• Istio Ambient vs. Cilium performance evaluated at enterprise scale. • Architecture differs: Cilium uses eBPF/WireGuard; Istio relies on ztunnel in user space. • Test involved 500 services, 100 pods each, on a 1,000-node AKS cluster with 11,000 cores. • Key metrics measured: latency, throughput, and resource consumption under realistic load. • Results show Istio Ambient consistently outperforms Cilium across all metrics. • Cilium added Envoy and WireGuard, yet still trails Istio in large‑scale scenarios. • Both projects are CNCF Graduated, but tenancy models and security protocols differ. • Realistic load simulations confirm Istio’s scalability advantage in complex Kubernetes environments.
Article Summaries:
- A recent benchmark tested Istio’s ambient mode and Cilium on a 1,000‑node Azure Kubernetes cluster, simulating 500 services with 100 pods each. The study measured latency, throughput, and resource use under realistic churn. Istio achieved 56 % more queries with 20 % lower tail latency and processed 2,178 queries per core, outperforming Cilium’s 1,815 queries per core. Cilium used 30 % less CPU but incurred higher memory usage and suffered significant slowdown when L7 policy and WireGuard encryption were enabled. Overall, the results suggest Istio ambient delivers stronger performance and stability at scale, while Cilium’s lower CPU footprint comes at the cost of higher overhead and reduced scalability.
Sources: