Tagged articles

82 articles

Page 1 of 1

May 17, 2026 · Cloud Native

Istio Service Mesh Basics: What Is the Sidecar Pattern and Why Microservices Need It?

The article explains how traditional microservice architectures embed network concerns such as time‑outs, retries, circuit breaking, traffic monitoring and mTLS in application code, why this leads to code coupling, upgrade difficulty and duplicated effort, and how Istio’s sidecar‑based service mesh cleanly separates those concerns while providing traffic management, observability and security features.

EnvoyIstioKubernetes

0 likes · 30 min read

Istio Service Mesh Basics: What Is the Sidecar Pattern and Why Microservices Need It?

Raymond Ops

Apr 19, 2026 · Cloud Native

How to Double K8s Ingress Performance: Nginx vs Envoy Gateway Tuning Guide

This article walks through a real‑world performance bottleneck on a high‑traffic e‑commerce platform, explains step‑by‑step deep tuning of Nginx Ingress Controller, compares it with Envoy Gateway, and provides concrete configurations, benchmark results, monitoring rules, and best‑practice recommendations for Kubernetes Ingress optimization.

EnvoyIngressKubernetes

0 likes · 27 min read

How to Double K8s Ingress Performance: Nginx vs Envoy Gateway Tuning Guide

Ops Community

Apr 5, 2026 · Operations

Choosing the Right Ingress Controller: Nginx, Traefik, or Envoy?

This guide provides a deep technical comparison of Nginx Ingress Controller, Traefik, and Envoy Proxy, covering architecture, configuration, performance, feature sets, deployment patterns, security hardening, monitoring, and troubleshooting to help operators select the best solution for their Kubernetes clusters.

EnvoyIngressKubernetes

0 likes · 28 min read

Choosing the Right Ingress Controller: Nginx, Traefik, or Envoy?

Linux Ops Smart Journey

Mar 3, 2026 · Cloud Native

Prevent Service Avalanches: Configuring Circuit Breaker & Connection Limits in Envoy Gateway

This tutorial explains how to use Envoy Gateway on Kubernetes to implement circuit breaker and connection‑limit policies, walks through the necessary YAML configurations, demonstrates verification with the hey load‑testing tool, and shows how these mechanisms improve system resilience in microservice architectures.

Cloud NativeConnection LimitEnvoy

0 likes · 12 min read

Prevent Service Avalanches: Configuring Circuit Breaker & Connection Limits in Envoy Gateway

DevOps Operations Practice

Dec 29, 2025 · Cloud Native

Why Ingress NGINX Is Retiring and How to Migrate to the Modern Gateway API

Kubernetes announced the deprecation of Ingress NGINX with limited maintenance until March 2026, urging users to adopt the GA‑ready Gateway API—offering better scalability, clear status fields, and native support for AI workloads—while providing migration guidance, code examples, and performance benchmarks.

EnvoyGateway APIIngress

0 likes · 7 min read

Why Ingress NGINX Is Retiring and How to Migrate to the Modern Gateway API

Ray's Galactic Tech

Dec 23, 2025 · Cloud Native

Why Kgateway Is the Future‑Ready, Lightweight Kubernetes Gateway

This guide explains Kgateway’s design as a fully standards‑compliant Kubernetes Gateway API solution, detailing its core features, performance advantages, deployment steps, production best practices, comparison with alternatives, and future roadmap for teams seeking a lightweight, high‑performance ingress and API gateway.

Cloud NativeEnvoyGateway API

0 likes · 8 min read

Why Kgateway Is the Future‑Ready, Lightweight Kubernetes Gateway

ITPUB

Dec 16, 2025 · Backend Development

Nginx vs Envoy: Real‑World Performance Benchmark and Deployment Guide

This article translates and expands Anton Putra's benchmark, detailing how to deploy Nginx and Envoy on AWS with Terraform and Ansible, run HTTP, HTTPS, and gRPC load tests using K6, measure CPU and latency with Prometheus, and compare the resulting throughput and stability of both proxies.

EnvoyK6Load Testing

0 likes · 8 min read

Nginx vs Envoy: Real‑World Performance Benchmark and Deployment Guide

Linux Ops Smart Journey

Dec 11, 2025 · Cloud Native

How to Rewrite URL Paths and Hostnames with Envoy Gateway

This guide shows how to configure Envoy Gateway's URLRewrite filter to transform request prefixes, replace full paths, and rewrite hostnames, providing step‑by‑step YAML examples, kubectl commands, and validation screenshots for microservice integration on Kubernetes.

APICloudNativeEnvoy

0 likes · 4 min read

How to Rewrite URL Paths and Hostnames with Envoy Gateway

Linux Ops Smart Journey

Dec 4, 2025 · Cloud Native

Deploy Envoy Gateway on Kubernetes: A Step‑by‑Step Guide with HTTP Routing

This tutorial walks you through installing Envoy Gateway as a CNCF sandbox project on a Kubernetes cluster, compares it with other gateway solutions, and shows how to configure a simple HTTP route, verify the deployment, and access the service using the Gateway API.

Cloud NativeEnvoyGateway API

0 likes · 8 min read

Deploy Envoy Gateway on Kubernetes: A Step‑by‑Step Guide with HTTP Routing

Linux Ops Smart Journey

Nov 20, 2025 · Cloud Native

Mastering Envoy Request Mirroring: Safe Shadow Testing for Production Traffic

This article explains Envoy's request mirroring feature, shows how it copies live HTTP requests to a test backend without affecting the original response, and provides step‑by‑step configuration examples for mirroring all traffic, selective paths, percentage‑based sampling, and header‑driven routing, plus practical tips and typical use cases.

