Envoy is an L7 proxy and communication bus for large modern service-oriented architectures. Created by Lyft, it’s the foundation of Istio and Ambassador. And we use it standalone as well.
Why Envoy Instead of nginx¶
nginx is an excellent web server. But for service mesh and microservices you need: dynamic configuration (without reload), native gRPC support, distributed tracing integration, advanced load balancing, circuit breaking. Envoy has all of this natively.
Envoy as Edge Proxy¶
Envoy replaced nginx as our edge proxy. Automatic TLS termination with Let’s Encrypt, HTTP/2 downstream, gRPC-JSON transcoding, rate limiting, JWT validation — everything in one binary.
xDS API — Dynamic Configuration¶
Envoy is configured dynamically via xDS API. New service in the cluster? Control plane updates Envoy configuration without restart. In Kubernetes this is handled by Istio Pilot or standalone control plane like go-control-plane.
Load Balancing Strategies¶
- Round robin: basic, works for homogeneous backends
- Least request: sends to backend with fewest active requests
- Ring hash: consistent hashing for sticky sessions
- Zone-aware: prefers backends in the same AZ
Envoy is the Standard for Cloud-Native Networking¶
Whether as standalone edge proxy, sidecar in service mesh, or foundation for API gateway — Envoy is the most flexible proxy on the market.
Need help with implementation?
Our experts can help with design, implementation, and operations. From architecture to production.
Contact us