Universal Mesh

One mesh. Every cloud. Ultimate simplicity.

Stop shifting complexity. Start simplifying connectivity. Unify your multi-cloud, on-prem, and legacy applications with a single architectural pattern that converges ingress, egress, and service mesh into one.

Contact us
haproxy-universal-mesh-simple-diagram
The Problem

The "mesh tax" is too high — and it still doesn't solve the real problem.

Organizations manage hundreds of services deployed across new and old infrastructure. Traditional service meshes were designed for a pristine, cloud-native-only world. They promised to solve connectivity, but for most enterprises, they simply shifted the complexity elsewhere:

  • Massive resource overhead – The mesh tax of running a proxy for every pod consumes significant CPU and memory, adding latency to each request.

  • Operational burden – Teams must manage, upgrade, and secure thousands of distributed sidecars, creating new challenges.

  • Poor hybrid-cloud support – Meshes were never designed to connect legacy apps, VMs, and bare-metal servers.

  • Fragmented traffic management – Meshes only handle east-west (pod-to-pod) traffic, forcing you to buy and manage separate, disconnected tools for ingress, egress, and API gateways.

Infrastructure is distributed

80% of organizations rely on multiple private and public clouds to host their services.

Fragmentation is rampant

59% of survey respondents use three or more tools to manage their cloud infrastructure.

Management is complex

Enterprises use, maintain, and manage communication between 364 SaaS apps, on average.

The Solution

Focus on the boundary, not the service

Universal mesh represents a fundamental convergence of technologies. Your ingress, egress, internal mesh, and API gateway proxies become one unified data plane, all managed by one control plane for effortless multi-cluster federation.

Instead of deploying proxies on every pod, you deploy strategic HAProxy Enterprise gateways at the boundary of each environment. HAProxy Fusion Control Plane provides centralized management, observability, and automation.

universal-mesh-presentation---kubecon
How Universal Mesh Works

One architecture, two core patterns

Our universal mesh is fractal. The same simple, powerful architecture applies at every scale, from a single cluster to a global hybrid cloud. Deploy strategic gateways at the boundaries of your K8s clusters, VPCs, and on-prem datacenters.

These gateways form the powerful, performant "universal mesh edge." Users get the same powerful unified ingress and routing, DDoS protection and rate limiting, bot management capabilities — and much more — both at the inner and outer edge.

The outer edge (north-south traffic)

Manage all traffic entering or leaving your infrastructure. This becomes your single, strategic control point for application DDoS protection, web application firewall (WAF), bot management, and unified ingress/egress routing.

The inner edge (east-west traffic)

Connect applications across clusters, clouds, and data centers with explicit, logical routing. Solve overlapping IP address spaces, connect K8s services to legacy VMs, and enable end-to-end mTLS — with unrivaled observability.

Unified ingress and routing

Intelligent external load balancing, multi-cluster routing, direct-to-pod load balancing, and high-performance ingress for Kubernetes apps. Centrally manage all routing, configuration, and security.

Learn more

App DDoS protection

Global rate limiting and comprehensive DDoS protection against transport layer (Layer 4) and application layer (Layer 7) attacks, for any app in any environment.

Learn more

Bot management

Fast, reliable, and flexible bot detection and enforcement, all done locally on your infrastructure. Stops malicious bots and unwanted AI crawlers without affecting friendly bots and human users.

Learn more

Web application firewall

Exceptional accuracy and zero-day threat protection with ultra-low latency, simple management, and customizable profiles for every app and location.

Learn more

TLS termination and mTLS

End-to-end encryption between your clients, HAProxy nodes, and backend servers. mTLS strengthens security for applications, APIs, and zero-trust architectures.

Learn more

Load balancing

High-performance load balancing for TCP, UDP, QUIC, and HTTP-based applications. Reduce strain on your backend resources and boost reliability and performance.

Learn more

API gateway

Deploy dev-friendly API gateways at the edge to provide network-level protection. Support complex API gateway topologies in any environment.

Learn more

Observability

All your traffic, clusters, and clouds in one place. Identify performance, security, and capacity issues before they become a problem.

