Distributed Systems - Proxy

Updated: 2021-11-19

HAProxy, NGINX, Envoy are all L4/L7 proxies. This article describes Why Ambassador chose Envoy. TL;DR: HAProxy was born in 2006 when the Internet operated very differently than today; NGINX may have some issues or limitations in open source projects; Envoy was born in 2016 and designed from the ground up for microservices.


  • Envoy is a self contained process (running as a sidecar). Benefits: (1) works with any language (Envoy itself is implemented in C++11) (2) can be deployed and upgraded independently and transparently.
  • dynamic configuration via gRPC/protobuf APIs, which simplifies management at scale
  • pluggable filter architecture
  • support gRPC, HTTP/2 and HTTP 1.1
  • L7 routing and load balancing
  • for both service to service communication and at the edge

Google's ESPv2 is based on Envoy, first version of ESP was based on NGINX.

Use of proxy:

  • API Gateways(edge proxy): Ambassador is one of the API Gateways, it uses Envoy as proxy.
  • Service Mesh(service-to-service proxy): Istio is also based on Envoy.

Hitless reload: The new process reads the sockets from the old process via the socket, so that there are no refused connections.

Reverse proxy

A reverse proxy is transparent to the client (which has the perception of talking directly to the server)