Buoyant's production-ready distribution of Linkerd, the world's most advanced service mesh. Fully hardened and designed for sustained production use.
Buoyant Enterprise for Linkerd delivers true zero trust network security to every application on your Kubernetes platform, without changing any code.
Built on industry standards including mutual TLS, the Gateway API, and the memory-safe Rust language, BEL allows you to move away from outdated IP-based access control, perimeter firewalls, and buffer overflow exploits, to security built on cryptographic workload identity, end-to-end encryption for all customer data, and ultra-fine-grained security boundaries.
Mutual TLS
Transparently add encryption and bidirectional authentication to every network connection.
Cryptographic workload identity
Automatically authenticate connections using cryptographic proof of workload identity, not easily-spoofed IP addresses.
Authorization policies
Build human-readable, least-privilege access policies that cover workload identity, HTTP methods, gRPC routes, and more.
Granular security boundaries
Go beyond firewalls and perimeter defense by building per-pod and per-instance security boundaries around every application component.
Buoyant Enterprise for Linkerd adds dynamic traffic management and control designed for the realities of modern software applications.
BEL's fully distributed, Rust data plane is capable of handling everything from HTTP/2 and gRPC traffic down to raw TCP streams, while withstanding network partitions, machine outages, failures of clusters, zones, and regions, and anything else you can throw its way.
Automated failover
Automatically redirect traffic to different clusters in the event of service failure, without interrupting application behavior.
Real-time latency-aware load balancing
Automatically send requests to the fastest available application components, reducing user-facing end-to-end latency.
Retries, timeouts, and circuit breaking
Transparently retry requests sent to slow or failing endpoints on alternate endpoints, and automatically shed load to overloaded application components.
Canary and blue-green deploys
Reduce the risk of shipping buggy code to production by “easing” new code into production and automatically falling back to old code if problems are detected.
Buoyant Enterprise for Linkerd optimizes not just latency but network spend, ensuring your dollars are spent on business priorities first.
Decommission expensive application load balancers and automatically reduce cross-zone network spend with BEL's highly-available, zone-aware routing.
Zone-aware routing
Preserve zone locality, reduce latency, and cut unnecessary cloud spend with Buoyant Enterprise for Linkerd's High Availability Zonal Load Balancing (HAZL).
Universal traffic routing
Route HTTP and gRPC traffic based on request properties with Buoyant Enterprise for Linkerd, avoiding costly ALBs.
Automated lifecycle management
Automate Buoyant Enterprise for Linkerd from installation to upgrades, freeing teams for more crucial tasks.
Copyright © 2025 Buoyant Inc.
