Use adaptive xds optimization feature to enhance the performance of the service mesh.
To enable adaptive xds optimization, upgrade an ASM instance to 1.15.3.63 or later.
The adaptive xds optimization supports only HTTP.
Background
The Sidecar stores service information in the data plane, while the control plane pushes configuration updates (e.g., new virtual service rules) to all Sidecars. Frequent updates can degrade service mesh performance.
To optimize this process, enable the adaptive xds optimization feature. This deploys an egress gateway (istio-axds-egressgateway) in the cluster. All HTTP traffic is routed through this gateway, and service dependencies are automatically inferred from gateway access logs—no manual configuration required. See Configuration push optimization effect after applying Sidecar resources for more details.
Before you start
Step 1: Enable adaptive xds optimization
Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
Turn on the Enable adaptive xds optimization switch. In the Confirm dialog box, click OK.
After you click OK, the update takes a while. When the Enable adaptive xds optimization switch is turned on, a list of namespaces that can be adaptively optimized will be displayed.
Step 2: Enable adaptive xds optimization for a namespace
The adaptive xds optimization applies to all services in the namespace. You can also add the annotations asm.alibabacloud.com/asm-adaptive-xds: true in a service to enable adaptive xds optimization for it only.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
Turn on the switch to the right of the target service namespace. In the Confirm dialog box, click OK.
On the details page of the ASM instance, choose in the left-side navigation pane.
On the Sidecar Traffic Configuration page, view the Sidecar resource details.
Sidecar resources starting with axds are listed. Each Sidecar resource corresponds to a service in the Bookinfo application.
Step 3: Access the application to trigger adaptive xds optimization
Access the Bookinfo application through:
# Replace {IP address of the ingress gateway} with the IP address obtained in the previous step.
http://{IP address of the ingress gateway}/productpage. View the Sidecar resources.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
On the Sidecar Traffic Configuration page, click View YAML in the Actions column to the right of axds-productpage. The following example is displayed:
apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: annotations: adapted-svc: productpage.default.svc.cluster.local creationTimestamp: '2024-01-05T07:52:56Z' generation: 4 labels: asm-adaptive-xds-system: 'true' asm-system: 'true' provider: asm name: axds-productpage namespace: default resourceVersion: '23688435' uid: 753e3603-6bee-4dd1-b1fc-2e735a88**** spec: egress: - hosts: - arms-prom/* - default/details.default.svc.cluster.local - default/kubernetes.default.svc.cluster.local - default/reviews.default.svc.cluster.local - istio-system/* - kube-system/* workloadSelector: labels: app: productpageAfter accessing Bookinfo, the Sidecar resource
axds-productpagehas addeddetailsandreviewswhichproductpagerelies on.
Performance comparison
The following tests compares the performance of the control plane and data plane where the namespace asm-perf has not enabled and has enabled adaptive configuration push optimization when large amount of configurations update.
Scale out workloads: Scale
httpbinfrom 2 to 400 replicas.Initiate test traffic: Randomly send requests from the
sleepapplication to differenthttpbinapplications, triggering adaptive xds optimization re-push.Restart workloads: Trigger redeployment of the
httpbinapplication, simulating workload scaling and update scenarios.
Step 1: Prepare environment
Obtain the sample script.
git clone https://github.com/AliyunContainerService/asm-labs.git && \ cd asm-labs/asm-perf/adativexdsBuild the test environment.
bash run.sh -sThis command will create the following resources in the cluster:
Namespace
asm-perf.prometheusandgrafanafor monitoring workloads.A
sleepapplication and 2 replicas of thehttpbinapplication to receive configuration pushes.
