2018-06-11 22:59:00 +00:00
---
description: |-
2019-07-08 14:12:42 +00:00
Consul is a service networking solution to connect and secure services across
any runtime platform and public or private cloud
2018-06-11 22:59:00 +00:00
---
<div class='consul-connect'>
<section class='g-hero'>
2019-07-08 14:12:42 +00:00
<h1>Service Mesh made easy</h1>
<p>Service discovery, identity-based authorization, and L7 traffic management abstracted from application code with proxies in the service mesh pattern</p>
2018-06-15 22:49:09 +00:00
<div>
2018-06-23 18:08:22 +00:00
<a href="/downloads.html" class="g-btn download">
2018-06-15 22:49:09 +00:00
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="22" viewBox="0 0 20 22">
<path d="M9.292 15.706a1 1 0 0 0 1.416 0l3.999-3.999a1 1 0 1 0-1.414-1.414L11 12.586V1a1 1 0 1 0-2 0v11.586l-2.293-2.293a1 1 0 1 0-1.414 1.414l3.999 3.999zM20 16v3c0 1.654-1.346 3-3 3H3c-1.654 0-3-1.346-3-3v-3a1 1 0 1 1 2 0v3c0 .551.448 1 1 1h14c.552 0 1-.449 1-1v-3a1 1 0 1 1 2 0z"/>
</svg>
Download
</a>
2019-07-09 03:55:58 +00:00
<a href="/docs/connect/index.html" class="g-btn dark-outline">Explore Docs</a>
2018-06-15 22:49:09 +00:00
</div>
2018-06-11 22:59:00 +00:00
</section>
<section class='g-section'>
<div class='g-container'>
<div class='g-timeline no-intro'>
<div>
2018-06-18 16:53:06 +00:00
<span class='line'></span>
<span class='line'>
<svg xmlns="http://www.w3.org/2000/svg" width="11" height="15" viewBox="0 0 11 15">
<path fill="#CA2171" d="M0 0v15l5.499-3.751L11 7.5 5.499 3.749.002 0z"/>
</svg>
</span>
2018-06-11 22:59:00 +00:00
<span class='dot'></span>
<h3>The Challenge</h3>
2019-07-08 14:12:42 +00:00
<span class='sub-heading'>Network appliances, like load balancers or firewalls with manual processes, don't scale in dynamic settings to support modern applications.</span>
2018-06-19 22:48:56 +00:00
<div id='segmentation-challenge-animation' class='g-animation-block'>
<%= inline_svg 'consul-connect/svgs/segmentation-challenge.svg' %>
</div>
2018-06-22 18:21:15 +00:00
<p>East-west firewalls use IP-based rules to secure ingress and
egress traffic. But in a dynamic world where services move across
machines and machines are frequently created and destroyed, this
perimeter-based approach is difficult to scale as it results in
complex network topologies and a sprawl of short-lived
2019-07-08 14:12:42 +00:00
firewall rules and proxy configuration.</p>
2018-06-11 22:59:00 +00:00
</div>
<div>
<span class='dot'></span>
<h3>The Solution</h3>
2019-07-08 14:12:42 +00:00
<span class='sub-heading'>Service mesh as an automated and distributed approach to networking and security that can operate across platforms and private and public cloud</span>
2018-06-19 22:48:56 +00:00
<div id='segmentation-solution-animation' class='g-animation-block'>
<%= inline_svg 'consul-connect/svgs/segmentation-solution.svg' %>
</div>
2019-07-08 14:12:42 +00:00
<p>Service mesh is a new approach to secure the service itself
rather than relying on the network. Consul uses centrally
managed service policies and configuration to enable
2019-08-21 21:35:11 +00:00
dynamic routing and security based on service identity.