Cloud NativeEnvoyRequest Mirroring

0 likes · 11 min read

Mastering Envoy Request Mirroring: Safe Shadow Testing for Production Traffic

ITPUB

Nov 18, 2025 · Backend Development

Nginx vs Envoy: Real‑World Performance Benchmark on AWS

This article translates and expands Anton Putra’s Nginx vs. Envoy performance benchmark, detailing the AWS test environment, Terraform and Ansible provisioning, proxy configurations, load‑testing methodology with K6, and the resulting request‑per‑second and latency comparisons across HTTP, HTTPS, and gRPC workloads.

AWSAnsibleEnvoy

0 likes · 8 min read

Nginx vs Envoy: Real‑World Performance Benchmark on AWS

Linux Ops Smart Journey

Sep 25, 2025 · Cloud Native

How to Monitor Envoy Metrics with Prometheus, Grafana, and Nacos

This guide explains how to enable Envoy's admin interface, register the service with Nacos, scrape metrics using Prometheus, and visualize them in Grafana, providing a complete observability pipeline for cloud‑native deployments.

Cloud NativeEnvoyGrafana

0 likes · 4 min read

How to Monitor Envoy Metrics with Prometheus, Grafana, and Nacos

Linux Ops Smart Journey

Sep 22, 2025 · Cloud Native

Mastering Envoy TLS & mTLS: Step-by-Step Configuration for Secure Service Mesh

This guide explains why TLS and mTLS are essential for modern microservice communication, then walks through configuring Envoy for both simple TLS termination and full mutual TLS, covering listeners, clusters, certificate management, and provides runnable examples with verification commands.

Cloud NativeEnvoyMicroservices

0 likes · 9 min read

Mastering Envoy TLS & mTLS: Step-by-Step Configuration for Secure Service Mesh

Linux Ops Smart Journey

Sep 16, 2025 · Cloud Native

Transform Envoy Access Logs: Custom Log Formats for Full Observability

Learn how to replace Envoy's default, limited access log format with a powerful custom configuration using log_format, including JSON output and detailed fields, enabling precise monitoring, tracing, and troubleshooting in modern cloud‑native environments.

Access LogCustom Log FormatEnvoy

0 likes · 13 min read

Transform Envoy Access Logs: Custom Log Formats for Full Observability

Linux Ops Smart Journey

Sep 15, 2025 · Cloud Native

How to Properly Configure Envoy for WebSocket Proxying and Avoid Common Pitfalls

This guide walks through diagnosing Envoy WebSocket proxy issues, explains the required backend environment, provides step‑by‑step configuration snippets, and shows how to verify the setup, ensuring reliable WebSocket traffic in cloud‑native deployments.

ConfigurationEnvoyProxy

0 likes · 5 min read

How to Properly Configure Envoy for WebSocket Proxying and Avoid Common Pitfalls

Linux Ops Smart Journey

Sep 12, 2025 · Cloud Native

Unlock Real Client IPs in Envoy: Step‑by‑Step Configuration Guide

This article explains why backend services often see proxy IPs instead of the true client address in modern cloud‑native architectures, and provides a detailed walkthrough of configuring Envoy—including X‑Forwarded‑For handling, code snippets, testing, and security recommendations—to ensure the original client IP is correctly propagated.

EnvoyIP addressService Mesh

0 likes · 6 min read

Unlock Real Client IPs in Envoy: Step‑by‑Step Configuration Guide

Linux Ops Smart Journey

Sep 11, 2025 · Cloud Native

Mastering Gray Release with Envoy: Weight, Header, and Cookie Routing

This article explains how to implement safe, incremental gray releases in a microservice architecture using Envoy Proxy, covering weight‑based traffic splitting, header‑based canary routing, and cookie‑based routing with full configuration examples and testing commands.

EnvoyService Meshcanary deployment

0 likes · 10 min read

Mastering Gray Release with Envoy: Weight, Header, and Cookie Routing

Linux Ops Smart Journey

Sep 9, 2025 · Operations

Master Envoy Proxy HTTP Routing: From Basic to Advanced URL Rewrites

This article explains how Envoy Proxy’s HTTP Router Filter maps incoming requests to upstream clusters, walks through a basic routing setup, then demonstrates URL‑based routing with path stripping and prefix rewriting, and concludes with strategic insights for cloud‑native operations.

EnvoyHTTP routing

0 likes · 7 min read

Master Envoy Proxy HTTP Routing: From Basic to Advanced URL Rewrites

Linux Ops Smart Journey

Sep 8, 2025 · Cloud Native

How Envoy’s Circuit Breakers and Outlier Detection Stop Service Avalanches

This article explains how Envoy’s circuit‑breaker and outlier‑detection features protect micro‑service architectures from avalanche failures by limiting concurrent connections, ejecting unhealthy instances, and provides configuration examples, testing methods, and best‑practice tips for building resilient cloud‑native systems.

Circuit BreakingCloud NativeEnvoy

0 likes · 11 min read

How Envoy’s Circuit Breakers and Outlier Detection Stop Service Avalanches

Linux Ops Smart Journey

Sep 3, 2025 · Cloud Native

Mastering Envoy: Service Discovery, Load Balancing, and Health Checks Explained

Envoy, the high‑performance edge and service‑mesh proxy, offers three core mechanisms—service discovery, load balancing, and health checking—each with multiple configurable options and code examples, enabling operators and developers to optimize distributed systems for scalability, reliability, and performance in cloud‑native environments.

EnvoyService Meshhealth checks

0 likes · 9 min read

Mastering Envoy: Service Discovery, Load Balancing, and Health Checks Explained

Linux Ops Smart Journey

Sep 1, 2025 · Cloud Native

Master Envoy Proxy in 5 Minutes: Build, Configure, and Test a Service Mesh

This tutorial introduces Envoy Proxy, explains its core building blocks—listeners, routes, clusters, and filters—demonstrates a quick Docker-based setup, and walks through a complete configuration that routes traffic based on URI paths, providing a practical five‑minute overview of service‑mesh fundamentals.

