Envoy Proxy Configuration as TCP Proxy

Gloo, an Envoy Proxy based API Gateway as TCP Proxy

This blog series “5 Minutes with Gloo” digs into a single feature, what it is used for and how to use it. In this post, we highlight the ability for Gloo to act as TCP Proxy in addition to API Gateway.

Gloo is a next generation API Gateway that acts as a control plane for Envoy Proxy to route incoming client and end user requests to backend services. Envoy Proxy at its core is a L4 network proxy, but it shines as a L7 proxy with support for many different application-level protocols. We’ve seen a lot of attention on the L7 aspects of Envoy but for usecases where we don’t need application-level network support, we can leverage Envoy for L4/TCP level capabilities.

With TCP support, Gloo can serve as a unified point for end users (clients) to access and for operators to shape traffic, add policies and access controls to a wider range of backend services and systems including databases, message queues, caches and more — in addition to all the application workloads.

Using Gloo as TCP Proxy, you can:

  • Route to single or multiple destinations
  • SSL traffic routing
  • SNI domain matching
  • Apply rate limiting, Auth and TLS/mTLS

You can try our TCP tutorial to learn more. To prepare, you will need to install Gloo onto a Kubernetes cluster and also set-up TCP-echo pod to use in testing the TCP capabilities you set up in this exercise. Try the TCP tutorial here

Get started with Gloo: