TalksAWS re:Invent 2025 - Beyond Multi-Cloud Chaos: The Unified Cloud Mesh Architecture (ARC332)

AWS re:Invent 2025 - Beyond Multi-Cloud Chaos: The Unified Cloud Mesh Architecture (ARC332)

Beyond Multi-Cloud Chaos: The Unified Cloud Mesh Architecture

Overview

The presentation discusses the challenges of modern multi-cloud and multi-cluster infrastructure, and introduces a unified cloud mesh architecture powered by HA proxy as a solution. Key topics covered include:

  • Limitations of existing service mesh approaches
  • The "universal mesh" concept and its benefits
  • Detailed technical capabilities around performance, security, authentication, and federation
  • Real-world use cases and customer examples

Limitations of Existing Service Mesh Approaches

  • Modern infrastructure is highly fractured, with multiple clouds, regions, and legacy applications
  • Existing service mesh solutions struggle to integrate this "brownfield" enterprise environment
  • Sidecar and sidecarless architectures introduce operational complexity and fail to prevent resource sprawl at scale
  • Challenges with managing north-south traffic, federation, and multi-region setups

The Universal Mesh Concept

  • Focuses on network boundaries rather than just services
  • Leverages HA proxy's reverse proxy capabilities for performance, security, and flexibility
  • Converges ingress, mesh, and proxies into a single, centrally managed system
  • Provides out-of-the-box federation and multi-cluster/multi-cloud connectivity

Performance and Scalability

  • HA proxy has demonstrated 2+ million requests per second on a single AWS instance
  • Optimized TLS stack and load balancing algorithms to maximize performance
  • Cost analysis shows billions of requests can be handled for pennies on the dollar
  • Emphasis on fully utilizing application server resources through intelligent load balancing

Security and Access Control

  • Multi-layered security approach combining access control, rate limiting, bot detection, and WAF
  • Flexible policy configuration and centralized management through the control plane
  • Support for advanced authentication (JWT, OIDC, SAML) and authorization (OPA)
  • Techniques like tarpit and JavaScript challenges to mitigate bot and attack traffic

Federation and Multi-Cloud Connectivity

  • HA proxy can route traffic seamlessly across clouds, regions, and on-premises environments
  • Control plane manages configuration and discovery of resources across boundaries
  • Enables use cases like redundancy, region affinity, and load balancing across hybrid setups

Real-World Use Cases

  • Ad-tech recommendations and 5G network load balancing with AWS Wavelength Zones
  • Payment provider redundancy and cross-region failover
  • Integrating legacy on-premises applications into the mesh

Key Takeaways

  • Existing service mesh solutions fall short in dealing with the complexity of modern, distributed infrastructure
  • The "universal mesh" approach leverages HA proxy's capabilities to provide a more flexible, scalable, and centrally managed solution
  • Emphasis on performance, security, authentication, and federation enable a wide range of real-world use cases
  • Centralized control plane and policy management simplify operations at scale
  • Customers are using the universal mesh to solve connectivity challenges across clouds, regions, and on-premises environments

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.