Chapter 8. Traffic Management
Among the core capabilities of all service meshes is traffic management, and as such, it’s generally a deep functional area. This is certainly the case for Istio. With traffic management as our topic of study in this chapter, we begin our exploration of Istio’s capabilities in the context of how requests flow through the system, becoming familiar with Istio’s networking APIs as we go. We look at how you can use those APIs to configure traffic flow, enabling you to do things like canary new deployments, set timeout and retry policies that are consistent across all of your services, and, finally, test your application’s failure modes with controllable, repeatable fault injection.
Understanding How Traffic Flows in Istio
To understand how Istio’s networking APIs work, it’s important to understand how requests actually flow through Istio. Pilot, as we learned in the previous chapter, understands the topology of the service mesh, and uses this knowledge, along with additional Istio networking configurations that you provide, to configure the mesh’s service proxies. See Chapter 7 for more on the kind of configuration that Pilot pushes to service proxies.
As the data-plane service proxy, Envoy intercepts all incoming and outgoing requests at runtime (as traffic flows through the service mesh). This interception is done transparently via iptables rules or a Berkeley Packet Filter (BPF) program that routes all network traffic, in and out through Envoy. Envoy ...