logo

Proxy

HAProxy, NGINX, Envoy are all L4/L7 proxies.

Use of proxy

  • API Gateways (edge proxy): Ambassador is one of the API Gateways, it uses Envoy as proxy.
  • Service Mesh (service-to-service proxy): Istio is also based on Envoy.

Envoy

  • Envoy is a self contained process (running as a sidecar).
  • dynamic configuration via gRPC/protobuf APIs, which simplifies management at scale.
  • pluggable filter architecture.
  • support gRPC, HTTP/2 and HTTP 1.1.
  • L7 routing and load balancing. At its core, is an L3/L4 network proxy; it supports an additional HTTP L7 filter layer.
  • for both service to service communication and at the edge.
  • a filter chain: the incoming request will go through a chain of filters, for auth, quota, logging, billing, throttling, etc.

Pros:

  • Envoy works with any language (Envoy itself is implemented in C++)
  • Envoy can be deployed and upgraded independently and transparently.

Google's ESPv2 is based on Envoy, first version of ESP was based on NGINX.

This article describes Why Ambassador chose Envoy. TL;DR: HAProxy was born in 2006 when the Internet operated very differently than today; NGINX may have some issues or limitations in open source projects; Envoy was born in 2016 and designed from the ground up for microservices.

Forward Proxy vs Reverse Proxy

  • forward proxy: on behalf of multiple clients, e.g. routes and filters employee traffic to the public Internet.
  • reverse proxy: on behalf of multiple servers. A reverse proxy is transparent to the client (which has the perception of talking directly to the server)