Introduction

An ambient mesh is a service mesh that operates independently of the workloads that are enrolled in it.

Compared to traditional ("sidecar") service mesh, where a proxy server is embedded alongside each workload, an ambient mesh uses shared proxies which are operated separately from a user’s application.

In order to securely deliver this, Layer 4 (L4) and Layer 7 (L7) functionality are split, with the Layer 4 functionality being delivered by a shared proxy operating on every node, and the Layer 7 functionality provided by a proxy server shared within the security boundary of the application (traditionally, the namespace).

Ambient mesh was first built in 2022 by a team of engineers from Solo.io and Google Cloud. It is implemented in the Istio project, and by products that are derived from it.