Alibaba Cloud Service Mesh：Features

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

Lifecycle management of mesh instances from the console, including deployment and upgrades

Support for all current versions of ACK, including ACK managed clusters, ACK dedicated clusters, and the ECI on ACK mode

Supports only ACK managed clusters

Supports only ACK managed clusters

Support for ACS clusters

Support for all current versions of ACK Serverless

Support for registering external Kubernetes clusters

Support for ACK Edge clusters

Production-grade multi-cluster support (cross-VPC and cross-region)

Supports only single clusters

Supports only single clusters

Supported operating systems for nodes where pods run

Alibaba Cloud Linux 2

Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

Alibaba Cloud Linux 2

Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

Automatic diagnosis of mesh configuration issues

Partially supported

Partially supported

Support for historical version management of Istio resources

Support for accessing Istio resources using the KubeConfig file of a data plane cluster in a hosted mesh

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

Multi-level configuration management for sidecar proxies (global, namespace, and workload)

Partially supported

Sidecar injector management from the console

Compatibility with the CNI mode in ACK clusters

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

Lifecycle management of ASM gateways (creation, upgrade, deletion, configuration updates, and more)

Routing management from the console

Advanced features (graceful shutdown, HPA-based autoscaling, traffic-lossless upgrades, and TLS performance optimization)

Built-in external authorization service (ext_authz) with visual configuration

Built-in one-click integration for OIDC-based single sign-on (SSO)

Built-in integration for throttling and circuit breaking

Certificate management

Built-in integration for observability features

High availability (HA) support

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

Compatibility with Istio community definitions for VirtualService, DestinationRule, and Gateway

Traffic rule configuration from the console

Local rate limiting

Partially supported

Support for Spring Cloud services

Lossless service startup and shutdown

Traffic lanes and traffic tags

Route-level circuit breaking

Same-zone-prioritized routing

Service prefetching

Service-centric traffic management

Layer 7 load balancing for east-west gateways

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

Intuitive and easy-to-use visual mesh topology and analysis

Partially supported

Partially supported

Integration with self-managed Prometheus for monitoring

Partially supported. Requires separate installation.

Partially supported. Requires separate installation.

Integration with ARMS for monitoring

Integration with Simple Log Service (SLS)

Support for custom monitoring metrics

Partially supported

Partially supported

Enhanced built-in dashboards and reports

Support for service-level objective (SLO) policies

SLO-driven application elasticity

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

Integration with the cloud platform account system (such as RAM authorization)

Security policy configuration from the console

Scenario-based one-stop security policies (such as OIDC-based SSO and JWT authentication)

Fine-grained access control based on Open Policy Agent (OPA)

Alibaba Cloud OpenAPI audit

Kubernetes API audit

Integration with the Alibaba Cloud account authorization system

Support for dry-run mode

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

Plugin marketplace

Compatibility with multiple API versions of EnvoyFilter

Integration with third-party registries

Built-in integration with the KServe cloud-native inference service framework

Built-in best practices for application release with Argo CD, Rollouts, and KubeVela

Terraform support

Feature

Sidecar mode

Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Open source community

Enterprise Edition

Ultimate Edition

TLS acceleration using Multi-Buffer

Configuration of selective service discovery from the console

Automatic optimization recommendations for sidecar resource configurations based on access log analysis

Hardware-software co-design for performance optimization. Node Feature Discovery (NFD) automatically detects hardware features and provides adaptive support for features such as AVX instruction sets and QAT acceleration.

Built-in best practices and analysis, including standardized service definitions and parameter configuration optimization methods

Feature

Sidecar mode/Ambient mode

Open source community

Enterprise Edition

Ultimate Edition

Data plane scale

For development and testing only

1,000 pods

10,000 pods

Hosted Istiod component for the control plane

-

Multiple replicas

Multiple replicas