2019-07-08 14:12:42 +00:00
These policies scale across datacenters and large fleets
without IP-based rules or networking middleware.</p>
2018-06-11 22:59:00 +00:00
</div>
</div>
</div>
</section>
<section class='g-section border-top'>
<div class='g-container'>
<div class='intro'>
<h2>Features</h2>
</div>
2019-07-08 14:12:42 +00:00
<div class='g-text-asset reverse'>
<div>
<div>
<h3>Layer 7 Traffic Management</h3>
<p>Service-to-service communication policy at Layer 7 can be managed centrally, enabling advanced traffic management patterns such as service failover, path-based routing, and traffic shifting that can be applied across public and private clouds, platforms, and networks.</p>
<p>
2019-07-09 03:51:23 +00:00
<a class="learn-more" href='/docs/connect/l7-traffic-management.html'>Learn more<svg xmlns="http://www.w3.org/2000/svg" width="6" height="10" viewBox="0 0 6 10"><g fill="none" fill-rule="evenodd" transform="translate(-6 -3)"><mask id="a" fill="#fff"><path d="M7.138 3.529a.666.666 0 1 0-.942.942l3.528 3.53-3.529 3.528a.666.666 0 1 0 .943.943l4-4a.666.666 0 0 0 0-.943l-4-4z"/></mask><g fill="#1563FF" mask="url(#a)"><path d="M0 0h16v16H0z"/></g></g></svg></a>
2019-07-08 14:12:42 +00:00
</p>
</div>
</div>
<div class='code-sample'>
<div>
<span></span>
<div class='code'><code>
Kind = <code class="keyword">"service-splitter"</code>
Name = <code class="keyword">"billing-api"</code>
Splits = [
{
Weight = 10
ServiceSubset = <code class="keyword">"v2"</code>
},
{
Weight = 90
ServiceSubset = <code class="keyword">"v1"</code>
},
]</code>
</div>
</div>
</div>
</div>
</div>
</section>
<section class='g-section border-top'>
<div class='g-container'>
2018-06-13 20:45:19 +00:00
<div class='g-text-asset large'>
2018-06-11 22:59:00 +00:00
<div>
<div>
2019-07-08 14:12:42 +00:00
<h3>Layer 7 Observability</h3>
<p>Centrally managed service observability at Layer 7 including detailed metrics on all service-to-service communication such as connections, bytes transferred, retries, timeouts, open circuits, and request rates, response codes.</p>
2018-06-11 22:59:00 +00:00
<p>
2019-07-09 03:51:23 +00:00
<a class="learn-more" href='/docs/connect/observability.html'>Learn more<svg xmlns="http://www.w3.org/2000/svg" width="6" height="10" viewBox="0 0 6 10"><g fill="none" fill-rule="evenodd" transform="translate(-6 -3)"><mask id="a" fill="#fff"><path d="M7.138 3.529a.666.666 0 1 0-.942.942l3.528 3.53-3.529 3.528a.666.666 0 1 0 .943.943l4-4a.666.666 0 0 0 0-.943l-4-4z"/></mask><g fill="#1563FF" mask="url(#a)"><path d="M0 0h16v16H0z"/></g></g></svg></a>
2018-06-11 22:59:00 +00:00
</p>
</div>
</div>
2018-06-13 20:45:19 +00:00
<div>
2018-06-28 18:43:13 +00:00
<picture>
2019-07-08 14:12:42 +00:00
<source type="image/png" srcset="
/assets/images/consul-connect/mesh-observability/metrics_300.png 300w,
/assets/images/consul-connect/mesh-observability/metrics_976.png 976w,
/assets/images/consul-connect/mesh-observability/metrics_1200.png 1200w" />
<img src='/assets/images/consul-connect/mesh-observability/metrics_1200.png' alt='Metrics dashboard'>
</source>
2018-06-28 18:43:13 +00:00
</picture>
2018-06-13 20:45:19 +00:00
</div>
2018-06-11 22:59:00 +00:00
</div>
</div>
</section>
<section class='g-section border-top'>
<div class='g-container'>
2018-06-13 20:45:19 +00:00
<div class='g-text-asset reverse'>
2018-06-11 22:59:00 +00:00
<div>
<div>
<h3>Secure services across any runtime platform</h3>
<p>Secure communication between legacy and modern workloads. Sidecar proxies allow applications to be integrated without code changes and Layer 4 support provides nearly universal protocol compatibility.</p>
<p>
2018-06-22 18:21:15 +00:00
