Out of process architecture
Envoy is a self contained server. It runs alongside any application language or framework. At Lyft we currently use it to proxy for PHP, Python, Go, Java, and C++.
HTTP/2
Envoy has first class support for HTTP/2 for both incoming and outgoing connections. It is a transparent HTTP/1.1 to HTTP/2 proxy.
Advanced load balancing
Envoy supports advanced load balancing features including automatic retries, circuit breaking, global rate limiting, request shadowing, zone local load balancing, etc.
Pluggable filter architecture: Envoy allows filtering both at the network level (TCP/IP) as well as at the HTTP level. Filters can be chained together to perform complex tasks. New filters can be written to perform tasks not already supported.
Modern C++11 code base: Envoy is written in C++11, yielding both great performance and productivity.
HTTP L7 routing: Envoy supports advanced HTTP L7 routing primitives including redirection, virtual hosts, virtual clusters, matching on different request parameters, etc.
TLS: Envoy supports both TLS termination and initiation, client certificate verification, and certificate pinning.
gRPC: Envoy has first class support for Google's gRPC framework.
MongoDB: Envoy contains a full MongoDB wire format parser that is used to gather statistics about database connections.
DynamoDB: Envoy contains a full DynamoDB API parser that is used to gather statistics about database requests and responses.
Service discovery: Envoy supports multiple methods for service discovery including asynchronous DNS resolution as well as integration with an external service discovery service.
Health checking: Envoy is capable of active health checking of backend servers. Active health checking along with service discovery yields eventually consistent and extremely resiliant load balancing.
Best in class observability: Envoy exposes a multitude of statistics to aid in system visibility and debugging as well as distributed tracing via thirdparty providers.