Tencent Cloud Mesh provides industry-leading service-oriented mesh support capabilities to flexibly meet the operations controllability and availability of the mesh control plane and guarantee mesh lifecycle management. It supports canary upgrades and provides consistent Istio CRD forwarding management capabilities across clusters, to reduce operations and use costs.
Long-term in-depth optimization is made on the user state and kernel state to provide high-performance data-plane Envoy versions and support the eBPF traffic-hijacking forwarding mode, thereby reducing CPU overhead by 15% to 20% and P99 latency by 20% to 40%.
Tencent Cloud Mesh offers enhanced data plane Ops and Ingress Gateway capabilities. It supports various management features (such as sidecar status monitoring and hot upgrade), SSL/certificate, and Ingress API. Moreover, it enhances mesh telemetry data computing and output to optimize the resource utilization.
Tencent Cloud Mesh can dynamically discover services added to and removed from K8s clusters and support VM load registration to manage multi-cluster heterogeneous applications. It manages dashboard mesh resources, components, and configurations in a unified manner. In addition, its telemetry data aggregation display service enables distributed application traffic scheduling, perception, and analysis.
Tencent Cloud Mesh is seamlessly connected to IaaS services such as VPC, CCN, and CLB, to easily implement cross-cluster/VPC/region networking and traffic access. It is integrated with Cloud Monitor, Prometheus, Cloud Log Service, and other products to provide out-of-the-box observation capabilities.
Tencent Cloud Mesh is fully compatible with native Istio & Envoy APIs and keeps pace with community version updates. Tencent's internal Service Mesh open-source collaborative support platform collaboratively outputs internal co-construction capabilities to contribute to customers and communities.
Based on north-south and east-west traffic control capabilities of Tencent Cloud Mesh, without the need for awareness of service transformation, you can easily control online and offline publishing at the service and API levels, version definition/canary release, characteristic routing, and load balancing policies, and improve the efficiency and controllability of publishing updates.
Non-intrusive acquisition of metric, trace, and access log telemetry data for application communication supports construction of multi-level observation capabilities. The capabilities cover real-time monitoring of the application communication performance, full-link call and tracing and link analysis, downstream analysis of traffic access and backtracking of proxy forwarding and access behaviors, and quantification of the application communication performance and quality.
Tencent Cloud Mesh improves the availability of the application communication and application architecture, uses mechanisms such as retry, timeout, connection pool management, health check, and rate limiting to control and ensure communication fault tolerance between applications. In a distributed application deployment architecture in an intra-city active-active or two-city three-center scenario, through region/fault-aware scheduling capabilities, automatic failover and controllable distributed multi-cluster traffic scheduling are realized, and three-level (that is, DNS, Ingress, and Service) disaster recovery management is flexibly realized.
With a service-based authentication and authorization mechanism, in a containerized dynamic IP scenario, controllable service authentication and access control management is realized. Tencent Cloud Mesh supports JWT request-based authentication, automatic mTLS for zero trust networking, and access permission restriction based on identities and traffic characteristics.