A service mesh adds a dedicated layer (often sidecar proxies) for service-to-service traffic: mTLS, retries, timeouts, and observability. It’s worth it when you have many services and need consistent networking/security controls, but it adds operational complexity.