Cloud NativeDockerEnvoy

0 likes · 8 min read

Master Envoy Proxy in 5 Minutes: Build, Configure, and Test a Service Mesh

Raymond Ops

Jan 21, 2025 · Cloud Native

How Istio Sidecar Hijacks Traffic: Deep Dive into iptables and xDS

This article explains how Istio's sidecar proxy uses Envoy, iptables rules, and the xDS API to intercept and redirect traffic between Kubernetes pods, detailing the startup injection, traffic hijacking process, and how configuration is dynamically generated by istiod.

EnvoyIstioService Mesh

0 likes · 19 min read

How Istio Sidecar Hijacks Traffic: Deep Dive into iptables and xDS

Alibaba Cloud Infrastructure

Jan 13, 2025 · Cloud Native

Extending Alibaba Cloud Service Mesh (ASM): EnvoyFilter, Lua, Wasm, External Processing, and Custom Authorization Services

This article explains how Alibaba Cloud Service Mesh (ASM) can be extended using EnvoyFilter, Lua scripts, WebAssembly plugins, External Processing filters, and custom authorization services, detailing their capabilities, limitations, and recommended use cases for cloud‑native microservice environments.

ASMCloud NativeEnvoy

0 likes · 11 min read

Extending Alibaba Cloud Service Mesh (ASM): EnvoyFilter, Lua, Wasm, External Processing, and Custom Authorization Services

Alibaba Cloud Native

Dec 23, 2024 · Cloud Native

Why Do Envoy Gateways Return 404 When :authority and SNI Mismatch in HTTP/2?

In many Envoy‑based gateways, enabling HTTP/2 can cause intermittent 404 errors because the :authority header and the TLS SNI value differ, especially when using wildcard certificates and multi‑domain routing, and this article explains the root cause and multiple mitigation strategies.

421Cloud NativeEnvoy

0 likes · 14 min read

Why Do Envoy Gateways Return 404 When :authority and SNI Mismatch in HTTP/2?

Soul Technical Team

Sep 30, 2024 · Cloud Native

Practical Experience with Envoy in Soul: Cloud‑Native Traffic Management and Service Mesh

This article shares Soul's two‑year practice of using the cloud‑native Envoy proxy for high‑performance, high‑throughput, and highly available traffic management across north‑south and east‑west flows, covering architecture, dynamic service discovery, load balancing, health checks, WASM extensions, service‑mesh integration, Redis proxying, and future directions.

Cloud NativeEnvoyKubernetes

0 likes · 14 min read

Practical Experience with Envoy in Soul: Cloud‑Native Traffic Management and Service Mesh

Tencent Cloud Developer

Jul 23, 2024 · Cloud Native

Design Evolution of Cloud Development Gateway: From Dual‑Layer to Single‑Layer Architecture

The Cloud Development gateway’s evolution from a dual‑layer design—separating encryption/decryption from Envoy—to a single‑layer architecture that embeds encryption directly into Envoy filters streamlines traffic handling, strengthens protection against MITM attacks, reduces CPU and operational overhead, and unifies monitoring for a more efficient cloud‑native solution.

EnvoyMicroservicesencryption

0 likes · 14 min read

Design Evolution of Cloud Development Gateway: From Dual‑Layer to Single‑Layer Architecture

MaGe Linux Operations

May 12, 2024 · Cloud Native

How Istio’s Sidecar Hijacks Traffic: A Deep Dive into Service Mesh Mechanics

This article explains what Istio and its sidecar proxy are, how they are injected into Kubernetes pods, the iptables rules they use to hijack traffic, the xDS APIs that drive dynamic configuration, and how to inspect the resulting Envoy settings.

EnvoyIstioKubernetes

0 likes · 19 min read

How Istio’s Sidecar Hijacks Traffic: A Deep Dive into Service Mesh Mechanics

Mike Chen's Internet Architecture

Apr 28, 2024 · Cloud Native

Service Mesh Explained: Sidecars, Architecture, and Top Tools (Istio, Linkerd, Envoy)

This article explains the concept of Service Mesh, its sidecar architecture, and why it’s essential for cloud‑native microservices, then compares leading implementations such as Istio, Linkerd, and Envoy, highlighting their features and deployment models.

EnvoyIstioLinkerd

0 likes · 8 min read

Service Mesh Explained: Sidecars, Architecture, and Top Tools (Istio, Linkerd, Envoy)

MaGe Linux Operations

Jan 30, 2024 · Backend Development

How Does Envoy Proxy Process a Request? A Deep Dive into Its Lifecycle

This article walks through the complete lifecycle of a request handled by Envoy, covering terminology, network topology, configuration details, listener and filter chain processing, TLS transport sockets, HTTP/2 encoding/decoding, routing, load balancing, and post‑request cleanup, illustrated with diagrams and sample YAML configuration.

EnvoyProxyRequest Lifecycle

0 likes · 24 min read

How Does Envoy Proxy Process a Request? A Deep Dive into Its Lifecycle

Alibaba Cloud Native

Jan 19, 2024 · Cloud Native

Why Sealos Chose Higress: A Deep Dive into Cloud‑Native Gateway Evaluation

Sealos public cloud faced massive multi‑tenant Ingress demands, security concerns, and performance bottlenecks, leading the team to systematically test Nginx, Envoy, APISIX, Cilium, Envoy Gateway, and finally adopt Higress for its stability, fast route activation, and low resource footprint.

EnvoyHigressIngress

0 likes · 10 min read

Why Sealos Chose Higress: A Deep Dive into Cloud‑Native Gateway Evaluation

MaGe Linux Operations

Jan 8, 2024 · Cloud Native

How to Install, Configure, and Run Envoy as a Front‑End Proxy on Ubuntu

This guide walks you through installing the Envoy proxy on Ubuntu, creating a YAML configuration with listeners, filters, clusters, and routes, running the service, and testing it with curl and a simple Python HTTP server to verify traffic forwarding.

