Service to service only

    The above diagram shows the simplest Envoy deployment which uses Envoy as a communication bus for all traffic internal to a service oriented architecture (SOA). In this scenario, Envoy exposes several listeners that are used for local origin traffic as well as service to service traffic.

    This is the port used by applications to talk to other services in the infrastructure. For example, . HTTP and gRPC requests use the HTTP/1.1 host header or the HTTP/2 :authority header to indicate which remote cluster the request is destined for. Envoy handles service discovery, load balancing, rate limiting, etc. depending on the details in the configuration. Services only need to know about the local Envoy and do not need to concern themselves with network topology, whether they are running in development or production, etc.

    This is the port used by remote Envoys when they want to talk to the local Envoy. For example, http://localhost:9211. Incoming requests are routed to the local service on the configured port(s). Multiple application ports may be involved depending on application or load balancing needs (for example if the service needs both an HTTP port and a gRPC port). The local Envoy performs buffering, circuit breaking, etc. as needed.

    Our default configurations use HTTP/2 for all Envoy to Envoy communication, regardless of whether the application uses HTTP/1.1 or HTTP/2 when egressing out of a local Envoy. HTTP/2 provides better performance via long lived connections and explicit reset notifications.

    The recommended service to service configuration uses an external discovery service for all cluster lookups. This provides Envoy with the most detailed information possible for use when performing load balancing, statistics gathering, etc.

    The source distribution includes an example service to service configuration that is very similar to the version that Lyft runs in production. See for more information.