Evaluating eBPF’s Role in Service Mesh Data Plane: Architecture Trade‑offs

The authors explain the relationship between eBPF and service meshes, noting that eBPF augments the data plane but does not replace Envoy’s L7 proxy capabilities. They describe Solo.io’s plan to integrate eBPF into Gloo Mesh Enterprise for better networking, observability, and security.

They argue that moving all L7 functions into eBPF is impractical because eBPF follows an event‑handler model, is Turing‑incomplete, and cannot safely implement complex protocol logic such as HTTP/2 or gRPC.

Envoy remains the preferred L7 proxy, handling complex protocol negotiation and user‑space extensions, while eBPF can accelerate lower‑level tasks like packet processing, TLS offload, and telemetry collection.

The article then outlines four possible service‑mesh data‑plane architectures, each using eBPF for kernel‑level optimizations while retaining Envoy for L7 processing:

Sidecar proxy: a dedicated Envoy instance per workload, offering the best isolation but higher memory overhead.

Node‑shared proxy: a single Envoy per node serving all workloads, reducing memory usage but introducing configuration and security isolation challenges.

Service‑account‑shared proxy: multiple shared proxies on a node, each scoped to a service account, balancing memory savings with better isolation than a single node‑wide proxy.

Shared remote proxy with micro‑proxy: a lightweight micro‑proxy handles mTLS for each workload, while L7 traffic is optionally redirected to a shared Envoy, reducing sidecar configuration cost at the expense of extra network hops.

For each model the authors evaluate trade‑offs in memory/CPU consumption, functional isolation, security granularity, and upgrade impact, emphasizing that eBPF benefits can be realized regardless of the chosen architecture.

In the final considerations they reaffirm that eBPF is a powerful optimization tool for service meshes, but Envoy remains the cornerstone of the data plane, and successful deployments must balance performance, functionality, scalability, debuggability, and user experience.