Thoughts and Practices on New Network Proxy in Ant Financial's ServiceMesh Deployment

Ant Financial senior technical expert Yishan Du (also known as Du Xiaodong) shares the motivation and practical experience behind developing a new network proxy for ServiceMesh, focusing on the SOFAMesh solution and its Golang‑based data plane MOSN.

The background outlines the evolution of ServiceMesh data planes, comparing traditional 7‑layer proxies like Nginx and Envoy with emerging solutions such as Linkerd, Huawei, and Sina, and introduces MOSN as Ant Financial's in‑house Golang data plane used in production across Ant and UC.

SOFAMesh architecture is described as an Istio‑compatible control plane combined with MOSN data plane, supporting features like transparent interception, fine‑grained traffic control, fault injection, and mutual TLS. The open‑source repositories for SOFAMesh and MOSN are provided.

Technical cases demonstrate MOSN sidecar integration in non‑K8s environments, DNS‑based service discovery without code changes, and a lossless upgrade mechanism that transfers TCP connections between old and new MOSN processes, handling both client and server sides.

Performance evaluations cover SOFARPC, HTTP/1.1, HTTP/2.0, and TLS workloads, showing MOSN's superior QPS and lower latency after optimizations such as NetPoll, IO tuning, memory management, and Go runtime adjustments.

Security features include mTLS integration with Ant's internal KMS, ongoing RBAC development, and plans for WAF and traffic mirroring.

The summary looks ahead to broader MOSN adoption across sidecar, gateway, serverless, and security scenarios, emphasizing its role in a unified, cloud‑native load network and inviting community contributions via GitHub.