Bird
Raised Fist0
Microservicessystem_design~20 mins

Why service mesh manages inter-service traffic in Microservices - Challenge Your Understanding

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Service Mesh Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Why use a service mesh for inter-service communication?

Which of the following best explains why a service mesh is used to manage inter-service traffic in microservices?

AIt stores all service data in a single database to simplify data management.
BIt replaces the need for any API gateways by directly exposing all services to the internet.
CIt provides a centralized way to handle service discovery, load balancing, and secure communication between services without changing service code.
DIt automatically scales the number of services based on CPU usage without configuration.
Attempts:
2 left
💡 Hint

Think about how a service mesh helps services talk to each other safely and efficiently.

💻 Command Output
intermediate
2:00remaining
Output of service mesh sidecar proxy status command

What is the expected output when running the command istioctl proxy-status in a Kubernetes cluster with Istio service mesh installed?

Microservices
istioctl proxy-status
A
NAME                                                   CDS        LDS        EDS        RDS        ISTIOD
productpage-5d8f7d6f7f-abcde.default                    SYNCED     SYNCED     SYNCED     SYNCED     istiod-1234567890-xyz
reviews-6f7d8c9d7f-fghij.default                        SYNCED     SYNCED     SYNCED     SYNCED     istiod-1234567890-xyz
BError: command not found
CNo proxies found in the cluster
DPod productpage-5d8f7d6f7f-abcde is not ready
Attempts:
2 left
💡 Hint

This command shows the synchronization status of sidecar proxies managed by Istio.

🔀 Workflow
advanced
3:00remaining
Steps to enable mutual TLS in a service mesh

Which sequence correctly describes the steps to enable mutual TLS (mTLS) between services in a service mesh?

A2,1,3,4
B2,3,1,4
C1,3,2,4
D1,2,3,4
Attempts:
2 left
💡 Hint

Think about configuring policies before deploying and verifying certificates.

Troubleshoot
advanced
2:00remaining
Troubleshooting failed inter-service calls in a service mesh

You notice that service A cannot reach service B in a service mesh environment. Which of the following is the most likely cause?

AThe database used by service A is down.
BThe sidecar proxy for service B is not running or crashed.
CService A has no CPU resources allocated.
DThe Kubernetes node running service B is out of disk space.
Attempts:
2 left
💡 Hint

Focus on components directly involved in inter-service communication.

Best Practice
expert
2:30remaining
Best practice for managing inter-service traffic with a service mesh

Which practice is considered best for managing inter-service traffic in a service mesh to ensure reliability and security?

AUse sidecar proxies to enforce policies like retries, timeouts, and mutual TLS without modifying service code.
BDisable all sidecar proxies and let services handle communication directly for better performance.
CStore all service credentials in environment variables inside each service container.
DAllow all traffic between services without restrictions to reduce configuration complexity.
Attempts:
2 left
💡 Hint

Think about how to keep services secure and reliable without changing their code.

Practice

(1/5)
1. Why does a service mesh manage inter-service traffic in a microservices architecture?
easy
A. To improve security, reliability, and observability between services
B. To replace the need for a database in microservices
C. To write the business logic inside each service
D. To increase the size of each service for better performance

Solution

  1. Step 1: Understand the role of service mesh

    A service mesh controls how services communicate, focusing on security, reliability, and monitoring.

  2. Step 2: Identify what service mesh does not do

    It does not replace databases or add business logic; it manages traffic between services.

  3. Final Answer:

    To improve security, reliability, and observability between services -> Option A

  4. Quick Check:

    Service mesh manages traffic for security and reliability = A [OK]
Hint: Service mesh controls communication, not business logic or storage [OK]
Common Mistakes:
  • Thinking service mesh replaces databases
  • Confusing service mesh with application code
  • Assuming service mesh increases service size
2. Which syntax correctly describes how a service mesh uses sidecar proxies?
easy
A. database -> service -> sidecar proxy
B. service -> sidecar proxy -> other service
C. sidecar proxy -> service -> database
D. service <- database <- sidecar proxy

Solution

  1. Step 1: Understand sidecar proxy role

    Sidecar proxies sit alongside services to intercept and manage traffic between services.

  2. Step 2: Identify correct traffic flow

    Traffic flows from the service through its sidecar proxy to the other service.

  3. Final Answer:

    service -> sidecar proxy -> other service -> Option B

  4. Quick Check:

    Sidecar proxies manage traffic between services = D [OK]
Hint: Sidecar proxies sit next to services, managing outgoing traffic [OK]
Common Mistakes:
  • Confusing database direction with sidecar proxy
  • Reversing traffic flow arrows
  • Mixing service and database roles
3. Given this simplified service mesh setup, what is the expected behavior when Service A calls Service B and Service B is temporarily down? 
Service A -> Sidecar Proxy A -> Sidecar Proxy B -> Service B
Options:
medium
A. The call fails immediately with no retries
B. Service A handles retries without sidecar involvement
C. Sidecar Proxy A retries the call automatically before failing
D. Sidecar Proxy B forwards the call to a database instead

Solution

  1. Step 1: Recognize retry feature in service mesh

    Service mesh sidecar proxies can automatically retry failed calls to improve reliability.

  2. Step 2: Identify which proxy handles retries

    Sidecar Proxy A, managing outgoing traffic from Service A, retries the call before reporting failure.

  3. Final Answer:

    Sidecar Proxy A retries the call automatically before failing -> Option C

  4. Quick Check:

    Sidecar proxies handle retries to improve reliability = B [OK]
Hint: Sidecar proxies retry failed calls automatically [OK]
Common Mistakes:
  • Assuming no retries happen
  • Thinking service code retries instead
  • Confusing proxy roles with database
4. You configured a service mesh but notice that traffic between services is not encrypted. What is the most likely cause?
medium
A. Service mesh does not support encryption
B. Services are using HTTP instead of HTTPS internally
C. The database connection is not encrypted
D. Sidecar proxies are not enabled to handle TLS encryption

Solution

  1. Step 1: Understand encryption in service mesh

    Service mesh uses sidecar proxies to encrypt traffic between services using TLS.

  2. Step 2: Identify common misconfiguration

    If sidecar proxies are not configured or enabled for TLS, traffic remains unencrypted.

  3. Final Answer:

    Sidecar proxies are not enabled to handle TLS encryption -> Option D

  4. Quick Check:

    Encryption depends on sidecar proxy TLS setup = A [OK]
Hint: Check sidecar proxy TLS settings for encryption issues [OK]
Common Mistakes:
  • Blaming service internal HTTP usage
  • Confusing database encryption with service traffic
  • Assuming service mesh lacks encryption feature
5. In a microservices system using a service mesh, how does the mesh help when one service experiences intermittent failures?
hard
A. It automatically retries requests, routes around failures, and collects metrics for monitoring
B. It stops all traffic to the failing service until manually restarted
C. It merges the failing service into other services to avoid downtime
D. It disables sidecar proxies to reduce overhead during failures

Solution

  1. Step 1: Identify service mesh features for failure handling

    Service mesh retries requests, performs circuit breaking (routing around failures), and gathers metrics.

  2. Step 2: Understand what service mesh does not do

    It does not stop all traffic, merge services, or disable proxies during failures.

  3. Final Answer:

    It automatically retries requests, routes around failures, and collects metrics for monitoring -> Option A

  4. Quick Check:

    Service mesh improves reliability with retries and monitoring = C [OK]
Hint: Service mesh retries and monitors to handle failures smoothly [OK]
Common Mistakes:
  • Thinking mesh stops traffic completely
  • Believing mesh merges services automatically
  • Assuming proxies are disabled on failure