EnvoyProxyUbuntu

0 likes · 12 min read

How to Install, Configure, and Run Envoy as a Front‑End Proxy on Ubuntu

MaGe Linux Operations

Dec 11, 2023 · Cloud Native

How Istio Extends Kubernetes: Service Mesh, Envoy, and Traffic Management

This article explains why Istio runs on Kubernetes, compares their roles in cloud‑native architectures, details how Istio extends Kubernetes with Envoy sidecars and xDS, and examines traffic management, load balancing, and the advantages and drawbacks of using a service mesh alongside kube‑proxy.

Cloud NativeEnvoyIstio

0 likes · 13 min read

How Istio Extends Kubernetes: Service Mesh, Envoy, and Traffic Management

Tencent Music Tech Team

Oct 31, 2023 · Cloud Native

Advanced Istio Best Practices – Locality Routing and Service Mesh Optimization

The article by delphisfang offers a concise, step‑by‑step guide to mastering Istio’s locality‑aware routing, explaining the three‑evidence learning method, the priority algorithm, required DestinationRule and outlier detection settings, how Envoy discovers locality, and tips for simplifying the Pilot‑Envoy mesh architecture.

EnvoyIstioKubernetes

0 likes · 17 min read

Advanced Istio Best Practices – Locality Routing and Service Mesh Optimization

AI Cyberspace

Jul 5, 2023 · Cloud Native

From Service Mesh 1.0 to 2.0: Solving Envoy Pain Points and Shaping the Future

This article traces the evolution of service mesh from its early concepts through microservice 1.0 and 2.0, analyzes the shortcomings of Envoy‑based sidecars, and explores future directions such as Go‑based data planes, WASM plugins, eBPF/VPP acceleration, QUIC transport, and on‑demand xDS delivery.

EnvoyQUICService Mesh

0 likes · 17 min read

From Service Mesh 1.0 to 2.0: Solving Envoy Pain Points and Shaping the Future

Alibaba Cloud Native

May 29, 2023 · Cloud Native

Why Higress 1.0 Is the Next‑Gen Cloud‑Native Gateway for Kubernetes

Higress 1.0, the GA‑ready open‑source cloud‑native gateway, unifies traffic, security and microservice routing on Kubernetes by leveraging Envoy, hot‑update capabilities, extensive service‑discovery, Wasm plugins and Helm deployment, while detailing its evolution, technical advantages, performance benchmarks, and community roadmap.

Cloud NativeEnvoyIngress

0 likes · 17 min read

Why Higress 1.0 Is the Next‑Gen Cloud‑Native Gateway for Kubernetes

Cloud Native Technology Community

Mar 16, 2023 · Cloud Native

How Intel and F5 Enabled Dual‑Stack Support in Istio 1.17

This article details the collaborative effort between Intel and F5 to redesign and implement dual‑stack networking support in Istio 1.17, covering the background challenges, new RFC design, key Envoy changes, step‑by‑step experimental setup, listener and endpoint modifications, and ways for the community to contribute.

Cloud NativeDual-StackEnvoy

0 likes · 11 min read

How Intel and F5 Enabled Dual‑Stack Support in Istio 1.17

Soul Technical Team

Feb 7, 2023 · Cloud Native

Technical Case Study of Migrating Soul's Multi‑Layer Ingress Architecture to Alibaba Cloud Native Gateway (MSE)

This report details Soul's challenges with a multi‑layer gateway chain, evaluates Envoy, MSE and ALB, presents performance test results, outlines short‑term and long‑term migration plans, and shares post‑migration improvements and lessons learned for a cloud‑native gateway solution.

EnvoyIngressKubernetes

0 likes · 10 min read

Technical Case Study of Migrating Soul's Multi‑Layer Ingress Architecture to Alibaba Cloud Native Gateway (MSE)

Bitu Technology

Jan 11, 2023 · Backend Development

Optimizing Performance, Stability, and Edge Cases of Elixir‑gRPC Services in Production

This article shares Tubi’s experience using Elixir‑gRPC in production, covering performance optimizations, stability measures, HTTP/2 edge‑case handling, and practical code examples for efficient Protobuf processing; it also discusses Envoy sidecar integration, interceptor usage, and lessons learned from real‑world deployments.

ElixirEnvoyHTTP/2

0 likes · 13 min read

Optimizing Performance, Stability, and Edge Cases of Elixir‑gRPC Services in Production

Open Source Linux

Dec 2, 2022 · Cloud Native

Deep Dive into Istio’s Networking: How Sidecar Injection Works in Kubernetes

This article explains Istio’s core networking concepts, detailing how sidecar and init containers are injected into a Kubernetes cluster, the roles of the data and control planes, and provides step‑by‑step commands and YAML examples for manual and automatic sidecar injection.

Cloud NativeEnvoyIstio

0 likes · 17 min read

Deep Dive into Istio’s Networking: How Sidecar Injection Works in Kubernetes

dbaplus Community

Nov 5, 2022 · Backend Development

How Bilibili Scaled Live Streaming from LAMP to a Multi‑Million‑User Microservice Platform

This article chronicles Bilibili Live's eight‑year journey from a simple LAMP monolith to a sophisticated microservice architecture, detailing the migration to Swoole‑based services, Docker containerization, Golang adoption, hot‑key handling, request amplification mitigation, and the creation of a high‑performance Envoy‑based gateway.

BilibiliDockerEnvoy

0 likes · 25 min read

How Bilibili Scaled Live Streaming from LAMP to a Multi‑Million‑User Microservice Platform

政采云技术

Sep 27, 2022 · Frontend Development

Understanding WebAssembly: A Deep Dive into Its Concepts and Applications

WebAssembly (Wasm) is a binary instruction format for a stack-based virtual machine, designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications. It offers high efficiency, safety, openness, and standardization, allowing programs to run with near-native performance in web browsers. Wasm addresses the limitations of JavaScript, such as dynamic typing, by providing a more efficient and secure execution environment. It has applications in various scenarios, including AutoCAD, and can be used to extend functionalities in platforms like Envoy.

