Functions and features - Alibaba Cloud Service Mesh - Alibaba Cloud Documentation Center

Service Mesh (ASM) provides the following editions that support different features and capabilities: Standard Edition, Enterprise Edition, and Ultimate Edition. Standard Edition is free of charge, and the other editions are commercial editions. This topic describes the features supported by different ASM editions.

Note Compared with Standard Edition, Enterprise Edition and Ultimate Edition support more protocols, enhance dynamic extension capabilities, provide fine-grained service governance, and improve the zero-trust security system. In addition, the commercial editions enhance performance, provide better support for large-scale clusters, and simplify the use of ASM instances in production environments. The commercial editions are applicable to scenarios in which you require cross-language interoperability and fine-grained service governance and want to apply the service mesh technology in production environments on a large scale. For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance. For more information about ASM editions, see Announcement on the launch of commercial editions.

Features supported on the ASM control plane

Mesh management


Feature	Open source edition	Standard Edition	Enterprise Edition	Ultimate Edition
Full lifecycle management of ASM instances such as instance deployment and upgrade management in the ASM console
Support for Container Service for Kubernetes (ACK) clusters (including ACK managed clusters and ACK dedicated clusters) of all compatible Kubernetes versions and the ACK on ECI mode
Support for serverless Kubernetes (ASK) clusters of all compatible Kubernetes versions
Support for registered external Kubernetes clusters
Support for ACK edge clusters
Support for multi-cluster deployment across virtual private clouds (VPCs) and regions in production environments
Supported operating systems	Alibaba Cloud Linux 2	Alibaba Cloud Linux 2	Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3	Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3
Automatic diagnostics of mesh configuration issues	Partially supported
Rollback of Istio resources to an earlier version
Istio resource access by using the Kubernetes API of clusters on the data plane in multi-cluster mode

Management of data-plane components


Feature	Open source edition	Standard Edition	Enterprise Edition	Ultimate Edition
Configurations of sidecar proxies at global, namespace, and workload levels	Partially supported
Configuration of the sidecar injector in the console
Support for Container Network Interface (CNI) plug-ins in ACK clusters

ASM gateway management


Feature	Open source edition	Standard Edition	Enterprise Edition	Ultimate Edition
Full lifecycle management of ASM gateways, for example, creation, upgrades, deletion, and configuration updates of an ASM gateway
Route management in the console
Advanced features, such as graceful shutdown for the Server Load Balancer (SLB) instance of an ASM gateway, horizontal pod autoscaling (HPA), upgrades without service disruption, and Transport Layer Security (TLS) acceleration
Integration of envoy.ext_authz, which allows customers to configure custom authorization services in the console
Integration with the OpenID Connect (OIDC) based single sign-on (SSO) feature
Integration with the throttling and circuit breaking features
Certificate management
Integration with observability features
High availability

Traffic management


Feature	Open source edition	Standard Edition
Compatibility with the concepts of VirtualService, DestinationRule, and Gateway defined in open source Istio
Configuration of traffic routing rules in the console
Local throttling	Partially supported	Partially supported
Support for Spring Cloud services
Graceful start and shutdown of services
End-to-end canary release and traffic labeling
API-based circuit breaking
Intra-zone Provider First
Warm-up
Traffic management based on services

Observability management


Feature	Open source edition	Standard Edition
Visual service mesh topology for easy analysis	Partially supported	Partially supported
Integration of a self-managed Prometheus service	Partially supported. The self-managed Prometheus service must be independently deployed.
Integration of Application Real-Time Monitoring Service (ARMS) of Alibaba Cloud
Integration of Alibaba Cloud Log Service
Custom metrics	Partially supported	Partially supported
Enhanced built-in common dashboards
Service level objective (SLO) policies
SLO-driven application scaling

Security management


Feature	Open source edition	Standard Edition	Enterprise Edition	Ultimate Edition
Integration with the Resource Access Management (RAM) system to support various features such as RAM authorization
Configuration of security policies in the console
Easy configuration of security policies based on scenarios (support for OIDC-based SSO and JWT-based authentication)
Fine-grained access control by using the Open Policy Agent (OPA) policy engine
OpenAPI operation audit
Kubernetes API operation audit
Integration of the authorization system for Alibaba Cloud accounts
Trial run of ASM authorization policies

Scalability and ecosystem integration


Feature	Open source edition	Standard Edition	Enterprise Edition	Ultimate Edition
Plug-in marketplace
Compatibility between Envoy filters and multiple API versions
Connection to third-party service registries such as Consul and Nacos
Integration of the cloud-native inference service KServe
Best practices of integrating with Argo CD, Argo Rollouts, and KubeVela
Support for Terraform

Performance optimization and best practices


Feature	Open source edition	Standard Edition	Enterprise Edition	Ultimate Edition
TLS acceleration by using Multi-Buffer
Configuration of the selective service discovery feature in the console
Automatic recommendation of sidecars based on access log analysis
Performance optimization by using Node Feature Discovery (NFD) to detect hardware and software capabilities, such as the support for Advanced Vector Extensions (AVX) and QuickAssist Technology (QAT) acceleration
Best practices that include standardized service definitions and optimized parameter configurations

Stability and supported scale


Feature	Open source edition	Standard Edition	Enterprise Edition	Ultimate Edition
Supported scale on the data plane	We recommend that you use this edition only for development and testing purposes.	50 pods	1,000 pods	10,000 pods
Managed Istiod components on the control plane	-	Single replica	Multiple replicas	Multiple replicas

Note Take note of the following considerations for supported scale on the data plane in Standard Edition:

This edition is suitable only for development and testing purposes.
To ensure cluster stability, ASM checks the number of pods in clusters on the data plane before an upgrade. If the number of pods exceeds the limit, you must change the edition of the ASM instance before the upgrade. Otherwise, your business may be affected. For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance.
ASM calculates the number of pods based on the namespaces that are detected during service discovery and automatically excludes the following system namespaces: istio-system, arms-prom, kube-node-lease, kube-public, and kube-system.

References for features of ASM commercial editions


Feature	References
Mesh management	Enable Multi-Buffer for TLS acceleration
ASM gateways	Bind a certificate to a domain name Enable data compression for the ingress gateway service of an ASM instance Improve availability for the ingress gateway service of an ASM instance
Traffic management	Use the local throttling feature of ASM Use the API-based circuit breaking feature of ASM Enable graceful shutdown for the SLB instance of an ingress gateway to prevent traffic loss Configure traffic routing for an ASM gateway Traffic labeling and label-based routing Manage Spring Cloud services Use an ASM instance to implement an end-to-end canary release