Envoy

Envoy is a high-performance proxy for edge, middle, and service traffic in microservices-oriented systems. Written in C++, it sits in front of or beside services and proxies traffic in environments that are container-packaged and dynamically scheduled, giving every application a consistent network layer.

It is configured at runtime through a universal data plane API, so routes, clusters, and filters update dynamically without restarts, and a hot restart capability reloads the binary with no dropped connections. An L3/L4 and L7 filter architecture handles HTTP/2, gRPC, and TCP, paired with advanced load balancing and deep observability through detailed stats, logging, and distributed tracing.

Envoy is governed by the Cloud Native Computing Foundation. Its security has been reviewed in third-party audits by Cure53 in 2018 and Ada Logics in 2021. It is self-hosted software under the Apache License 2.0.