Learn more
Dive into Universal Mesh

Simplifying modern connectivity

Enable more seamless and secure connectivity and connect systems across different environments, such as business units, cloud regions, and outside partners. Universal Mesh allows both Kubernetes and non-Kubernetes services to communicate seamlessly, no matter where they're located.

Easily implement a streamlined approach to security, observability, and scalability that integrates with existing brownfield services and Kubernetes fundamentals — without altering network fundamentals.

View our KubeCon presentation
haproxy-frank-mancina-kubecon-atlanta
Universal Mesh Benefits

Ensure unified app delivery and build your cloud infrastructure your way

Learn how HAProxy One makes it easier to connect services spanning multiple clouds, without adding unnecessary complexity.

Eliminate the mesh tax

Remove the need for sidecars to drastically reduce resource overhead (CPU, memory) and eliminate extra latency on every request — saving you real money on your cloud bill and compute resources.

Simpler, explicit networking

Govern all north-south and east-west traffic with a single, easy-to-understand architecture. Replace "transparent magic" with explicit routing that's easy to debug.

Easier monitoring and troubleshooting

HAProxy Fusion’s centralized monitoring correlates traffic across boundaries with a single request ID, giving you true end-to-end tracing across clouds.

Deliver apps and services faster

HAProxy Fusion supports self-service via a modern GUI or API — enabling automation for the entire software development lifecycle. Onboard new services in minutes, not months.

paypal2

Building bridges across clouds: the PayPal approach to unified business communication

Watch now
Présentation de la plateforme

Faites-en plus avec HAProxy One

La plateforme de mise à disposition et de sécurité des applications la plus rapide au monde combine de manière fluide un plan de données, un plan de contrôle et un réseau périphérique pour servir les applications, API et services d’IA les plus exigeants dans n’importe quel environnement.

Découvrez HAProxy One

HAProxy Enterprise

Une couche de plan de données flexible qui offre une répartition de charge haute performance, une passerelle API/IA, un routage d’application Kubernetes, le meilleur traitement SSL de sa catégorie et une sécurité multicouche.

HAProxy Fusion Control Plane

Un plan de contrôle évolutif qui offre une gestion, une surveillance et une automatisation sur l’ensemble du cycle de vie pour les déploiements HAProxy Enterprise impliquant plusieurs clusters, plusieurs clouds et plusieurs équipes.

HAProxy Edge

Un réseau périphérique sécurisé qui offre un ADN et une cyberveille mondiaux haute capacité – renforcés par l’apprentissage automatique – qui alimentent les couches de sécurité nouvelle génération de HAProxy Fusion et HAProxy Enterprise.

Une expérience de classe mondiale

Assistance 24 heures sur 24, 7 jours sur 7 fournie par de vraies personnes ! Nous sommes les experts reconnus en ce qui concerne HAProxy – y compris pour les couches périphériques, du plan de données, du plan de contrôle et de sécurité. Nous ferons le maximum pour assurer la réussite de votre déploiement de HAProxy.

What are people saying about HAProxy and universal mesh?

"To achieve high availability, we have multiple HAProxy clusters distributed within each cloud provider for each business unit. Then, we have the GNS Meridian Orchestrator, which uses HAProxy Fusion as a core component. HAProxy Fusion helps manage all these clusters, onboard new frontends or new services, update map files, and help with other operational and observability tasks."

Kalaiyarasan Manoharan Senior Staff Network Engineer at PayPal
En savoir plus

"This solution helped us accelerate the overall PayPal conversion strategy. We have different brands, and we're trying to combine them to give our customers a cohesive experience. This Meridian Services Fabric idea that we built using HAProxy really accelerated our conversions across the business units."

Kalaiyarasan Manoharan Senior Staff Network Engineer at PayPal
En savoir plus
Intégrations et partenariats

Intégrations fluides avec des technologies essentielles

integrations-partners-v3-1750080489.png

Ready to get started with HAProxy universal mesh?

Take control of service-to-service communication across clouds and databases — without adding complexity, excess cost, or fragmentation to your application delivery infrastructure.

Contact us Request a demo