle management of ASM instances such as instance deployment and upgrade management in the ASM console

错

对

对

对

Support for Container Service for Kubernetes (ACK) clusters (including ACK managed clusters and ACK dedicated clusters) of all compatible Kubernetes versions and the ACK on ECI mode

错

对

对

对

Support for Container Compute Service (ACS) clusters

错

错

对

对

Support for ACK Serverless clusters of all compatible Kubernetes versions

错

错

对

对

Support for registered external Kubernetes clusters

错

错

对

对

Support for ACK edge clusters

错

错

对

对

Support for multi-cluster deployment across virtual private clouds (VPCs) and regions in production environments

错

错

对

对

Supported operating systems

Alibaba Cloud Linux 2

Alibaba Cloud Linux 2

Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

Automatic diagnostics of mesh configuration issues

Partially supported

对

对

对

Rollback of Istio resources to an earlier version

错

对

对

对

Support for Kubernetes clusters on the data plane to access Istio resources by using the Kubernetes API in multi-cluster mode

错

错

对

对

Management of data plane components

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Configurations of sidecar proxies at global, namespace, and workload levels

Partially supported

对

对

对

Configuration of the sidecar injector in the console

错

对

对

对

Support for Container Network Interface (CNI) plug-ins in ACK clusters

错

错

对

对

ASM gateway management

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Full lifecycle management of ASM gateways such as creation, upgrades, deletion, and configuration updates of an ASM gateway

错

对

对

对

Route management in the console

错

错

对

对

Advanced features, such as graceful shutdown, horizontal pod autoscaling (HPA), upgrades without service disruption, and Transport Layer Security (TLS) acceleration

错

错

对

对

Integration of envoy.ext_authz, which allows customers to configure custom authorization services in the console

错

错

对

对

Integration with the OpenID Connect (OIDC) based single sign-on (SSO) feature

错

错

对

对

Integration with the throttling and circuit breaking features

错

错

对

对

Certificate management

错

错

对

对

Integration with observability features

错

对

对

对

High availability

错

错

对

对

Traffic management

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Compatibility with the concepts of VirtualService, DestinationRule, and Gateway defined in open source Istio

对

对

对

对

Configuration of traffic routing rules in the console

错

对

对

对

Local throttling

Partially supported

Partially supported

对

对

Support for Spring Cloud services

错

错

对

对

Graceful start and shutdown of services

错

错

对

对

Traffic lane and traffic labeling

错

错

对

对

Route-level circuit breaking

错

错

对

对

Intra-zone Provider First

对

对

对

对

Warm-up

对

对

对

对

Traffic management based on services

错

错

对

对

Layer 7 load balancing of east-west gateways

错

错

对

对

Observability management

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Visual service mesh topology for easy analysis

Partially supported

Partially supported

对

对

Integration with a self-managed Prometheus service

Partially supported. The self-managed Prometheus service must be independently deployed.

对

对

对

Integration with Application Real-Time Monitoring Service (ARMS) of Alibaba Cloud

错

对

对

对

Integration with Simple Log Service

错

对

对

对

Custom metrics

Partially supported

Partially supported

对

对

Enhanced built-in common dashboards

错

对

对

对

Service level objective (SLO) policies

错

错

对

对

SLO-driven application scaling

错

错

对

对

Security management

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Integration with the Resource Access Management (RAM) system to support various features such as RAM authorization

错

对

对

对

Configuration of security policies in the console

错

对

对

对

Easy configuration of security policies based on scenarios (support for OIDC-based SSO and JWT-based authentication)

错

错

对

对

Fine-grained access control by using the Open Policy Agent (OPA) policy engine

错

错

对

对

OpenAPI operation audit

错

对

对

对

Kubernetes API operation audit

错

对

对

对

Integration with the authorization system for Alibaba Cloud accounts

错

对

对

对

Trial run of ASM authorization policies

对

对

对

对

Scalability and ecosystem integration

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Plug-in marketplace

错

错

对

对

Compatibility between Envoy filters and multiple API versions

错

错

对

对

Connect to third-party service registries

错

错

对

对

Integration with the cloud-native inference service KServe

错

错

对

对

Best practices for application release with Argo CD, Argo Rollouts, and KubeVela

错

错

对

对

Support for Terraform

错

对

对

对

Performance optimization and best practices

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

TLS acceleration by using Multi-Buffer

错

错

对

对

Configuration of the selective service discovery feature in the console

错

错

对

对

Automatic recommendation of sidecars based on access log analysis

错

错

对

对

Performance optimization by using Node Feature Discovery (NFD) to detect hardware and software capabilities, such as the support for Advanced Vector Extensions (AVX) and QuickAssist Technology (QAT) acceleration

错

错

对

对

Best practices that include standardized service definitions and optimized parameter configurations

错

错

对

对

Stability and supported scale

Feature

Open source edition

Standard Edition

Enterprise Edition

Ultimate Edition

Supported scale on the data plane

We recommend that you use this edition only for development and testing purposes.

50 Pod

1000 Pod

10000 Pod

Managed Istiod components on the control plane

-

Single replica

Multiple replicas

Multiple replicas

Note

Take note of the following considerations for supported scale on the data plane in Standard Edition:

  • This edition is suitable only for development and testing purposes.

  • To ensure cluster stability, ASM checks the number of pods in clusters on the data plane before an upgrade. If the number of pods exceeds the limit, you must change the edition of the ASM instance before the upgrade. Otherwise, your business may be affected. For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance.

    ASM calculates the number of pods based on the namespaces that are detected during service discovery and automatically excludes the following system namespaces: istio-system, arms-prom, kube-node-lease, kube-public, and kube-system.

References for features of ASM commercial editions

Feature

References

Mesh management

Enable Multi-Buffer for TLS acceleration

ASM gateways

Traffic management