<a class="learn-more" href='/docs/connect/proxies.html'>Learn more<svg xmlns="http://www.w3.org/2000/svg" width="6" height="10" viewBox="0 0 6 10"><g fill="none" fill-rule="evenodd" transform="translate(-6 -3)"><mask id="a" fill="#fff"><path d="M7.138 3.529a.666.666 0 1 0-.942.942l3.528 3.53-3.529 3.528a.666.666 0 1 0 .943.943l4-4a.666.666 0 0 0 0-.943l-4-4z"/></mask><g fill="#1563FF" mask="url(#a)"><path d="M0 0h16v16H0z"/></g></g></svg></a>
2018-06-11 22:59:00 +00:00
</p>
</div>
</div>
2018-06-25 17:59:58 +00:00
<div>
2018-06-28 18:43:13 +00:00
<picture>
<source type="image/webp" srcset="
/assets/images/consul-connect/grid_3/grid_3_300.webp 300w,
/assets/images/consul-connect/grid_3/grid_3_976.webp 976w,
/assets/images/consul-connect/grid_3/grid_3_1256.webp 1256w" />
<source type="image/png" srcset="
/assets/images/consul-connect/grid_3/grid_3_300.png 300w,
/assets/images/consul-connect/grid_3/grid_3_976.png 976w,
/assets/images/consul-connect/grid_3/grid_3_1256.png 1256w" />
<img src='/assets/images/consul-connect/grid_3/grid_3_1256.png' alt='Secure services across any runtime platform'>
</picture>
2018-06-13 20:45:19 +00:00
</div>
2018-06-11 22:59:00 +00:00
</div>
</div>
</section>
<section class='g-section border-top'>
<div class='g-container'>
2018-06-13 20:45:19 +00:00
<div class='g-text-asset'>
2018-06-11 22:59:00 +00:00
<div>
<div>
<h3>Certificate-Based Service Identity</h3>
<p>TLS certificates are used to identify services and secure communications. Certificates use the SPIFFE format for interoperability with other platforms. Consul can be a certificate authority to simplify deployment, or integrate with external signing authorities like Vault.</p>
<p>
2018-06-22 18:21:15 +00:00
<a class="learn-more" href='/docs/connect/ca.html'>Learn more<svg xmlns="http://www.w3.org/2000/svg" width="6" height="10" viewBox="0 0 6 10"><g fill="none" fill-rule="evenodd" transform="translate(-6 -3)"><mask id="a" fill="#fff"><path d="M7.138 3.529a.666.666 0 1 0-.942.942l3.528 3.53-3.529 3.528a.666.666 0 1 0 .943.943l4-4a.666.666 0 0 0 0-.943l-4-4z"/></mask><g fill="#1563FF" mask="url(#a)"><path d="M0 0h16v16H0z"/></g></g></svg></a>
2018-06-11 22:59:00 +00:00
</p>
</div>
</div>
2018-06-13 20:45:19 +00:00
<div class='logos'>
<div>
<img src='/assets/images/consul-connect/logos/vault.png' alt='Vault'>
<img src='/assets/images/consul-connect/logos/spiffe.png' alt='Spiffe'>
</div>
</div>
2018-06-11 22:59:00 +00:00
</div>
</div>
</section>
<section class='g-section border-top'>
<div class='g-container'>
2018-06-13 20:45:19 +00:00
<div class='g-text-asset reverse'>
2018-06-11 22:59:00 +00:00
<div>
<div>
<h3>Encrypted communication</h3>
2018-06-30 01:05:42 +00:00
<p>All traffic between services is encrypted and authenticated with mutual TLS. Using TLS provides a strong guarantee of the identity of services communicating, and ensures all data in transit is encrypted.</p>
2018-06-11 22:59:00 +00:00
<p>
2018-06-22 18:21:15 +00:00
<a class="learn-more" href='/docs/connect/security.html'>Learn more<svg xmlns="http://www.w3.org/2000/svg" width="6" height="10" viewBox="0 0 6 10"><g fill="none" fill-rule="evenodd" transform="translate(-6 -3)"><mask id="a" fill="#fff"><path d="M7.138 3.529a.666.666 0 1 0-.942.942l3.528 3.53-3.529 3.528a.666.666 0 1 0 .943.943l4-4a.666.666 0 0 0 0-.943l-4-4z"/></mask><g fill="#1563FF" mask="url(#a)"><path d="M0 0h16v16H0z"/></g></g></svg></a>
2018-06-11 22:59:00 +00:00
</p>
</div>
</div>
2018-06-13 20:45:19 +00:00
<div class='code-sample'>
<div>
2018-06-15 17:51:45 +00:00
<span></span>
2018-06-25 17:55:47 +00:00
<div class='code'><code>$ consul connect proxy -service web \
-service-addr 127.0.0.1:8000
-listen <code class="keyword">10.0.1.109:7200</code>
==> Consul Connect proxy starting...
