NGINX.COM

Data Plane Matters

NGINX Service Mesh (NSM) is uniquely designed around the idea that the “data plane matters”. Leveraging the power of NGINX Plus to operate highly available and scalable containerized environments, we bring a level of traffic management intelligence to the market that no other reverse proxy sidecars can offer. Through building a control plane from scratch, solely focused on the NGINX Plus data plane, NSM delivers a highly optimized service mesh designed for high‑volume and secure container traffic management.

Other service meshes rely on tools from external vendors to provide critical service‑mesh features, or provide just bare‑bones sidecar proxies designed to move packets from one side of a virtual interface to another. NSM is the only mesh designed around a fully integrated data plane, using a custom‑built control plane for this purpose. It’s the only mesh to fully integrate ingress and egress traffic management at the edge within sidecar policies, in a single configuration. Lightweight and focused on Layer 7 application traffic management within clusters, NSM is non‑intrusive, allowing the rest of your tech stack to perform without complications, the way it should be.

What Is NGINX Service Mesh?

NGINX Service Mesh (NSM) provides a turnkey, secure, service-to-service solution for container traffic management, with a unified data plane for ingress and egress management in a single configuration. With production‑grade capabilities for intelligent traffic management in Kubernetes environments, NSM stands apart from the current glut of “packet‑pushing proxies” on the market.

Lightweight and seamless by design, NSM scales from open source projects to a fully supported, secure, and scalable enterprise‑grade solution, no matter where you are in your microservices journey.

NGINX-Service-Mesh-product-page_architecture

Features

Multi-Platform Support

NSM supports the following platforms:

  • Managed cloud platforms: Amazon EKS, Google GKE, Azure AKS
  • VMware Kubernetes clusters (native, not PKS)
  • Stand‑alone clusters built with standard Kubernetes tools (Kubeadm), including cloud image clusters such as AWS EC2 AMIs

Security Controls

NSM enables authentication and security at the point of service:

  • Service identity
  • Zero‑trust
  • mTLS enforcement
  • Certificate lifecycle management
  • Configuration gating and governance
  • Default block for ingress and egress north‑south traffic (requires NGINX Plus Ingress Controller)
  • Allowlist support for ingress and egress
  • Edge firewalling with NAP (requires NGINX Plus Ingress Controller)
  • Per‑service access control for east‑west traffic

Flexible Traffic Handling

NSM supports a robust range of traffic distribution models:

  • Rate shaping, quality of service (QoS), service throttling
  • Blue‑green deployments
  • Canary releases
  • Circuit breaker pattern
  • A/B testing
  • API gateway features