AutoCADEnvoyJavaScript optimization

0 likes · 10 min read

Understanding WebAssembly: A Deep Dive into Its Concepts and Applications

Alibaba Cloud Native

May 22, 2022 · Cloud Native

How Alibaba Evolved Envoy Gateway from 1.0 to 3.0: A Cloud‑Native Journey

This article chronicles Alibaba's three‑stage evolution of Envoy Gateway—from the 1.0 incubation that powered Double‑11 traffic, through the 2.0 growth phase adding north‑south routing and hybrid‑cloud support, to the mature 3.0 release that unifies traffic and micro‑service gateways with high performance and community‑driven extensions.

AlibabaCloud NativeEnvoy

0 likes · 8 min read

How Alibaba Evolved Envoy Gateway from 1.0 to 3.0: A Cloud‑Native Journey

Cloud Native Technology Community

Mar 22, 2022 · Cloud Native

Evaluating eBPF’s Role in Service Mesh Data Plane: Architecture Trade‑offs

This article examines how eBPF can enhance service‑mesh data planes, compares four deployment models—including sidecar, node‑shared, service‑account‑shared, and micro‑proxy architectures—and evaluates each model’s memory, isolation, security, and upgrade trade‑offs while emphasizing Envoy’s continued L7 responsibilities.

Cloud NativeData PlaneEnvoy

0 likes · 11 min read

Evaluating eBPF’s Role in Service Mesh Data Plane: Architecture Trade‑offs

Cloud Native Technology Community

Mar 9, 2022 · Backend Development

Envoy Outbound Request Flow: Source‑Code Analysis of Receiving, Sending, and Responding

This article provides a detailed source‑code walkthrough of Envoy's outbound request processing, explaining how the proxy receives client data, parses HTTP requests, selects routes and clusters, forwards traffic upstream, handles retries and shadowing, and finally returns responses to downstream clients.

EnvoyHTTPProxy

0 likes · 26 min read

Envoy Outbound Request Flow: Source‑Code Analysis of Receiving, Sending, and Responding

Cloud Native Technology Community

Mar 2, 2022 · Backend Development

Envoy Outbound Request Flow: Listener Startup, ReusePort Configuration, and Connection Establishment

This article provides an in‑depth analysis of Envoy's outbound request processing, covering listener initialization, the use of SO_REUSEPORT for load distribution, original destination handling, and the detailed steps of connection creation and filter chaining within the Envoy proxy architecture.

EnvoyService Meshc++

0 likes · 12 min read

Envoy Outbound Request Flow: Listener Startup, ReusePort Configuration, and Connection Establishment

Cloud Native Technology Community

Feb 23, 2022 · Cloud Native

How Envoy Hijacks Traffic: Deep Dive into iptables Sidecar Mode

This article provides a detailed technical analysis of Envoy's traffic hijacking mechanisms, covering sidecar and gateway modes, REDIRECT and TPROXY interception, iptables rule generation, port handling, conntrack limitations, and eBPF acceleration within Kubernetes service meshes.

EnvoyKubernetesRedirect

0 likes · 10 min read

How Envoy Hijacks Traffic: Deep Dive into iptables Sidecar Mode

Ops Development Stories

Sep 23, 2021 · Cloud Native

Mastering CORS Filters in Istio: Configure Envoy for Secure Cross‑Origin Requests

This guide explains what an Envoy CORS filter is, details its configuration options, and provides step‑by‑step VirtualService and EnvoyFilter examples for simple, credentialed, prefix, regex, exposed‑header, non‑simple requests and shadow logging in Istio.

CORSCloud NativeEnvoy

0 likes · 16 min read

Mastering CORS Filters in Istio: Configure Envoy for Secure Cross‑Origin Requests

Baidu Intelligent Testing

Aug 31, 2021 · Cloud Native

Baidu's Internal Service Mesh Practice: Architecture, Challenges, and Optimizations

This article details Baidu's internal adoption of a service mesh built on Istio and Envoy, covering the motivations, architectural design, low‑invasion integration methods, extreme performance tuning, stability and traffic governance capabilities, surrounding ecosystem tools, and the resulting operational benefits.

EnvoyIstioService Mesh

0 likes · 17 min read

Baidu's Internal Service Mesh Practice: Architecture, Challenges, and Optimizations

Baidu Geek Talk

Jun 9, 2021 · Cloud Native

Baidu's Internal Service Mesh Practice: Architecture, Challenges, and Performance Optimizations

Baidu created an internally‑built, Istio‑based service mesh that decouples governance from language‑specific RPCs, offering low‑intrusion integration, ultra‑low latency via a brpc coroutine data plane, advanced fault‑tolerance and fine‑grained traffic scheduling, and now powers over 80 % of its core microservices handling more than a trillion daily requests.

EnvoyIstioMicroservices

0 likes · 17 min read

Baidu's Internal Service Mesh Practice: Architecture, Challenges, and Performance Optimizations

Alibaba Cloud Native

Mar 4, 2021 · Cloud Native

Deploy Wasm Filters to Alibaba Cloud Service Mesh with ORAS and Envoy

This guide explains how to push WebAssembly modules to an OCI‑compatible ACR registry using the ORAS client, enable Wasm support in Alibaba Cloud Service Mesh (ASM), and deploy Envoy filters via the ASMFilterDeployment CRD, covering Envoy filter types, pros and cons of Wasm, required CLI commands, and verification steps.

Alibaba CloudEnvoyKubernetes

0 likes · 18 min read

Deploy Wasm Filters to Alibaba Cloud Service Mesh with ORAS and Envoy

Programmer DD

Feb 21, 2021 · Cloud Native

How to Build a Fast Docker Registry Proxy in China with Kubernetes and Envoy

This guide shows how to set up a self‑hosted Docker registry proxy using Docker's registry image, Kubernetes (k3s), and Envoy to accelerate access to public image repositories like gcr.io, quay.io, and Docker Hub from within China, covering prerequisites, custom Dockerfile, deployment manifests, Envoy configuration, authentication, and cache cleanup.