Configuration mode: Flags
Service: web
Public listener: <code class="keyword">10.0.1.109:7200</code> => 127.0.0.1:8000
...
$ tshark -V \
-Y "ssl.handshake.certificate" \
-O "ssl" \
-f <code class="keyword">"dst port 7200"</code>
Frame 39: 899 bytes on wire (7192 bits), 899 bytes captured (7192 bits) on interface 0
Internet Protocol Version 4, Src: 10.0.1.110, Dst: <code class="keyword">10.0.1.109</code>
Transmission Control Protocol, Src Port: 61918, Dst Port: 7200, Seq: 136, Ack: 916, Len: 843
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Version: TLS 1.2 (0x0303)
Handshake Protocol: Certificate
RDNSequence item: 1 item (id-at-commonName=<code class="keyword">Consul CA 7</code>)
RelativeDistinguishedName item (id-at-commonName=<code class="keyword">Consul CA 7</code>)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: <code class="keyword">Consul CA 7</code></code>
2018-06-13 20:45:19 +00:00
</div>
</div>
</div>
2018-06-11 22:59:00 +00:00
</div>
</div>
</section>
2019-07-08 14:12:42 +00:00
<section class='g-section border-top'>
<div class='g-container'>
<div class='g-text-asset'>
<div>
<div>
<h3>Mesh Gateway</h3>
<p>Connect between different cloud regions, VPCs and between overlay and underlay networks without complex network tunnels and NAT. Mesh Gateways solve routing at TLS layer while preserving end-to-end encryption and limiting attack surface area at the edge of each network.</p>
<p>
2019-07-09 03:51:23 +00:00
<a class="learn-more" href='/docs/connect/mesh_gateway.html'>Learn more<svg xmlns="http://www.w3.org/2000/svg" width="6" height="10" viewBox="0 0 6 10"><g fill="none" fill-rule="evenodd" transform="translate(-6 -3)"><mask id="a" fill="#fff"><path d="M7.138 3.529a.666.666 0 1 0-.942.942l3.528 3.53-3.529 3.528a.666.666 0 1 0 .943.943l4-4a.666.666 0 0 0 0-.943l-4-4z"/></mask><g fill="#1563FF" mask="url(#a)"><path d="M0 0h16v16H0z"/></g></g></svg></a>
2019-07-08 14:12:42 +00:00
</p>
</div>
</div>
<div>
<picture>
<img src='/assets/images/consul-connect/mesh-gateway/gateway_1200.png' style='width:600px' alt='Mesh gateway diagram'>
</picture>
</div>
</div>
</div>
</section>
2018-06-14 21:16:49 +00:00
<section class='g-section g-cta-section'>
<div>
<h2>Ready to get started?</h2>
2018-11-01 21:44:49 +00:00
<a href="/downloads.html" class="g-btn white download">
2018-06-14 21:16:49 +00:00
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="22" viewBox="0 0 20 22">
<path d="M9.292 15.706a1 1 0 0 0 1.416 0l3.999-3.999a1 1 0 1 0-1.414-1.414L11 12.586V1a1 1 0 1 0-2 0v11.586l-2.293-2.293a1 1 0 1 0-1.414 1.414l3.999 3.999zM20 16v3c0 1.654-1.346 3-3 3H3c-1.654 0-3-1.346-3-3v-3a1 1 0 1 1 2 0v3c0 .551.448 1 1 1h14c.552 0 1-.449 1-1v-3a1 1 0 1 1 2 0z"/>
</svg>
Download
</a>
2019-07-09 03:55:58 +00:00
<a href="https://learn.hashicorp.com/consul/getting-started/connect" class="g-btn white-outline">Try it out</a>
2018-06-14 21:16:49 +00:00
</div>
</section>
2018-06-11 22:59:00 +00:00
</div>