Service Mesh Traffic Simulator

Visualize how service mesh proxies handle traffic between microservices. Learn mTLS, traffic splitting, retries, circuit breakers, and explore Istio and Linkerd patterns.

This interactive simulator requires JavaScript to run. Please enable JavaScript in your browser to use this tool.

// simulator

Service Mesh Traffic Simulator

Visualize how service mesh proxies handle traffic between microservices. Learn mTLS, traffic splitting, retries, circuit breakers, and explore Istio and Linkerd patterns.

Supported by

|Become a sponsor

Learn how service meshes solve real production problems through interactive scenarios

beginner

Scenario 1 of 6

🎯 The Problem: Insecure Communication

Your services talk directly without encryption

Service A

Frontend

⚠️ No Protection

Unencrypted Data

Service B

API

⚠️ No Protection

Anyone can read this data!

The Problem

Two services are sending data over the network. But there's a problem: anyone can read the messages! No encryption, no authentication, no control.

The Solution

This is risky in production. One compromised service could impersonate another. Let's see how a service mesh solves this.

Keyboard Shortcuts:

Space/Enter Play/Pause←/→ NavigateR Reset

Understanding Service Mesh

Core concepts

Sidecar Proxy: A proxy (like Envoy) deployed alongside each service to handle all network traffic.
Control Plane: Manages and configures the sidecar proxies (e.g., Istiod, Linkerd controller).
Data Plane: The collection of sidecar proxies that actually handle traffic.
mTLS: Mutual TLS encrypts service-to-service communication and verifies identities.

Traffic management

Traffic Splitting: Route a percentage of traffic to different versions (canary deployments).
Retries: Automatically retry failed requests with exponential backoff.
Circuit Breaker: Prevent cascading failures by stopping requests to unhealthy services.
Timeouts: Set maximum wait time for requests to avoid hanging.

Key benefits

Security: Automatic mTLS encryption without code changes.
Observability: Detailed metrics, logs, and traces for all service communication.
Resilience: Built-in retries, circuit breakers, and timeouts.
Traffic Control: Canary deployments, A/B testing, and traffic mirroring.

Popular service meshes

Istio

Uses Envoy proxies, feature-rich control plane (Istiod), extensive traffic management and security features. Most widely adopted.

Linkerd

Ultra-light, uses custom Rust-based proxies, minimal resource overhead, simpler configuration, CNCF graduated project.