On July 13th Envoy proxy announced the 1.19 release. Envoy is an edge and service proxy that is a fundamental component of the Istio platform. The 1.19 release includes several new features, minor behavior changes, and bug fixes.
Here’s a selection of a couple of new features you can find in Envoy 1.19.
Envoy HTTP bandwidth limit filter
The HTTP bandwidth limit filter allows you to limit the size of data flow to the max bandwidth set through the limit_kpbs field. If the limit is reached the filter will stop the transfer until more bandwidth is available (controlled through the fill_interval setting). Note that the limits will be applied per the Envoy process, not per connection.
Envoy Connection limit filter
Connection limit filter allows limiting L4 connections and protecting resources such as connections, CPU, and memory. The way this filter does that is by making sure every filter chain gets a fair share of connection resources and prevents any single entity from consuming a large number of connections. The filter processes and marks active connections. Once the active connection count reaches the max limit, the connection will be closed without further filter iteration.
Original IP detection extensions
The configuration for the original IP detection extensions got added to the http. The two extensions that were added are the custom header extension and xff extension.
When configured, the extensions are called along with the request headers and information about the downstream connection. Each extension uses these parameters to decide on the request’s effective remote address. If the original IP address cannot be determined and the extension isn’t configured to reject the request, the HCM will try the remaining extensions until one succeeds or rejects the request. If the extensions can’t determine the original IP, HCM will fall back to using the remote address.
Upstream and downstream alpha HTTP/3 support
The alpha support for HTTP/3 protocol was added for downstream (QUIC protocol configuration options) and upstream (in the new http3_protocol_options field).
Asynchronous fetch of JWKs
The async fetch of JWKs allows for asynchronous fetching of JWKs in the main thread before the listener is activated. The fetched JWKs can then be used by all worker threads. This means that the individual worker threads don’t have to fetch the JWKs on their own as the JWKs are ready when the requests come in (i.e. no need to wait for the fetch to happen when the request comes in).
The new release introduces two incompatible behavior changes:
- grpc_bridge_filter: the filter no longer collects grpc stats in favor of the existing grpc stats filter. The behavior can be reverted by changing runtime key envoy.reloadable_features.grpc_bridge_stats_disabled.
- tracing: update Apache SkyWalking tracer version to be compatible with 8.4.0 data collect protocol. This change will introduce an incompatibility with SkyWalking 8.3.0.
You can find the complete list of 1.19 changes in the Envoy release notes.
Envoy 1.19.0 is available from GitHub or from Docker Hub. You can also install and upgrade Envoy using the func-e CLI.