SOFAMosn: In‑Depth Exploration of Ant Financial's Service Mesh Data Plane

The article originates from the author’s talk at Service Mesh Meetup #2 in Beijing, summarizing the deep‑dive into SOFAMosn, the data‑plane component jointly developed by Ant Financial and UC.

Background: Ant Financial embraces micro‑services and cloud‑native architectures; a robust traffic‑routing and service‑mesh layer is essential for LDC traffic scheduling, elastic scaling, blue‑green releases, and high‑security requirements such as national‑level encryption.

To address these needs, Ant chose a Golang‑implemented data‑plane (SOFAMosn) after evaluating technology stacks, cross‑team efficiency, and existing infrastructure.

SOFAMosn Overview: SOFAMosn replaces Envoy in the data‑plane of an Istio‑style architecture, adding Ant‑specific improvements. Version 0.1.0 supports xDS V0.4, the SOFARPC protocol, and basic HTTP/1.1 and HTTP/2.0 functionality.

Layered Design: The data flow is divided into four layers – IO, Protocol, Streaming, and Proxy – with the outbound path mirroring the inbound path. Each layer provides specific responsibilities such as IO event subscription, serialization/deserialization, stream lifecycle management, and routing/load‑balancing.

The module breakdown includes routing, backend management, health checking, and load‑balancing, with future extensions highlighted in red‑dashed boxes.

Core Capabilities: SOFAMosn offers programmable IO interfaces, a built‑in TCP proxy, TLS support (leveraging Go’s TLS), TProxy mode, smooth reload/upgrade, and basic HTTP/1.1, HTTP/2.0, and SOFARPC handling. Future plans include Dubbo/HSF support and deeper Istio integration.

Performance: Version 0.1.0 focuses on single‑core throughput for TCP and SOFARPC sidecar scenarios. Optimizations include CPU pinning, memory slab‑style recycling, reduced GC pressure, and careful read/write buffering. Benchmarks show ~30% throughput gain from core pinning and competitive performance against Envoy.

TLS performance tests reveal that Go’s native ECDHE‑P256 implementation outperforms Go with BoringSSL and approaches Nginx’s OpenSSL performance.

Roadmap: August 202X – release 0.1.0 with core proxy and xDS support; end of August – 0.2.0 adding X‑Protocol extensions, Dubbo/HSF, enhanced HTTP/2.0, and K8s operator; September – 0.3.0 with Mixer integration, quota, reporting, circuit‑breaking, and rate‑limiting.

The author invites the community to contribute to the open‑source version of SOFAMesh and provides links to the GitHub repository, live video, and a WeChat group for further discussion.