Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Service Mesh 2016

Envoy: A New High-Performance Proxy for Modern Infrastructure

K8s Guru
2 min read
#envoy #proxy #microservices #service-mesh
Envoy: A New High-Performance Proxy for Modern Infrastructure

Table of Contents

Introduction

Envoy debuts as a high‑performance, L7‑aware service proxy designed for microservices. It aims to solve traffic management, visibility, and resilience without custom libraries, sitting alongside your services as a sidecar or edge proxy.

Originally built inside Lyft to tame a polyglot microservice architecture, Envoy differentiated itself from established proxies like NGINX and HAProxy by treating observability, resilience, and dynamic config as first-class citizens. Its open sourcing kicked off a wave of service mesh projects that would soon land in the CNCF.

What’s New for 2016

  • L7 Routing: HTTP/2 and gRPC aware routing with retries and timeouts.
  • Observability First: Rich stats, histograms, and distributed tracing hooks.
  • Service Discovery: Dynamic configuration via xDS (REST/GRPC) control APIs.
  • Resilience: Outlier detection, health checks, and circuit‑breaking patterns.
  • Extensible Filters: Layer 4 and Layer 7 filter stacks let you inject auth, rate limiting, or custom logic.

Example Use

  • Deploy Envoy as a sidecar per service to get uniform metrics and tracing.
  • Use it as an ingress/edge proxy with advanced routing and TLS termination.
  • Pair it with a control plane such as Lyft’s management server (a precursor to Istio/Contour) to push cluster and route updates over ADS/gRPC.
  • Start small with a static bootstrap:
static_resources:
  listeners:
  - name: service_ingress
    address:
      socket_address: { address: 0.0.0.0, port_value: 10000 }
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: service_backend }
          http_filters:
          - name: envoy.filters.http.router
  clusters:
  - name: service_backend
    connect_timeout: 0.25s
    hosts: [{ socket_address: { address: 127.0.0.1, port_value: 9000 }}]

Tradeoffs

  • Operating a control plane for dynamic config adds complexity.
  • Migrating from language‑specific clients to sidecars will take time.
  • Batteries‑included service mesh features (policy, telemetry pipelines) require additional projects—Istio and Linkerd are only just beginning to adopt Envoy.

Conclusion

Envoy sets the tone for modern, observable service networking. For Kubernetes users, it pairs naturally with Ingress controllers and service meshes that are beginning to form.