Cloud NativeContainer RegistryDocker

0 likes · 22 min read

How to Build a Fast Docker Registry Proxy in China with Kubernetes and Envoy

Full-Stack DevOps & Kubernetes

Sep 26, 2020 · Cloud Native

How Istio’s Control and Data Planes Power Modern Service Meshes

This article explains Istio’s architecture, detailing how its control‑plane components (Pilot, Mixer, Citadel, Galley) manage traffic, policies, and security while the Envoy sidecar forms the data plane, and it walks through static and dynamic configuration methods with concrete examples.

Cloud NativeControl PlaneData Plane

0 likes · 27 min read

How Istio’s Control and Data Planes Power Modern Service Meshes

Alibaba Cloud Native

Sep 24, 2020 · Cloud Native

Tackling Ultra‑Large‑Scale Service Mesh Deployment: Lessons from Alibaba

This article details Alibaba's practical experience deploying Service Mesh at massive scale, covering architectural evolution, key challenges, traffic interception, hot‑upgrade mechanisms, performance optimizations, and operational tooling that together enable reliable, low‑overhead service communication in a cloud‑native environment.

Cloud NativeEnvoyIstio

0 likes · 22 min read

Tackling Ultra‑Large‑Scale Service Mesh Deployment: Lessons from Alibaba

Cloud Native Technology Community

Sep 24, 2020 · Cloud Native

How Envoy 1.15’s New Postgres Plugin Enables Zero‑Config Observability

Envoy 1.15 introduces a Postgres filter that transparently parses the PostgreSQL wire protocol, extracts rich metrics without any server‑side changes, and exports them to Prometheus, while outlining its design goals, current capabilities, usage steps, limitations, and future roadmap.

Cloud NativeEnvoyPostgres

0 likes · 11 min read

How Envoy 1.15’s New Postgres Plugin Enables Zero‑Config Observability

Full-Stack Internet Architecture

Sep 15, 2020 · Cloud Native

Challenges and Solutions for Large-Scale Service Mesh Deployment at Alibaba

Alibaba’s large‑scale Service Mesh deployment faces challenges such as smooth technology evolution, business‑technical balance, technical debt, massive sidecar operations, and scaling, which it addresses through staged architecture evolution, traffic‑transparent interception, hot upgrades, and open‑source contributions to Istio and Envoy.

Cloud NativeEnvoyIstio

0 likes · 19 min read

Challenges and Solutions for Large-Scale Service Mesh Deployment at Alibaba

Yanxuan Tech Team

Sep 7, 2020 · Backend Development

How Yanxuan Evolved Its API Gateway from Kong to Cloud‑Native Envoy

This article chronicles Yanxuan's API gateway evolution—from the early ServiceMesh 1.0 and Ianus (Kong‑based) gateway, through edge‑gateway transitions, to the cloud‑native Envoy gateway—detailing architecture choices, deployment patterns, plugin development, and the operational benefits gained.

EnvoyKongapi-gateway

0 likes · 15 min read

How Yanxuan Evolved Its API Gateway from Kong to Cloud‑Native Envoy

Xueersi Online School Tech Team

Aug 28, 2020 · Cloud Native

Understanding Cloud Native: Service Mesh, Chaos Engineering, and User‑Space Container Networking with eBPF/XDP

This article explains the fundamentals of cloud native computing, introduces service mesh architectures such as Istio and Envoy, explores chaos engineering with Chaos Mesh, and details how eBPF/XDP‑based user‑space container networking can accelerate data‑plane performance in modern microservice environments.

Cloud NativeEnvoyIstio

0 likes · 12 min read

Understanding Cloud Native: Service Mesh, Chaos Engineering, and User‑Space Container Networking with eBPF/XDP

Cloud Native Technology Community

Aug 17, 2020 · Cloud Native

Introducing Open Service Mesh (OSM): A Lightweight, Extensible Service Mesh for Kubernetes

The article explains Microsoft’s Open Service Mesh (OSM), a lightweight, SMI‑compatible service mesh built on Envoy for Kubernetes, covering its design principles, features, deployment steps, and its role in the broader cloud‑native service‑mesh ecosystem.

Cloud NativeEnvoyKubernetes

0 likes · 11 min read

Introducing Open Service Mesh (OSM): A Lightweight, Extensible Service Mesh for Kubernetes

Alibaba Cloud Developer

Jul 27, 2020 · Cloud Native

What Is a Service Mesh? Origins, Benefits, and Leading Implementations

This article explains the concept of Service Mesh, why it emerged from micro‑service challenges, its evolution, and compares the main open‑source implementations such as Linkerd, Envoy, Istio, and Conduit, helping readers grasp its role in modern cloud‑native architectures.

Cloud NativeEnvoyIstio

0 likes · 19 min read

What Is a Service Mesh? Origins, Benefits, and Leading Implementations

Programmer DD

Jun 15, 2020 · Cloud Native

Why Envoy Is the Go-To L7 Proxy for Modern Cloud‑Native Architectures

This article explains how Envoy, a lightweight high‑performance L7 proxy and communication bus, provides non‑intrusive sidecar architecture, multi‑layer networking, HTTP/2 support, dynamic configuration, gRPC and special protocol handling, and built‑in observability for cloud‑native systems.

Cloud NativeEnvoyL7 Proxy

0 likes · 5 min read

Why Envoy Is the Go-To L7 Proxy for Modern Cloud‑Native Architectures

Alibaba Cloud Native

May 14, 2020 · Cloud Native

How RocketMQ Becomes Service‑Mesh Ready: Challenges, Solutions, and Future Work

This article explains how RocketMQ’s network filter was merged into the CNCF Envoy project, details the message flow and stateful networking challenges within a service mesh, describes on‑demand CDS handling, and outlines future enhancements such as Pull support and broker‑side proxying.

