What is Envoy?

Envoy is an open-source, high-performance edge and service proxy designed for cloud-native applications. Originally developed by Lyft and now part of the Cloud Native Computing Foundation (CNCF), Envoy is a critical building block for modern service meshes, API gateways, and microservices-based architectures.

Envoy acts as a L4/L7 proxy that abstracts networking concerns, enabling reliable, scalable, and observable service-to-service communication.

---

Key Features of Envoy

1. High-Performance Proxy:

2. Envoy is written in C++, ensuring low-latency and high-throughput proxying.

3. Layer 4 (L4) and Layer 7 (L7) Proxy:

4. Supports both transport-level (TCP) and application-level (HTTP/HTTPS) communication.

5. Service Discovery and Load Balancing:

6. Dynamic service discovery and advanced load balancing algorithms (e.g., round-robin, least-request).

7. Observability:

8. Provides detailed metrics, tracing, and logging to monitor service communication.

9. Integrates with tools like Prometheus, Grafana, and Jaeger.

10. Fault Injection and Resilience:

11. Supports retries, circuit breakers, timeouts, and fault injection for improving resilience.

12. mTLS (Mutual TLS):

13. Provides secure communication between services using mutual TLS.

14. Extensibility:

15. Envoy can be extended using filters and works seamlessly with service mesh solutions like Istio.

---

How Envoy Works

Envoy operates as a sidecar proxy alongside application services or as an edge proxy. It intercepts traffic, manages routing, and ensures reliability.

1. Service-to-Service Communication

Envoy handles requests between services in a microservice architecture, managing load balancing, retries, and failures.

2. Observability and Telemetry

Envoy generates telemetry data, including metrics and distributed traces, providing visibility into traffic and performance.

3. API Gateway

At the edge of a system, Envoy serves as an API gateway, managing external requests, rate limiting, and security.

---

Use Cases for Envoy

1. Service Mesh:

2. Envoy acts as a sidecar proxy for communication in service meshes like Istio, Consul, and Linkerd.

3. API Gateway:

4. Envoy can manage external API traffic, handle routing, and enforce security policies.

5. Edge Proxy:

6. Envoy can be deployed at the network edge to handle external traffic and load balancing.

7. Observability and Monitoring:

8. Envoy collects and exposes metrics, logs, and traces for performance monitoring.

9. Resilience:

10. Implements features like retries, timeouts, rate limiting, and circuit breakers to ensure system stability.

---

Example Envoy Configuration

Here is a sample configuration for routing HTTP requests to a backend service:

static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address: { address: 0.0.0.0, port_value: 8080 }
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                codec_type: AUTO
                stat_prefix: ingress_http
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: backend_service
                      domains: ["*"]
                      routes:
                        - match: { prefix: "/" }
                          route: { cluster: backend_cluster }
                http_filters:
                  - name: envoy.filters.http.router

  clusters:
    - name: backend_cluster
      connect_timeout: 0.25s
      type: LOGICAL_DNS
      lb_policy: ROUND_ROBIN
      load_assignment:
        cluster_name: backend_cluster
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address: { address: backend, port_value: 80 }

Explanation:

• Listeners: Define where Envoy listens for incoming requests.
• Routes: Specify routing rules for requests.
• Clusters: Define upstream services where traffic is sent.

---

Why Use Envoy?

• Scalability: Designed for modern, large-scale distributed systems.
• Extensibility: Highly configurable and supports custom extensions.
• Observability: Detailed metrics and tracing for full visibility.
• Resilience: Implements retries, circuit breakers, and load balancing for fault tolerance.
• Compatibility: Integrates seamlessly with service meshes, cloud-native tools, and Kubernetes.

---

Conclusion

Envoy is a versatile, high-performance proxy that enables reliable, observable, and secure communication in modern cloud-native systems. Whether used as an API gateway, edge proxy, or sidecar proxy in a service mesh, Envoy is a powerful tool for managing microservice architectures and distributed systems.