Skip to main content
Taiwan
AIMenta
E

Envoy Proxy

by CNCF

CNCF-graduated high-performance L4/L7 proxy serving as the data plane for Istio and other service meshes, and as a standalone edge proxy for APAC API gateway and load balancing deployments.

Visit Envoy Proxy (opens in new tab) Get a recommendation
AIMenta verdict
Recommended
5/5

"Envoy is the open-source edge and service proxy for APAC engineering teams — L4/L7 load balancing, observability, and filter extensibility. Best for APAC teams building custom API gateways or serving as the data plane for Istio and other APAC service mesh deployments."

Features
7
Use cases
4
Watch outs
4
What it does

Key features

  • Advanced load balancing — round-robin, least-connections, ring hash, Maglev, and zone-aware routing for APAC traffic
  • Filter chain — extensible L4/L7 filter pipeline for custom APAC authentication, rate limiting, and header manipulation
  • HTTP/2 and gRPC — first-class support for modern APAC microservice protocols with protocol translation
  • Distributed tracing — Zipkin/B3 and W3C trace context propagation across APAC service call chains
  • xDS API — standard dynamic configuration API enabling integration with Istio, Consul, and custom APAC control planes
  • WebAssembly filters — language-portable Envoy extensions without recompilation for APAC custom proxy logic
  • Circuit breaking — upstream connection pool limits and outlier detection for APAC service resilience
When to reach for it

Best for

  • APAC platform engineering teams using Istio or other Envoy-based service meshes that need to understand and configure the data plane
  • Engineering teams building custom API gateways on Envoy with APAC-specific routing, authentication, and rate limiting requirements
  • APAC organisations implementing service mesh without a managed control plane — deploying Envoy with a custom or open-source xDS control plane
  • Platform teams needing advanced APAC load balancing (zone-aware routing, consistent hashing) beyond Kubernetes Service capabilities
Don't get burned

Limitations to know

  • ! Envoy has no built-in control plane — APAC teams running standalone Envoy must manage configuration through xDS APIs, static config files, or a control plane like Istio
  • ! Envoy static configuration complexity — the YAML configuration schema for standalone Envoy deployments is verbose and requires deep Envoy knowledge to operate correctly in APAC production
  • ! Envoy resource consumption — the sidecar model deploys Envoy alongside every APAC pod, adding 50–150MB memory overhead per pod compared to Linkerd's Rust proxy
  • ! Envoy is a proxy, not a complete service mesh — APAC teams wanting a full service mesh with certificate management, policy, and visualisation should deploy Istio or Consul rather than standalone Envoy
Context

About Envoy Proxy

Envoy Proxy is a CNCF-graduated high-performance L4/L7 proxy and communication bus, originally developed at Lyft, that serves APAC engineering teams both as the underlying data plane for service mesh deployments (Istio, AWS App Mesh, Consul Connect) and as a standalone edge proxy and API gateway for APAC microservice architectures — providing advanced load balancing, protocol translation, observability, and extensibility through a filter chain architecture.

Envoy's filter chain model — where inbound and outbound traffic passes through a configurable sequence of L4 (network) and L7 (HTTP/gRPC) filters before delivery to upstream services — is the extensibility mechanism that makes Envoy suitable as both a general-purpose proxy and a service mesh data plane. APAC engineering teams extend Envoy with custom filters (written in C++ as native Envoy extensions, or in WebAssembly for language-portable extensions) to implement custom APAC authentication protocols, proprietary rate limiting logic, or region-specific header manipulation.

Envoy's load balancing algorithms — which include round-robin, least-connections, random, ring hash (for consistent hashing), Maglev (for stable connection assignment), and zone-aware load balancing (which prefers routing to APAC endpoints in the same availability zone to reduce cross-AZ latency and cost) — give APAC platform engineering teams precise control over how traffic is distributed across upstream service instances beyond what Kubernetes Services' kube-proxy iptables rules provide.

Envoy's observability model — where every request is instrumented with L7 metrics (request count, response time histograms, upstream connection metrics), access logs (with configurable JSON format for APAC log analytics pipelines), and distributed trace context propagation (injecting Zipkin/B3 or W3C trace headers) — provides APAC platform engineering teams with detailed traffic visibility at the proxy layer. Istio surfaces this data through its control plane; standalone Envoy deployments expose Envoy's admin endpoint and statsd sink for APAC observability pipeline integration.

Envoy's xDS (discovery service) API — the gRPC API through which control planes (Istio, AWS App Mesh, Consul, custom control planes) push configuration updates to Envoy data plane instances — is the standard interface for dynamic service mesh data plane configuration. APAC engineering teams building custom service mesh control planes implement the xDS API to configure Envoy fleets without requiring Envoy restarts for configuration updates.

Beyond this tool

Where this category meets practice depth.

A tool only matters in context. Browse the service pillars that operationalise it, the industries where it ships, and the Asian markets where AIMenta runs adoption programs.

Or browse All tools · Encyclopedia · Case studies · Rankings