CDSCloud NativeEnvoy

0 likes · 13 min read

How RocketMQ Becomes Service‑Mesh Ready: Challenges, Solutions, and Future Work

Programmer DD

May 13, 2020 · Cloud Native

Mastering Envoy: A Comprehensive Guide to Architecture and Configuration

Explore the fundamentals of Envoy, the lightweight L7 proxy for modern SOA architectures, through a detailed walkthrough of its architecture, configuration structure, filter chain, and key components such as xDS, listeners, clusters, and runtime settings, illustrated with diagrams and practical examples.

Cloud NativeConfigurationEnvoy

0 likes · 7 min read

Mastering Envoy: A Comprehensive Guide to Architecture and Configuration

Architects Research Society

Mar 26, 2020 · Cloud Native

Envoy Hot Restart and Dynamic Configuration Overview

This article explains Envoy's hot‑restart capability, various dynamic configuration options—including static, SDS/EDS, CDS, RDS, and LDS—and the initialization and drain processes that enable seamless updates and graceful connection handling in cloud‑native deployments.

Cloud NativeDynamic ConfigurationEnvoy

0 likes · 10 min read

Envoy Hot Restart and Dynamic Configuration Overview

Architects Research Society

Mar 23, 2020 · Cloud Native

Circuit Breaking, Global Rate Limiting, and TLS Configuration in Envoy

The article explains Envoy's circuit‑breaking mechanisms, global rate‑limiting integration, and TLS support, detailing configuration options, limits, and example YAML snippets for deploying secure and resilient service‑mesh proxies.

Circuit BreakingCloud NativeEnvoy

0 likes · 7 min read

Circuit Breaking, Global Rate Limiting, and TLS Configuration in Envoy

Architects Research Society

Mar 20, 2020 · Operations

Envoy Health Checks: Active, Passive, Filters, and Connection‑Pool Interaction

Envoy provides active and passive health checks—including HTTP, L3/L4, and Redis types—configurable intervals and failure thresholds, along with a health‑check filter that can bypass, forward, or cache requests, and detailed connection‑pool handling for HTTP/1.1 and HTTP/2 to ensure reliable service routing.

Connection PoolEnvoyService Mesh

0 likes · 7 min read

Envoy Health Checks: Active, Passive, Filters, and Connection‑Pool Interaction

Architects Research Society

Mar 19, 2020 · Cloud Native

Service Discovery in Envoy: Types, Consistency Models, and Health‑Check Routing

This article explains Envoy’s service discovery mechanisms—including static, strict DNS, logical DNS, original‑destination, and Service Discovery Service—detailing how they work, their consistency models, and how health‑checking influences routing decisions in production environments.

Cloud NativeDNSEnvoy

0 likes · 8 min read

Service Discovery in Envoy: Types, Consistency Models, and Health‑Check Routing

Architects Research Society

Mar 15, 2020 · Cloud Native

Key Terminology and Architecture Overview of the Envoy Proxy

This article explains Envoy's core terminology, thread model, listener architecture, network (L3/L4) filters, HTTP connection manager, and routing configuration, providing a concise technical overview of how the service proxy operates within cloud‑native environments.

Cloud NativeEnvoyHTTP

0 likes · 9 min read

Key Terminology and Architecture Overview of the Envoy Proxy

Programmer DD

Dec 14, 2019 · Cloud Native

How Alibaba Scaled Service Mesh for Double‑11: Architecture, Challenges & Performance

This article details Alibaba's large‑scale Service Mesh deployment for Double‑11 core applications, covering the three‑plane architecture, key challenges such as SDK‑free mesh, complex routing, rate limiting, Envoy overhead, and the performance impact on latency, CPU and memory, while outlining future roadmap and open‑source collaboration.

AlibabaCloud NativeEnvoy

0 likes · 13 min read

How Alibaba Scaled Service Mesh for Double‑11: Architecture, Challenges & Performance

Alibaba Cloud Native

Dec 10, 2019 · Cloud Native

How Alibaba Scaled Service Mesh for Double‑11: Architecture, Challenges, and Performance

This article details Alibaba's large‑scale deployment of a Service Mesh for the Double‑11 shopping event, covering the underlying architecture, four key technical challenges, the solutions implemented with Envoy, Istio, and Sentinel, and the resulting performance impact on latency, CPU, and memory.

AlibabaEnvoyIstio

0 likes · 13 min read

How Alibaba Scaled Service Mesh for Double‑11: Architecture, Challenges, and Performance

Xueersi Online School Tech Team

Nov 15, 2019 · Cloud Native

Understanding Service Mesh: Evolution, Architecture, and Future Challenges

This article provides a comprehensive overview of Service Mesh technology, covering its origins, the problems it solves in microservice governance, architectural patterns such as sidecar and local gateways, the evolution from early projects like Linkerd to modern solutions like Istio and Envoy, and the remaining performance, portability, and standardization challenges that shape its future.

Cloud NativeEnvoyIstio

0 likes · 34 min read

Understanding Service Mesh: Evolution, Architecture, and Future Challenges

Programmer DD

Oct 21, 2019 · Cloud Native

Deploy a Static Hugo Blog with Podman, Envoy Sidecar, and Systemd

This guide explains how to replace Docker with Podman for hosting a static Hugo site, using a sidecar Envoy proxy, shared network namespaces, Kubernetes‑compatible pod definitions, and systemd services to achieve automatic startup and reliable service discovery.

EnvoyHugoKubernetes

0 likes · 15 min read

Deploy a Static Hugo Blog with Podman, Envoy Sidecar, and Systemd

Programmer DD

Sep 30, 2019 · Cloud Native

What’s New in Istio 1.3? Key Features and Improvements Unveiled

Istio 1.3 introduces automatic protocol detection, no‑Mixer telemetry, removal of required containerPort declarations, enhanced custom Envoy configuration, region‑aware load balancing and numerous monitoring and debugging improvements, all while keeping the service mesh transparent to applications.

