Service Mesh

Oracle Cloud Infrastructure (OCI) Service Mesh is a free, Oracle-managed service that simplifies the development and operation of cloud native applications. It enables security, observability, and network traffic management—without requiring application changes. OCI Service Mesh automatically encrypts all communications between microservices and collects telemetry, metrics, and logs for application performance and health monitoring.

Benefits of Service Mesh

Zero trust security

OCI Service Mesh uses identities and encryption for all communication between mutually authenticated microservices, together with permission checks imposed by policies. It assists in the automated and declarative implementation of a zero trust security architecture.

Microservices access control

OCI Service Mesh decouples network and security configurations from the Kubernetes configuration, application code, and microservices framework or tooling. This enables developers to actively secure and connect microservices and debug them as necessary.

End-to-end visibility

OCI Service Mesh automatically captures a variety of network and microservice metrics and logs. These metrics and logs provide information about failures, latency, and traffic volume, which the application team can use to monitor the application’s overall health.

Dynamic traffic control

OCI Service Mesh captures all traffic between microservices and provides centralized application traffic control. Using mesh virtual resources, developers can abstract communication between microservices to easily support canary deployments and A/B tests.

Service Mesh features

Microservice-to-microservice authentication and encryption

For security, OCI Service Mesh encrypts and mutually authenticates all microservice-to-microservice communication by default. Clients outside the mesh cannot call microservices directly; they must use the ingress gateway.

Access policies for microservice traffic

Access policies define how microservices can communicate with one another declaratively, without affecting the underlying programming logic. By default, all communication is off, and the application team must allow any microservice-to-microservice communication that the application requires to function properly.


Microservice metrics

OCI Service Mesh's default setting is to emit telemetry data, such as latency, HTTP errors, and requests, from all microservices in the mesh. Using Prometheus, the de facto standard tool for cloud native monitoring, the application team may gather metrics that track the health of the microservices in the mesh and use them to improve the performance of those microservices.

Microservice access logging

By default, the proxy writes logs to the standard output of sidecar containers. Through integration with OCI Logging, the OCI Service Mesh automatically collects and centralizes access logs generated by requests across all microservices for further issue analysis.


Microservice traffic management

Traffic routing rules govern all intermicroservice network traffic and calls between microservices within the mesh. Setting rules in the virtual service routing table divides traffic among different microservice versions. This allows for A/B testing, applying a different load balancing policy to traffic for a specific subset of microservice instances, and performing canary deployments to accelerate deployments with minimal microservice interruption.

Ingress traffic management

The ingress gateway routes traffic from external clients to the cluster's microservices using a set of rules. For exposing multiple hostnames, the ingress gateway allows wildcard hostnames in the prefix form, which is useful when exposing several domains. Service Mesh automatically captures insights from metrics and logs for all incoming traffic—as it does for intermicroservice communication.


Service Mesh use cases


Monitoring

Easily secure, monitor, connect, and expose cloud native applications.


Security

Comply with regulatory requirements by encrypting data in transit within a mesh network.


Deployment

Use traffic splitting or A/B testing for faster and more reliable deployment of microservices.


Communication

Control how microservices communicate with each other, and implement a zero trust model.

Oracle Cloud Infrastructure Service Mesh pricing

There are no charges for using OCI Service Mesh. Customers only pay for the infrastructure required to run the proxy component that runs alongside the application.

Related products

Oracle Container Engine for Kubernetes (OKE)

Highly available container orchestration

Oracle API Gateway

Securely expose an application’s APIs at-scale

DevOps

Automation for the software development lifecycle (SDLC)

Observability and Management

Visibility and actionable insights to ease management

Get started now

Try 20+ Always Free cloud services, with a 30-day trial for even more

Oracle offers a Free Tier with no time limits on more than 20 services such as Compute, Storage, and Autonomous Database, as well as US$300 in free credits to try additional cloud services. Get the details and sign up for your free account today.

  • What’s included with Oracle Cloud Free Tier?

    • AMD and Arm Compute VMs
    • 200 GB total block storage
    • 10 GB object storage
    • 2 Autonomous Databases, 20 GB each
    • 10 TB outbound data transfer per month
    • 10+ more Always Free services
    • US$300 in free credits for 30 days for even more

Learn with a hands-on lab

The best way to learn is to try it yourself. Use our tutorials and hands-on labs with the Oracle Cloud Free Tier, your own Oracle Cloud tenancy, or for selected solutions in an Oracle-provided free lab environment.

  • Deploy HA Applications Using Load Balancers

    In this lab you will deploy web servers on two compute instances in Oracle Cloud Infrastructure (OCI), configured in High Availability mode by using a Load Balancer.

    Start this lab now

  • Get started with OCI Core Services

    Explore basic OCI services, including Compute, Networking, and Storage.

    Start this lab now

  • Deploy Oracle Container Engine for Kubernetes

    In this lab you will deploy a Container Engine for Kubernetes cluster, connect to it, and run a sample application using OCI CLI.

    Start this lab now

  • Migrate Tomcat Java Applications to OCI

    Explore how to migrate Tomcat to Oracle Cloud Infrastructure and connect to an Autonomous Database.

    Start this lab now

Explore more than 150 best-practice designs

See how our architects and other customers deploy a wide range of workloads, from enterprise apps to HPC, from microservices to data lakes. Understand the best practices, hear from other customer architects in our Built & Deployed series, and even deploy many workloads with our "click to deploy" capability—or do it yourself from our GitHub repo.

Popular architectures

  • Apache Tomcat with MySQL Database Service
  • Oracle Weblogic on Kubernetes with Jenkins
  • Machine learning (ML) and AI environments
  • Tomcat on Arm with Oracle Autonomous Database
  • Log analysis with ELK Stack
  • HPC with OpenFOAM

See how much you can save with OCI

Oracle Cloud pricing is simple, with consistent low pricing worldwide, supporting a wide range of use cases. To estimate your low rate, check out the cost estimator and configure the services to suit your needs.

Experience the difference

  • 1/4 the outbound bandwidth costs
  • 3X the compute price-performance
  • Same low price in every region
  • Low pricing without long term commitments

Contact sales

Interested in learning more about Oracle Cloud Infrastructure? Let one of our experts help.

  • They can answer questions such as

    • How do I get started with Oracle Cloud?
    • What kinds of workloads can I run on OCI?
    • What types of services does OCI offer?