Evolution of Ant Financial Service Mesh: Link Encryption, Adaptive Rate Limiting, Fine‑Grained Traffic Steering, and Service Self‑Healing

After the successful double‑11 deployment of Service Mesh in 2019, Ant Financial continued to evolve the platform, adding capabilities such as link encryption, adaptive rate limiting, fine‑grained traffic steering, and service self‑healing.

Link Encryption aims for 100% encrypted communication within the internal network. Challenges include maintaining operational simplicity, supporting gray‑release and rollback, enabling hot‑switching without affecting business requests, and keeping performance impact low. The design uses a centralized control plane to push TLS configuration via XDS, with MOSN obtaining certificates via SDS and managing secret storage in memory. A connection‑elimination mechanism ensures old connections are gracefully retired after pending requests complete.

Adaptive Rate Limiting automatically adjusts traffic limits based on system‑wide resource usage. It monitors resource consumption, builds a baseline of high‑cost interfaces, and dynamically scales limits using a PID‑style control loop to protect the system during overloads without manual configuration.

Fine‑Grained Traffic Steering exposes atomic traffic‑routing capabilities, enabling scenarios such as gray releases, disaster recovery, new‑datacenter validation, and per‑application or per‑interface flow redirection. Rules can be defined to route specific request types (e.g., transfers) to dedicated groups, ensuring critical flows are isolated from noisy traffic.

Service Self‑Healing implements an internal anomaly counter within MOSN to detect unhealthy downstream nodes, temporarily blacklisting them and reporting to a self‑healing center. The center aggregates reports, performs probe‑based verification, and triggers restart or removal actions within minutes, achieving near‑real‑time recovery.

These capabilities demonstrate the value of Service Mesh in decoupling business logic from infrastructure, enabling rapid, low‑impact rollout of new features, improving security, stability, and operational efficiency across Ant Financial’s massive microservice ecosystem.

Match: type = transfer
Action: Group = Group_2