Skip to main content

Network Service Mesh

Network Service Mesh is an open source project that provides a cloud native mechanism for composing, discovering, and connecting network services across heterogeneous infrastructure and workloads using a service mesh–like model.

  • Service mesh for L2/L3 network connectivity across Kubernetes and other domains (networking)
  • Abstracts network services as endpoints discoverable and connectable via APIs (networking)
  • Supports secure, on-demand, point-to-point and multi-point connections between workloads (networking/security)
  • Integrates with Kubernetes and cloud native runtimes for dynamic network service provisioning (cloud-native networking)
  • Extensible framework for attaching network functions such as VPNs, firewalls, and accelerators to workloads (network function virtualization)

More About Network Service Mesh

Network Service Mesh (NSM) is a CNCF project focused on connecting workloads to network services in cloud native environments using a service mesh–inspired approach at layers 2 and 3 (networking). Instead of focusing on traditional Hypertext Transfer Protocol (HTTP) or L7 traffic, NSM models lower-level network connectivity as discoverable services that can be requested and bound to applications, including those running on Kubernetes clusters or other orchestrators.

The project addresses scenarios where workloads require specialized connectivity such as virtual private networks, layer 2 segments, or hardware-accelerated paths (networking). It introduces the concept of Network Services and Network Service Endpoints, where a Network Service represents an abstract capability and endpoints are concrete implementations that can be dynamically selected and connected. This abstraction allows platform teams to expose capabilities like Virtual Private Network (VPN), encryption, or specific routing domains as services that applications consume.

NSM operates alongside container orchestration platforms and uses APIs and control planes to orchestrate point-to-point and multi-point connections (infrastructure automation). When a workload requests a particular Network Service, NSM discovers appropriate endpoints and programs the data plane to establish the requested connectivity, while also handling lifecycle concerns such as healing and re-establishment when workloads move or restart.

In enterprise environments, NSM is used to connect applications across multiple clusters, hybrid deployments, or legacy non-cloud native domains (hybrid cloud networking). It can provide connectivity between Kubernetes pods and virtual machines, bare-metal network functions, or external networks, enabling use cases such as multi-cluster service connectivity, secure tenant separation, and integration with existing network appliances and Software-Defined Wide Area Network (SD-WAN) or VPN infrastructure.

The project is built around extensibility, allowing additional network functions and data planes to be integrated through plugins and adapters (network function virtualization). Implementations can attach services like firewalls, traffic inspection, or acceleration using technologies such as Single Root I/O Virtualization (SR-IOV), smart NICs, or user space networking stacks, subject to what is documented and supported in the ecosystem.

From a directory and taxonomy perspective, Network Service Mesh fits into cloud native networking, service mesh–style connectivity for non-HTTP traffic, and network function virtualization frameworks (cloud-native networking). It interacts with but is distinct from traditional L7 service meshes by targeting workload-to-network-service connectivity at lower layers, giving enterprises a framework to compose and manage complex network topologies and capabilities in programmable, declarative ways across diverse infrastructure.