Comparison to similar systems¶
Overall, we believe that Envoy has a unique and compelling feature set for modern service oriented architectures. Below we compare Envoy to other related systems. Though in any particular area (edge proxy, software load balancer, service message passing layer) Envoy may not be as feature rich as some of the solutions below, in aggregate no other solution supplies the same set of overall features into a single self contained and high performance package.
NOTE: Most of the projects below are under active development. Thus some of the information may become out of date. If that is the case please let us know and we will fix it.
nginx is the canonical modern web server. It supports serving static content, HTTP L7 reverse proxy load balancing, HTTP/2, and many other features. nginx has far more overall features than Envoy as an edge reverse proxy, though we think that most modern service oriented architectures don’t typically make use of them. Envoy provides the following main advantages over nginx as an edge proxy:
- Full HTTP/2 transparent proxy. Envoy supports HTTP/2 for both downstream and upstream communication. nginx only supports HTTP/2 for downstream connections.
- Freely available advanced load balancing. Only nginx plus (the paid server) supports similar advanced load balancing capabilities as Envoy.
- Ability to run the same software at the edge as well as on each service node. Many infrastructures run a mix of nginx and haproxy. A single proxy solution at every hop is substantially simpler from an operations perspective.
haproxy is the canonical modern software load balancer. It also supports basic HTTP reverse proxy features. Envoy provides the following main advantages over haproxy as a load balancer:
- HTTP/2 support.
- Pluggable architecture.
- Integration with a remote service discovery service.
- Integration with a remote global rate limiting service.
- Substantially more detailed statistics.
Amazon’s ELB is the standard solution for service discovery and load balancing for applications in EC2. Envoy provides the following main advantages of ELB as a load balancer and service discovery system:
- Statistics and logging (CloudWatch statistics are delayed and extremely lacking in detail, logs must be retrieved from S3 and have a fixed format).
- Stability (it is common to see sporadic instability when using ELBs which ends up being impossible to debug).
- Advanced load balancing and direct connection between nodes. An Envoy mesh avoids an additional network hop via variably performing elastic hardware. The load balancer can make better decisions and gather more interesting statistics based on zone, canary status, etc. The load balancer also supports advanced features such as retry.
AWS recently released the application load balancer product. This product adds HTTP/2 support as well as basic HTTP L7 request routing to multiple backend clusters. The feature set is still small compared to Envoy and performance and stability are unknown, but it’s clear that AWS will continue to invest in this area in the future.
SmartStack is an interesting solution which provides additional service discovery and health checking support on top of haproxy. At a high level, SmartStack has most of the same goals as Envoy (out of process architecture, application platform agnostic, etc.). Envoy provides the following main advantages over SmartStack as a load balancer and service discovery package:
- All of the previously mentioned advantages over haproxy.
- Integrated service discovery and active health checking. Envoy provides everything in a single high performance package.
Finagle is Twitter’s Scala/JVM service to service communication library. It is used by Twitter and many other companies that have a primarily JVM based architecture. It has many of the same features as Envoy such as service discovery, load balancing, filters, etc. Envoy provides the following main advantages over Finagle as a load balancer and service discovery package:
- Eventually consistent service discovery via distributed active health checking.
- Order of magnitude better performance across all metrics (memory consumption, CPU usage, and P99 latency properties).
- Out of process and application agnostic architecture. Envoy works with any application stack.
proxygen is Facebook’s high performance C++11 HTTP proxy library, written on top of a Finagle like C++ library called wangle. From a code perspective, Envoy uses most of the same techniques as proxygen to obtain high performance as an HTTP library/proxy. Beyond that however the two projects are not really comparable as Envoy is a complete self contained server with a large feature set versus a library that must be built into something by each project individually.
gRPC is a new multi-platform message passing system out of Google. It uses an IDL to describe an RPC library and then implements application specific runtimes for a variety of different languages. The underlying transport is HTTP/2. Although gRPC likely has the goal of implementing many Envoy like features in the future (load balancing, etc.), as of this writing the various runtimes are somewhat immature and are primarily focused on serialization/de-serialization. We consider gRPC to be a companion to Envoy versus a competitor. How Envoy integrates with gRPC is described here.
linkerd is a standalone, open source RPC routing proxy built on Netty and Finagle (Scala/JVM). linkerd offers many of Finagle’s features, including latency-aware load balancing, connection pooling, circuit-breaking, retry budgets, deadlines, tracing, fine-grained instrumentation, and a traffic routing layer for request-level routing. linkerd provides a pluggable service discovery interface (with standard support for Consul and ZooKeeper, as well as the Marathon and Kubernetes APIs).
linkerd’s memory and CPU requirements are significantly higher than Envoy’s. In contrast to Envoy, linkerd provides a minimalist configuration language, and explicitly does not support hot reloads, relying instead on dynamic provisioning and service abstractions. linkerd supports HTTP/1.1, Thrift, ThriftMux, HTTP/2 (experimental) and gRPC (experimental).
nghttp2 is a project that contains a few different things. Primarily, it contains a library (nghttp2) that implements the HTTP/2 protocol. Envoy uses this library (with a very thin wrapper on top) for its HTTP/2 support. The project also contains a very useful load testing tool (h2load) as well as a reverse proxy (nghttpx). From a comparison perspective, Envoy is most similar to nghttpx. nghttpx is a transparent HTTP/1 <-> HTTP/2 reverse proxy, supports TLS termination, correctly supports gRPC proxying, among a variety of other features. With that said, we consider nghttpx to be an excellent example of a variety of proxy features, rather than a robust production ready solution. Envoy’s focus is much more targeted towards observability, general operational agility, and advanced load balancing features.