#atom

Modern service proxy designed for cloud-native applications

Core Idea: Envoy is an open-source edge and service proxy designed for cloud-native applications, providing a universal data plane with advanced load balancing, observability, and networking features.

Key Elements

Key Features

• Layer 3/4 (TCP) and Layer 7 (HTTP) proxy
• Advanced load balancing
• Built-in service discovery
• Health checking
• Circuit breaking
• Extensive observability
• Dynamic configuration API
• Edge proxy and service mesh capabilities

Technical Specifications

• Written in C++11 for high performance
• Single-process, multi-threaded architecture
• HTTP/2 and gRPC support
• WebSocket support
• Rate limiting
• TLS termination
• MongoDB, Redis, and DynamoDB L7 filters
• Pluggable filter architecture

Core Architecture Components

• Listeners: Network locations (ports) where Envoy accepts connections
• Filters: Processing pipeline for connection/request handling
• Routes: Rules to match requests to specific clusters
• Clusters: Groups of similar upstream hosts
• Endpoints: Network locations of upstream services
• xDS API: Dynamic configuration protocols

Implementation Example

Basic Envoy configuration (envoy.yaml):

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 10000
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  host_rewrite_literal: www.google.com
                  cluster: service_google
          http_filters:
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  
  clusters:
  - name: service_google
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    dns_lookup_family: V4_ONLY
    load_assignment:
      cluster_name: service_google
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: google.com
                port_value: 443
    transport_socket:
      name: envoy.transport_sockets.tls
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
        sni: www.google.com

Key Use Cases

• API gateway
• Edge proxy for ingress traffic
• Service mesh sidecar proxy
• Microservices communication layer
• Hybrid cloud connectivity
• Observability and monitoring enhancement
• Multi-region load balancing

Observability Features

• Detailed statistics
• Distributed tracing
• Access logging
• Health checking visualization
• Admin interface
• Integration with monitoring systems
• Request sampling

Additional Connections

• Broader Context: Service Mesh, Reverse Proxy
• Applications: Microservices Architecture, Kubernetes Networking
• See Also: Istio (uses Envoy as data plane), Traefik, HAProxy (alternative proxies)

References

1. Envoy official documentation: https://www.envoyproxy.io/docs/
2. "Envoy: Journey from Edge Proxy to Service Mesh" by Matt Klein

#service-mesh #cloud-native #networking #microservices #proxy

Connections:

Sources:

• From: Worklog n8n