IBM Developer Envoy Christopher M Luciano Advisory Software Engineer at IBM [email protected] DOC ID / Month XX, 2018 / © 2018 IBM Corporation 

IBM Developer IBM Developer Agenda • Envoy Basics • Envoy Internals • xDS APIs • Contributing to Envoy 2 

IBM Developer Summary 3 The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem. https://www.envoyproxy.io/docs/envoy/v1.7.0/intro/what_is_envoy 

IBM Developer 4 Envoy Intelligent proxy deployed as a sidecar • Intercept & manages network traffic • Security/Identity • TLS termination • Low memory footprint • Language Agnostic 

IBM Developer 5 Envoy’s Role in Istio Pod Pod Service 1 Service 2 Envoy Envoy 

IBM Developer Listener 6 ▪ One to many number of listeners per Envoy process ▪ Proxies event when connection is made to listeners ▪ Configured with network or listener filters ▪ Listener binding • Freebind • Transparent ▪ TCP only (UDP soon) 

IBM Developer Clusters 7 ▪ Collection of similar hosts for Envoy connections ▪ Determined through various service discovery systems ▪ Can be configured either from a static list or dynamic API ▪ Warmed on initial boot 

IBM Developer Filters 8 ▪ Listener • Original Destination • TLS Inspector ▪ Network (Layer 3 & 4) • Rate limiting • Mongo • TCP Proxy ▪ HTTP • Fault injection • Router 

IBM Developer Envoy Threading Model 9 1 Envoy process Main thread File flush threads … Worker thread Worker thread xDS Admin Process mgmt Worker thread Listeners Connections 

IBM Developer SNI Proxy Example 10 https://github.com/IBM/envoy101/tree/ master/assets/sni-proxy-https 

IBM Developer DEMO SNI PROXY 11 https://github.com/IBM/envoy101/blob/master/assets/sni-proxy-https/docker-compose.yaml 

IBM Developer Double Proxy with MTLS filter_chain_match 12 https://github.com/IBM/envoy101/blob/master/assets/double-proxy-mtls/envoy_config1.yaml 

IBM Developer Double Proxy with MTLS cluster 13 https://github.com/IBM/envoy101/blob/master/assets/double-proxy-mtls/envoy_config2.yaml 

IBM Developer DEMO DOUBLE PROXY MTLS 14 https://github.com/IBM/envoy101/blob/master/assets/double-proxy-mtls/docker-compose.yaml 

IBM Developer xDS APIs 15 ▪ Route Discovery Service (RDS) ▪ Endpoint Discovery Service (EDS) ▪ Cluster Discovery Service (CDS) ▪ Listener Discovery Service (LDS) ▪ Aggregated Discovery Service (ADS) 

IBM Developer Route Discovery Service 16 

IBM Developer Endpoint Discovery Service 17 

IBM Developer Cluster Discover Service 18 

IBM Developer Listener Discover Service (LDS) 19 

IBM Developer Aggregated Discovery Service (ADS) 20 ▪ Single sequenced delivery of configuration • Istio 1.0 style ▪ Combines CDS/RDS/EDS ▪ Bidirectional stream ▪ gRPC style only 

IBM Developer Contributing to Envoy 21 ▪ github.com/envoyproxy/envoy ▪ Bazel based build system ▪ Open issues designated with “help/wanted” • Beginner tags for “good first issues” ▪ cmluciano.blog for contribution guide 

IBM Developer 22 Thank you [email protected] twitter.com/cmluciano_ github.com/cmluciano developer.ibm.com 

IBM Developer 23