Need advice about which tool to choose?Ask the StackShare community!


+ 1

+ 1
Add tool

Envoy vs Istio: What are the differences?

Envoy and Istio are popular technologies for managing and securing microservices in cloud-native environments. Envoy is a high-performance proxy, while Istio is a comprehensive service mesh platform. Here are the key differences between Envoy and Istio:

  1. Scope and Functionality: Envoy is a high-performance, open-source edge, and service proxy designed for modern architectures. It focuses on handling network traffic between services, providing features like load balancing, routing, traffic management, and observability. Envoy acts as a data plane component and can be used independently or as part of other service mesh solutions. On the other hand, Istio is a full-featured service mesh platform that leverages Envoy as its default sidecar proxy. Istio provides a comprehensive set of capabilities for traffic management, security, policy enforcement, and observability. It acts as a control plane and manages the configuration and behavior of the Envoy proxies deployed alongside services.

  2. Service Mesh Features: Istio provides additional features beyond what Envoy offers as a standalone proxy that includes intelligent routing, traffic splitting, canary deployments, fault injection, circuit breaking, service-level authentication, authorization, and observability through distributed tracing, metrics, and logging. These features allow developers to implement advanced traffic management and security patterns within their microservices architecture. Envoy, while powerful as a proxy, does not provide the same level of service mesh-specific features that Istio offers.

  3. Architecture and Integration: Envoy is designed to be a standalone component that can be integrated into various application stacks. It supports different deployment scenarios and can be used with or without a service mesh. Envoy is language-agnostic and can be used with applications written in different programming languages. On the other hand, Istio is built on top of Envoy and provides a higher-level abstraction for managing service-to-service communication. Istio integrates deeply with Kubernetes and is often used in Kubernetes-based environments. Istio leverages Envoy's capabilities and provides a control plane for managing and configuring the Envoy proxies.

  4. Complexity and Learning Curve: Envoy is a standalone proxy with a simpler learning curve, while Istio introduces additional complexity with its comprehensive feature set and control plane components. Envoy can be configured using its own files or APIs, while Istio requires working with custom resource definitions (CRDs) and specific components like gateways and virtual services.

In summary, Envoy and Istio are both powerful tools for managing and securing service-to-service communication in modern architectures. Envoy serves as a high-performance edge and service proxy, while Istio provides a complete service mesh platform built on top of Envoy.

Decisions about Envoy and Istio
Prateek Mittal
Fullstack Engineer| Ruby | React JS | gRPC at Ex Bookmyshow | Furlenco | Shopmatic · | 4 upvotes · 297.9K views

Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.

See more
Get Advice from developers at your company using StackShare Enterprise. Sign up for StackShare Enterprise.
Learn More
Pros of Envoy
Pros of Istio
  • 9
  • 14
    Zero code for logging and monitoring
  • 9
    Service Mesh
  • 8
    Great flexibility
  • 5
  • 5
    Powerful authorization mechanisms
  • 5
    Ingress controller
  • 4
    Easy integration with Kubernetes and Docker
  • 4
    Full Security

Sign up to add or upvote prosMake informed product decisions

Cons of Envoy
Cons of Istio
    Be the first to leave a con
    • 16

    Sign up to add or upvote consMake informed product decisions

    What is Envoy?

    Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.

    What is Istio?

    Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.

    Need advice about which tool to choose?Ask the StackShare community!

    What companies use Envoy?
    What companies use Istio?
    See which teams inside your own company are using Envoy or Istio.
    Sign up for StackShare EnterpriseLearn More

    Sign up to get full access to all the companiesMake informed product decisions

    What tools integrate with Envoy?
    What tools integrate with Istio?

    Sign up to get full access to all the tool integrationsMake informed product decisions

    Blog Posts

    May 6 2020 at 6:34AM


    What are some alternatives to Envoy and Istio?
    nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. According to Netcraft nginx served or proxied 30.46% of the top million busiest sites in Jan 2018.
    linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.
    Trailblazer is a thin layer on top of Rails. It gently enforces encapsulation, an intuitive code structure and gives you an object-oriented architecture. In a nutshell: Trailblazer makes you write logicless models that purely act as data objects, don't contain callbacks, nested attributes, validations or domain logic. It removes bulky controllers and strong_parameters by supplying additional layers to hold that code and completely replaces helpers.
    HAProxy (High Availability Proxy) is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.
    A modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically.
    See all alternatives