What is envoy?

Envoy is an open‑source network proxy designed to sit between services in modern applications. It handles incoming and outgoing traffic, routes requests, balances load, and provides observability, security, and resilience features. Think of it as a smart traffic controller for microservices.

Let's break it down

  • Proxy: A middle‑man that receives network traffic and forwards it to the right destination.
  • Layer 7 (application layer): Envoy works with HTTP/HTTPS, gRPC, and other high‑level protocols, not just raw TCP.
  • Sidecar pattern: In many deployments, each service runs its own Envoy instance alongside it, forming a “sidecar” that manages all its network communication.
  • Control plane: Envoy gets its configuration from a separate system (like Istio or Consul) that tells it how to route traffic.
  • Features: Load balancing, retries, circuit breaking, TLS termination, metrics, tracing, and more.

Why does it matter?

Modern apps are built from many small services that need to talk to each other reliably and securely. Envoy makes this communication easier to manage, improves performance, and helps developers add features like traffic shaping or security without changing the services themselves. It also gives operators visibility into what’s happening across the whole system.

Where is it used?

  • In Kubernetes clusters as a sidecar for each pod (e.g., with service meshes like Istio).
  • As an edge gateway handling traffic from the internet to internal services.
  • In cloud platforms (AWS, GCP, Azure) for load balancing and API gateways.
  • In large companies (Netflix, Lyft, Airbnb) to manage internal service traffic.
  • In any microservice architecture that needs reliable, observable networking.

Good things about it

  • High performance: Written in C++ and designed for low latency.
  • Rich feature set: Load balancing, retries, health checks, TLS, observability, etc., all built‑in.
  • Extensible: Supports plugins and can be configured via APIs or control planes.
  • Cloud‑native: Works well with containers, Kubernetes, and service meshes.
  • Open source: Free to use, with a large community and strong backing from the CNCF.

Not-so-good things

  • Complexity: The many features and configuration options can be overwhelming for beginners.
  • Learning curve: Understanding concepts like sidecars, control planes, and advanced routing takes time.
  • Resource usage: Running an Envoy instance per service adds CPU and memory overhead.
  • Debugging: Misconfigurations can lead to subtle networking issues that are hard to trace.
  • Operational overhead: Requires proper monitoring and management to keep the proxy fleet healthy.