0 views collected around this technical thread.
This article explains how Istio's sidecar proxy uses Envoy, iptables rules, and the xDS API to intercept and redirect traffic between Kubernetes pods, detailing the startup injection, traffic hijacking process, and how configuration is dynamically generated by istiod.
This article explains how Alibaba Cloud Service Mesh (ASM) can be extended using EnvoyFilter, Lua scripts, WebAssembly plugins, External Processing filters, and custom authorization services, detailing their capabilities, limitations, and recommended use cases for cloud‑native microservice environments.
This article shares Soul's two‑year practice of using the cloud‑native Envoy proxy for high‑performance, high‑throughput, and highly available traffic management across north‑south and east‑west flows, covering architecture, dynamic service discovery, load balancing, health checks, WASM extensions, service‑mesh integration, Redis proxying, and future directions.
The Cloud Development gateway’s evolution from a dual‑layer design—separating encryption/decryption from Envoy—to a single‑layer architecture that embeds encryption directly into Envoy filters streamlines traffic handling, strengthens protection against MITM attacks, reduces CPU and operational overhead, and unifies monitoring for a more efficient cloud‑native solution.
The article by delphisfang offers a concise, step‑by‑step guide to mastering Istio’s locality‑aware routing, explaining the three‑evidence learning method, the priority algorithm, required DestinationRule and outlier detection settings, how Envoy discovers locality, and tips for simplifying the Pilot‑Envoy mesh architecture.
This report details Soul's challenges with a multi‑layer gateway chain, evaluates Envoy, MSE and ALB, presents performance test results, outlines short‑term and long‑term migration plans, and shares post‑migration improvements and lessons learned for a cloud‑native gateway solution.
This article shares Tubi’s experience using Elixir‑gRPC in production, covering performance optimizations, stability measures, HTTP/2 edge‑case handling, and practical code examples for efficient Protobuf processing; it also discusses Envoy sidecar integration, interceptor usage, and lessons learned from real‑world deployments.
WebAssembly (Wasm) is a binary instruction format for a stack-based virtual machine, designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications. It offers high efficiency, safety, openness, and standardization, allowing programs to run with near-native performance in web browsers. Wasm addresses the limitations of JavaScript, such as dynamic typing, by providing a more efficient and secure execution environment. It has applications in various scenarios, including AutoCAD, and can be used to extend functionalities in platforms like Envoy.
This article examines how eBPF can enhance service‑mesh data planes, compares four deployment models—including sidecar, node‑shared, service‑account‑shared, and micro‑proxy architectures—and evaluates each model’s memory, isolation, security, and upgrade trade‑offs while emphasizing Envoy’s continued L7 responsibilities.
This article provides a detailed source‑code walkthrough of Envoy's outbound request processing, explaining how the proxy receives client data, parses HTTP requests, selects routes and clusters, forwards traffic upstream, handles retries and shadowing, and finally returns responses to downstream clients.
This article provides an in‑depth analysis of Envoy's outbound request processing, covering listener initialization, the use of SO_REUSEPORT for load distribution, original destination handling, and the detailed steps of connection creation and filter chaining within the Envoy proxy architecture.
This article details Baidu's internal adoption of a service mesh built on Istio and Envoy, covering the motivations, architectural design, low‑invasion integration methods, extreme performance tuning, stability and traffic governance capabilities, surrounding ecosystem tools, and the resulting operational benefits.
Baidu created an internally‑built, Istio‑based service mesh that decouples governance from language‑specific RPCs, offering low‑intrusion integration, ultra‑low latency via a brpc coroutine data plane, advanced fault‑tolerance and fine‑grained traffic scheduling, and now powers over 80 % of its core microservices handling more than a trillion daily requests.
Alibaba’s large‑scale Service Mesh deployment faces challenges such as smooth technology evolution, business‑technical balance, technical debt, massive sidecar operations, and scaling, which it addresses through staged architecture evolution, traffic‑transparent interception, hot upgrades, and open‑source contributions to Istio and Envoy.
This article explains the fundamentals of cloud native computing, introduces service mesh architectures such as Istio and Envoy, explores chaos engineering with Chaos Mesh, and details how eBPF/XDP‑based user‑space container networking can accelerate data‑plane performance in modern microservice environments.
The article explains Microsoft’s Open Service Mesh (OSM), a lightweight, SMI‑compatible service mesh built on Envoy for Kubernetes, covering its design principles, features, deployment steps, and its role in the broader cloud‑native service‑mesh ecosystem.
This article explains Envoy's hot‑restart capability, various dynamic configuration options—including static, SDS/EDS, CDS, RDS, and LDS—and the initialization and drain processes that enable seamless updates and graceful connection handling in cloud‑native deployments.
The article explains Envoy's circuit‑breaking mechanisms, global rate‑limiting integration, and TLS support, detailing configuration options, limits, and example YAML snippets for deploying secure and resilient service‑mesh proxies.
Envoy provides active and passive health checks—including HTTP, L3/L4, and Redis types—configurable intervals and failure thresholds, along with a health‑check filter that can bypass, forward, or cache requests, and detailed connection‑pool handling for HTTP/1.1 and HTTP/2 to ensure reliable service routing.
This article explains Envoy’s service discovery mechanisms—including static, strict DNS, logical DNS, original‑destination, and Service Discovery Service—detailing how they work, their consistency models, and how health‑checking influences routing decisions in production environments.