Help Center/ Ubiquitous Cloud Native Service/ User Guide/ Service Mesh/ Service Mesh Management/ Service Mesh Proxies
Updated on 2025-04-25 GMT+08:00
View PDF
Share

Service Mesh Proxies

Overview

  • sidecar-proxy

    A proxy will be installed on the sidecar of each pod in the service mesh. iptables rules are configured for the network namespace of each pod to redirect the ingress traffic to and egress traffic from application services to the Envoy on the node for traffic routing.

    Figure 1 sidecar-proxy
  • node-proxy

    A proxy will be installed on each node of a cluster added to the service mesh. iptables rules are configured on each node to redirect the ingress traffic to and egress traffic from application services to the Envoy on the node for traffic routing.

    Figure 2 node-proxy

Proxy Mode Comparison

Table 1 Proxy mode comparison

Proxy Mode

Features

sidecar-proxy
  • iptables rules used for independent network namespaces do not affect each other.
  • High resource usage

node-proxy
  • Low resource usage
  • Improved CPU utilization
  • Optimized network connection and improved performance
  • High availability (coming soon)
Parent topic: Service Mesh Management