EnvoyIstioKubernetes

0 likes · 6 min read

What’s New in Istio 1.3? Key Features and Improvements Unveiled

Programmer DD

Sep 10, 2019 · Cloud Native

How to Deploy and Monitor Contour Ingress Controller with Envoy on Kubernetes

This tutorial explains how to install the Contour Ingress controller backed by Envoy on Kubernetes, configure IngressRoute resources, examine Envoy's static and dynamic configuration, and integrate Prometheus and Grafana monitoring with proper RBAC and ServiceMonitor setup.

ContourEnvoyGrafana

0 likes · 19 min read

How to Deploy and Monitor Contour Ingress Controller with Envoy on Kubernetes

Cloud Native Technology Community

Jun 13, 2019 · Cloud Native

How Envoy’s Filter Chain Powers Istio’s Service Mesh: A Deep Dive

This article provides a detailed analysis of Envoy’s filter architecture within Istio 1.1, explaining the async event model, each filter type, their registration interfaces, and the key processing steps from listener selection to load‑balancing and Mixer integration.

Cloud NativeEnvoyFilter Chain

0 likes · 9 min read

How Envoy’s Filter Chain Powers Istio’s Service Mesh: A Deep Dive

360 Tech Engineering

May 16, 2019 · Cloud Native

Introduction to Istio Service Mesh and the Pilot Component Architecture

This article introduces the fundamentals of Istio as a service mesh, explains its data‑plane and control‑plane architecture, and details the roles of the Pilot component—including pilot‑agent and pilot‑discovery—in providing service discovery, traffic management, and integration with Kubernetes for microservice deployments.

EnvoyIstioKubernetes

0 likes · 7 min read

Introduction to Istio Service Mesh and the Pilot Component Architecture

Fangduoduo Tech

Jan 13, 2019 · Cloud Native

How Service Mesh Revolutionized Cloud‑Native Architecture at FangDuoduo

This article explains what a Service Mesh is, how FangDuoduo adopted Envoy and macvlan/overlay networks to solve Dubbo IP registration issues, built an XDS configuration service for both containers and VMs, and dramatically improved development efficiency and infrastructure agility.

EnvoyService MeshxDS

0 likes · 7 min read

How Service Mesh Revolutionized Cloud‑Native Architecture at FangDuoduo

High Availability Architecture

May 24, 2018 · Backend Development

Building a Consistent‑Hashing Router with Nginx, Redis Protocol, and Go for High‑Performance Load Balancing

The article describes how the Nitro team designed and implemented a Go‑based consistent‑hashing router that leverages Nginx, the Redis protocol, Envoy sidecars, and Mesos to provide low‑latency, high‑throughput request routing and caching for compute‑intensive services.

EnvoyMesosNginx

0 likes · 9 min read

Building a Consistent‑Hashing Router with Nginx, Redis Protocol, and Go for High‑Performance Load Balancing

Architects Research Society

Jan 16, 2018 · Cloud Native

Recommended Envoy Deployment Types for Service Mesh Scenarios

This article outlines three increasingly complex Envoy deployment patterns for service‑mesh environments—service‑to‑service, service with a front‑proxy, and service‑to‑service with front‑proxy and double‑proxy—detailing listener configurations, external service handling, discovery integration, and provided configuration templates.

EnvoyNetworkingProxy Deployment

0 likes · 7 min read

Recommended Envoy Deployment Types for Service Mesh Scenarios

Architects Research Society

Jan 14, 2018 · Databases

Envoy Database Filters: Access Logging, MongoDB, DynamoDB, and Redis Support

Envoy’s extensible filters enable detailed access logging and database sniffing for MongoDB, DynamoDB, and Redis, offering customizable log formats, per‑operation statistics, health checks, and future enhancements such as circuit breaking and retries, while providing configuration guidance for each filter.

Access LoggingDatabase FiltersDynamoDB

0 likes · 6 min read

Envoy Database Filters: Access Logging, MongoDB, DynamoDB, and Redis Support

Architects Research Society

Jan 6, 2018 · Cloud Native

HTTP Filters, Routing, gRPC, and WebSocket Support in Envoy

This article explains Envoy's HTTP filter architecture, routing capabilities, gRPC integration, WebSocket handling, and cluster manager functions, detailing how each component operates without needing knowledge of underlying protocols and how they enable advanced traffic management, observability, and service mesh features.

EnvoyHTTP filtersWebSocket

0 likes · 10 min read

HTTP Filters, Routing, gRPC, and WebSocket Support in Envoy

Architects Research Society

Jan 5, 2018 · Cloud Native

An Overview of Envoy: A Cloud‑Native L7 Proxy and Service Mesh Bus

Envoy is a cloud‑native L7 proxy and communication bus designed for modern service‑oriented architectures, offering out‑of‑process deployment, language‑agnostic operation, modern C++11 implementation, extensive L3/L4 and HTTP L7 filtering, HTTP/2, gRPC, database protocol support, service discovery, health checking, advanced load balancing, edge proxy capabilities, observability, and dynamic configuration.

EnvoyL7 ProxyNetworking

0 likes · 9 min read

An Overview of Envoy: A Cloud‑Native L7 Proxy and Service Mesh Bus

360 Zhihui Cloud Developer

Oct 24, 2017 · Cloud Native

Unlocking Service Mesh: A Deep Dive into Envoy’s Architecture and Deployment

This article introduces Envoy as the core sidecar proxy in Service Mesh, explains its terminology, thread model, filters, routing, health checking, circuit breaking, hot restart, and presents multiple deployment patterns for cloud‑native microservice environments.

Cloud NativeEnvoyIstio

0 likes · 24 min read

Unlocking Service Mesh: A Deep Dive into Envoy’s Architecture and Deployment