import CallToAction from '@hashicorp/react-call-to-action' import CodeBlock from '@hashicorp/react-code-block' import BeforeAfterDiagram from '../../components/before-after' export default function ServiceMesh() { return ( <>

Features

Layer 7 Traffic Management

Service-to-service communication policy at Layer 7 can be managed centrally, enabling advanced traffic management patterns such as service failover, path-based routing, and traffic shifting that can be applied across public and private clouds, platforms, and networks.

Learn more

Layer 7 Observability

Centrally managed service observability at Layer 7 including detailed metrics on all service-to-service communication such as connections, bytes transferred, retries, timeouts, open circuits, and request rates, response codes.

Learn more

Metrics dashboard

Secure services across any runtime platform

Secure communication between legacy and modern workloads. Sidecar proxies allow applications to be integrated without code changes and Layer 4 support provides nearly universal protocol compatibility.

Learn more

Secure services across any runtime platform

Certificate-Based Service Identity

TLS certificates are used to identify services and secure communications. Certificates use the SPIFFE format for interoperability with other platforms. Consul can be a certificate authority to simplify deployment, or integrate with external signing authorities like Vault.

Learn more

Vault Spiffe

Encrypted communication

All traffic between services is encrypted and authenticated with mutual TLS. Using TLS provides a strong guarantee of the identity of services communicating, and ensures all data in transit is encrypted.

Learn more

Consul Connect proxy starting... Configuration mode: Flags Service: web Public listener: 10.0.1.109:7200 => 127.0.0.1:8000 ... $ tshark -V \\ -Y "ssl.handshake.certificate" \\ -O "ssl" \\ -f "dst port 7200" Frame 39: 899 bytes on wire (7192 bits), 899 bytes captured (7192 bits) on interface 0 Internet Protocol Version 4, Src: 10.0.1.110, Dst: 10.0.1.109 Transmission Control Protocol, Src Port: 61918, Dst Port: 7200, Seq: 136, Ack: 916, Len: 843 Secure Sockets Layer TLSv1.2 Record Layer: Handshake Protocol: Certificate Version: TLS 1.2 (0x0303) Handshake Protocol: Certificate RDNSequence item: 1 item (id-at-commonName=Consul CA 7) RelativeDistinguishedName item (id-at-commonName=Consul CA 7) Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Consul CA 7 `} />

Mesh Gateway

Connect between different cloud regions, VPCs and between overlay and underlay networks without complex network tunnels and NAT. Mesh Gateways solve routing at TLS layer while preserving end-to-end encryption and limiting attack surface area at the edge of each network.

Learn more

Mesh gateway diagram

Ready to get started?

Download Explore docs
) }