Can eBPF and Wasm Replace Sidecars? Exploring the Future of Service Mesh Data Planes

Translated from Vivian Hu’s article "eBPF and Wasm: Exploring the Future of the Service Mesh Data Plane".

On December 2, 2021, the Cilium project announced the beta of Cilium Service Mesh, introducing the concept of a sidecar‑less service mesh. It extends Cilium’s eBPF platform to handle most sidecar proxy functions, including L7 routing and load balancing, TLS termination, access policies, health checks, logging, tracing, and built‑in Kubernetes Ingress.

Isovalent’s blog post "How eBPF will solve Service Mesh – Goodbye Sidecars" explains how eBPF can replace traditional sidecar proxies.

eBPF promises to address performance pain points in microservice environments, but the idea of replacing sidecars remains controversial.

Current service mesh data planes rely on sidecar proxies such as Envoy, Linkerd, and MOSN, which manage routing, load balancing, health checks, authentication, authorization, encryption, logging, tracing, and metrics, and may include SDK frameworks like Dapr for additional services.

Sidecar proxies run in Kubernetes pods or containers, leading to significant resource overhead as the number of microservices grows. For example, Linkerd’s Go proxy was rewritten in Rust to achieve notable performance gains.

Some vendors remain skeptical. Solo.io’s article "eBPF for Service Mesh? Yes, But Envoy Proxy is Here to Stay" argues that eBPF’s limited, non‑Turing‑complete programming model and kernel security constraints prevent it from handling all sidecar responsibilities, and that node‑level eBPF agents can increase overall overhead.

Tetrate.io echoed similar concerns, noting that while sidecar performance is acceptable and the community is improving it, eBPF’s lack of a complete programming model makes building custom data‑plane logic difficult.

Because eBPF is a kernel technology subject to security restrictions, WebAssembly (Wasm) emerges as an alternative for safely isolating user‑space code with near‑native performance.

Envoy Proxy was the first to adopt Wasm as an extension mechanism, allowing developers to write proxy logic in C, C++, Rust, AssemblyScript, Swift, or TinyGO, compile it to Wasm, and run it via high‑performance runtimes such as Wasmtime and WasmEdge. The proxy‑Wasm standard is supported by Envoy, Istio, MOSN, and OpenResty.

Wasm can also serve as a general‑purpose application container. The WasmEdge runtime can be managed directly as a container in Kubernetes, and experiments have shown that WasmEdge microservices combined with Dapr and Linkerd consume only about 1% of the resources and have cold‑start times that are roughly 1% of traditional Linux containers.

In summary, eBPF and Wasm represent emerging directions for high‑performance service mesh data planes; while still new, they may complement or eventually replace traditional Linux container‑based sidecars.

References

eBPF and Wasm: Exploring the Future of the Service Mesh Data Plane : https://www.infoq.com/news/2022/01/ebpf-wasm-service-mesh

Cilium Service Mesh : https://cilium.io/blog/2021/12/01/cilium-service-mesh-beta

How eBPF will solve Service Mesh - Goodbye Sidecars : https://isovalent.com/blog/post/2021-12-08-ebpf-servicemesh

Envoy : https://envoyproxy.io/

Linkerd : https://linkerd.io/

MOSN : https://mosn.io/en/

InfoQ report on Linkerd Rust rewrite : https://www.infoq.com/news/2021/08/linkerd-rust-cloud-native/

eBPF for Service Mesh? Yes, But Envoy Proxy is Here to Stay : https://www.solo.io/blog/ebpf-for-service-mesh/

The Debate in the Community about Istio and Service Mesh : https://www.tetrate.io/blog/the-debate-in-the-community-about-istio-and-service-mesh/

Wasmtime : https://github.com/bytecodealliance/wasmtime

WasmEdge : https://github.com/WasmEdge/WasmEdge

Envoy Proxy : https://envoyproxy.io/

Istio Proxy : https://github.com/istio/proxy

OpenResty : http://openresty.org/

proxy-Wasm : https://github.com/proxy-wasm

WasmEdge Book : https://wasmedge.org/book/en/kubernetes.html

Managing WasmEdge as a container : https://wasmedge.org/book/en/kubernetes.html