Envoy is a popular open-source proxy server that is used with service mesh platforms like Istio to handle traffic management, load balancing and more for cloud-native microservices-based applications.
Envoy’s architecture is built around a modular, “bring your own control plane” approach that is fully flexible, powerful and scalable—and designed for modern dynamic cloud-native deployments. It supports a wide range of features, including HTTP/2, WebSocket, gRPC and other features, including the following.
Out-of-Process Architecture: Envoy proxies form a transparent communication mesh between services and external clients without the service being aware of the network topology. Used as an ingress/egress gateway or as a sidecar in front of service instances, it works with applications written in any language. And, coupled with technologies like Istio service mesh and Envoy Gateway, it is easy to deploy and operate.
L3/L4 Filter Architecture: As an L3/L4 network proxy, Envoy facilitates communication in the network and transport layers. Built-in filters enable users to perform tasks such as serving as a raw TCP proxy, a UDP proxy, an HTTP proxy, TLS and mTLS encryption and more
HTTP L7 Filter Architecture: Envoy facilitates application layer communication and allows teams to use HTTP filters in the HTTP connection management subsystem in order to perform tasks like buffering, routing/forwarding, rate limiting, etc.
HTTP/1.1 and HTTP/2 Support: Envoy’s out-of-the box support for both HTTP/1.1 and HTTP/2 protocols bridge the communication between client and target servers. Envoy also supports gRPC and can be used as the routing and load balancing substrate for gRPC requests and responses.
HTTP/3 Support: Envoy now supports HTTP/3 protocols for both upstream and downstream communication and can translate communication between HTTP/1.1, HTTP/2 and HTTP/3.
HTTP L7 Routing: Envoy provides a routing mechanism to redirect requests based on different parameters, including path, authority, continent time, runtime values and more.
Service Discovery and Dynamic Configuration: Envoy utilizes a layered set of dynamic configuration APIs for service discovery, and these layers provide dynamic updates such as host information, backend clusters, listening sockets, HTTP routing and cryptographic items. Backend host discovery can be made through DNS resolution, with further layers replaced by static configuration files for a simpler deployment.
Health Checking: Envoy’s health checking capability allows users to monitor all the services in clusters. Envoy then automatically load-balances everything accordingly.
Advanced Load Balancing: Envoy delivers advanced load balancing services for distributed applications, including automatic retries, circuit breaking, request shadowing, rate limiting via an external rate-limiting service and outlier detection.
Front/Edge Proxy Support: Envoy is well-suited as an edge proxy for most modern web application use cases, including TLS termination, HTTP (1, 2 & 3) support, and HTTP L7 routing.
Observability: Envoy provides statistics for downstream, upstream and server requests to help operators understand network traffic and server health. Using logging and tracing, SREs and team members can visualize call flows in distributed systems and understand serialization, parallelism and sources of latency.