Challenge:
The majority of operational problems inherent to deploying microservices in a distributed architecture are linked to two areas: networking and observability. At the application layer (Layer 7), the need to understand all aspects associated with service-to-service communication within the cluster becomes paramount. Service-to-service network traffic at this layer is often using HTTP. DevOps teams struggle with these questions: Where is monitoring needed? How can I understand the impact of issues and effectively troubleshoot? And how can I effectively protect application-layer data?

Solution:
Calico Enterprise and Calico Cloud deploy Envoy as a sidecar to provide deep observability of microservices at the application layer. HTTP is one of the most popular protocols for microservices communication, and this integration gives operators access to new network flow logs for application layer traffic that include valuable metadata and metrics for analysis and troubleshooting. This application layer observability, combined with the high-performance WireGuard data-in-transit encryption, gives DevOps teams service mesh observability and security benefits, without them having to deploy a service mesh along with all of its complexity.

Application layer flow logs include:

Source and destination namespace
Average and maximum duration
URL
Response code
User agent
Method and status code (e.g., HTTP)
Bytes sent and received
Source and destination type (pod, networkset, etc.)
Request and response latency
Benefit:
Dev teams get a centralized “big picture” view that provides a better understanding of service-to-service traffic in the cluster. Ops teams now have the necessary observability to detect and troubleshoot application layer issues, and can deploy encryption at the application layer to protect traffic and meet organizational/regulatory compliance requirements. Calico Enterprise and Calico Cloud now provide the benefits of a service mesh without the associated complexity.