Skip to main content

Envoy

Envoy is an open source (service proxy / L7 proxy) designed for cloud-native applications, providing Hypertext Transfer Protocol (HTTP), HTTP/2, HTTP/3, and Transmission Control Protocol (TCP) proxying, observability, and service-to-service communication control.

  • Layer 4 and Layer 7 (network proxy) for HTTP, HTTP/2, HTTP/3, gRPC, and TCP traffic
  • Service discovery, load balancing, health checking, and outlier detection (service networking)
  • Traffic management features including routing, retries, timeouts, and rate limiting (API gateway / service mesh data plane)
  • Rich observability with distributed tracing, logging, and metrics export (observability / monitoring)
  • Extensible architecture with filters, pluggable extensions, and xDS management APIs (platform extensibility / control plane integration)

More About Envoy

Envoy is an open source edge and service proxy (service networking) designed to operate as a universal data plane for cloud-native applications, microservices, and heterogeneous environments. It targets reliability, observability, and control of service-to-service and inbound traffic, addressing issues that arise when applications communicate over the network in distributed systems.

As a Layer 4 and Layer 7 proxy (network proxy), Envoy supports HTTP, HTTP/2, HTTP/3, gRPC, and raw TCP proxying. It provides advanced routing features such as host- and path-based routing, header-based routing, and traffic splitting, which enterprises use for canary releases, blue/green deployments, and progressive delivery (traffic management). Envoy implements connection pooling, circuit breaking, retries, timeouts, and rate limiting to manage upstream dependencies and improve application behavior under load or partial failure.

Envoy integrates with service discovery systems (service discovery) to dynamically discover upstream endpoints. It supports active and passive health checking and outlier detection (resilience) to remove unhealthy hosts from load balancing pools. Its load balancing capabilities include several algorithms, such as round robin and least request, mapped to different deployment and performance requirements (load balancing).

Envoy exposes a uniform observability surface (observability / monitoring), providing detailed statistics, structured access logs, and integrated support for distributed tracing systems. It exports metrics via standard formats and integrates with tracing backends through built-in tracers, which enterprises use for performance analysis, troubleshooting, and Service Level Objective (SLO) monitoring.

Envoy is built around a pluggable filter chain model (extensibility), where request and response processing passes through filters that can implement authentication, authorization, transformation, and protocol-specific behavior. It supports dynamic configuration via xDS APIs (control plane integration), enabling centralized management by control planes such as service mesh managers or Application Programming Interface (API) gateway controllers. This decoupling of data plane and control plane aligns Envoy with service mesh architectures, where it is commonly deployed as a sidecar proxy next to application workloads or as an edge proxy at the ingress layer.

Envoy is a graduated project of the Cloud Native Computing Foundation (CNCF) and is used in enterprise environments as an ingress gateway, internal service mesh data plane, and general-purpose L4/L7 proxy. In an enterprise directory, Envoy fits under categories such as service mesh data plane, API gateway / L7 proxy, and cloud-native networking and observability infrastructure.