How Alibaba Cloud Service Mesh ASM Accelerated Cloud‑Native Transformation at Lixun Logistics

Background

Lixun Logistics, a fashion‑industry logistics provider, operates more than 70 cloud warehouses serving over 300 cities. To reduce operational costs and improve service efficiency, the company began a cloud‑native transformation in August 2021, migrating from a self‑built IDC to Alibaba Cloud.

Business Pain Points

Application version iteration difficulty : Rapidly changing business requirements increased code coupling and lengthened release cycles.

Heterogeneous system governance : Multi‑language, multi‑protocol, and multi‑framework services made unified service integration and governance challenging.

Unified cloud‑native development platform : Spring Cloud provides basic microservice capabilities, but enterprise‑level needs such as security, traffic control, routing, and gray release required extensive third‑party integration.

Complex operations : Existing operational processes struggled to manage large‑scale services without comprehensive traffic, security, and observability features.

Solution Overview

The company adopted Alibaba Cloud Container Registry Enterprise Edition (ACR EE) and Alibaba Cloud Container Service (ACK) for container image management and orchestration, and leveraged Alibaba Cloud Service Mesh (ASM) as the distributed management platform.

ASM Architecture

ASM is a fully managed, Istio‑compatible service mesh. Its control plane runs on Alibaba Cloud, while the data plane runs in the customer’s Kubernetes clusters, providing high availability and decoupled lifecycle management. This architecture improves scalability and simplifies operations.

Authentication and Authorization

ASM provides a custom authorization service that can be inserted into the gateway to verify user permissions and enrich request headers with metadata such as version numbers and user IDs. Documentation: https://help.aliyun.com/document_detail/446628.html

Migration from Spring Cloud/Eureka to Kubernetes

Previously services used Eureka for service discovery. After migration, registration and discovery shifted to native Kubernetes mechanisms (K8s Service + CoreDNS), eliminating a separate registry. Sidecar proxies handle service discovery, load balancing, traffic management, security, and observability. During migration the original registry can be retained temporarily for a hybrid state. Reference: https://help.aliyun.com/document_detail/2527072.html

Full‑Link Gray Release

ASM enables traffic‑based routing without code changes. By configuring a TrafficLabel, requests containing a specific header (e.g., tag1) are routed to gray‑release versions of services, while other traffic follows the stable path. This supports end‑to‑end gray deployment across multiple services.

Observability and Unified Analysis

ASM provides a mesh observability center covering three dimensions:

Log analysis : AccessLog collection and analysis reveal traffic patterns and status‑code distribution.

Distributed tracing : Full call‑chain reconstruction, request volume statistics, topology, and dependency analysis help diagnose performance bottlenecks.

Monitoring : Metrics on latency, traffic, errors, and saturation enable comprehensive service health monitoring.

Additional features include mesh topology visualization and traffic replay.

EnvoyFilter Extension

ASM offers an out‑of‑the‑box EnvoyFilter marketplace. Users can configure plugins via built‑in templates, extending the data plane with custom functionality without writing code.

Product Advantages

Unified governance of heterogeneous services : Multi‑language, multi‑framework interoperability and fine‑grained traffic control.

End‑to‑end observability : Integrated logging, monitoring, and tracing with visual mesh topology.

Zero‑trust security : Global workload identity, mTLS, ABAC, JWT, OIDC, and OPA policy engine.

Hardware‑accelerated performance : Intel Multi‑Buffer TLS acceleration and automatic hardware feature detection.

SLO‑driven elasticity : Automatic scaling based on observability data and multi‑cluster traffic burst handling.

Plug‑and‑play extensibility : EnvoyFilter marketplace, WebAssembly lifecycle, compatibility with Istio ecosystem, Serverless/Knative, and AI serving.

Results

After deploying ASM, Lixun Logistics reduced operational complexity across heterogeneous stacks, achieving a 40% increase in operational efficiency and cutting the service‑mesh implementation cycle by 50%.