Use the following command for port forwarding to the dashboard. You can access the dashboard by visiting
localhost:3000.kubectl port-forward svc/grafana -n asm-perf 3000
Step 2: Compare performance
Scale out workloads.
bash run.sh -suAfter a while, check the dashboard. Expected results are as follows:
Adaptive xds optimization disabled
CPU utilization of the sleep application
Memory usage of the sleep application
Network bandwidth usage of the sleep application
Control plane traffic changes
On the Base Information page of the mesh instance, record the CLB ID after CLB Instance for Exposing Istio Pilot.
Log on to the Classic Load Balancer CLB console. Click the Monitoring column icon for the corresponding CLB, and select to view the chart.
When services in the mesh have changed, the control plane pushes configuration updates, which degrades the performance.
Adaptive xds optimization enabled
CPU utilization of the sleep application
Memory usage of the sleep application
Network bandwidth usage of the sleep application
Control plane traffic changes
The degrading is not worse than that when adaptive xds optimization disabled.
View Sidecar resource configuration
View the Sidecar resource configuration in effect for the
sleepapplication.kubectl get sidecar axds-sleep -n asm-perf -o yamlExpected output:
apiVersion: networking.istio.io/v1 kind: Sidecar metadata: annotations: adapted-svc: sleep.asm-perf.svc.cluster.local creationTimestamp: "2025-04-03T03:09:42Z" generation: 2 labels: asm-adaptive-xds-system: "true" asm-system: "true" provider: asm name: axds-sleep namespace: asm-perf resourceVersion: "14844729886" uid: 31dfc081-b0ec-403f-b420-91f3c3e5f8fb spec: egress: - hosts: - arms-prom/* - asm-perf/grafana.asm-perf.svc.cluster.local - default/kubernetes.default.svc.cluster.local - istio-system/* - kube-system/* workloadSelector: labels: app: sleepMultiple services reside under
spec.egress.hosts. This means that only changes to the above services will trigger configuration update for thesleepapplication. See Configuration push optimization effect after applying Sidecar resources for more.
Initiate test traffic. Send a total of 100 requests randomly from the
sleepapplication to differenthttpbinapplications.bash run.sh -tAfter the requests are completed, check the dashboard.
Adaptive xds optimization disabled
CPU utilization of the sleep application
Memory usage of the sleep application
Network bandwidth usage of the sleep application
Control plane traffic changes
Initiating traffic from the
sleepapplication does not affect configuration updates, because each workload has a complete configuration.Adaptive xds optimization enabled
CPU utilization of the sleep application
Memory usage of the sleep application
Network bandwidth usage of the sleep application
Control plane traffic changes
Initiating traffic from the
sleepapplication triggers configuration updates from the control plane.View Sidecar resource configuration
View the Sidecar resource configuration in effect for the
sleepapplication.kubectl get sidecar axds-sleep -n asm-perf -o yamlExpected output:
Multiple services reside under
spec.egress.hosts. This means that only changes to the above services will trigger configuration re-push for thesleepapplication. See Configuration push optimization effect after applying Sidecar resources for more.
Restart workloads.
bash run.sh -rAfter all workloads have restarted, check the control plane traffic changes.
Adaptive xds optimization disabled
Control plane traffic changes
When services in the mesh have changed, the control plane pushes configuration updates, which degrades the performance.
Adaptive xds optimization enabled
Control plane traffic changes
The volume of configuration updates is significantly reduced compared to when adaptive xds optimization is disabled.
Restore the test environment.
bash run.sh -sdIt takes about 2 minutes for the
httpbinapplication pods to scale in from 400 to 2.
Further actions
Disable the adaptive xds optimization feature
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
Turn off the switch to the right of the target service namespace. In the Confirm dialog box, click OK.
In the left-side navigation pane of the service mesh details page, navigate to .
The Sidecar resources created by the adaptive xds optimization feature have been deleted.
Modify egress gateway configuration
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
Click the Egress Gateway Configuration tab, modify the configuration as needed, and then click Update Settings.
NoteASM supports modifications on egress gateway configurations, including modifying resource settings, gateway replicas, HPA scaling, and gateway HPA metric monitoring.