A New Model for Safe, Secure, and Fast Platform Extensions

What is WebAssembly

WebAssembly (Wasm) is a fast, efficient, and portable binary instruction format for programming languages, providing an embeddable and safe execution environment for platform extensions. Started in 2015, Wasm became a popular way to extend web applications and is gaining momentum for server side applications as well. The Wasm extension is packaged as a virtual machine that is then deployed to a target platform like a browser or server as a secure and highly performant model for extensibility.


A New Model for Extending the Application Network

The application of Wasm has already started expanding in cloud-native infrastructure to Kubernetes, Envoy Proxy, and Envoy based solutions like Istio and Gloo. In particular, the Envoy project has been working to integrate and stabilize the use of Wasm as the model going forward for extensibility.  Envoy is popular for its cloud-native architecture, performance, and that it can be extended in many ways through the use of filters, tracers, monitors, and more. Specifically, the filters are what’s used to modify the behavior of the proxy to manipulate the traffic that flows through it. The proxy ships with some filters out-of-the-box and with the open nature of Envoy, any end user can write and add their own filter to extend Envoy.

However there are challenges related to writing your own custom filters for Envoy including having enough expertise in C++ (Envoy language) to the effort needed to integrate and compile the customization to Envoy, and maintaining a separate build of Envoy over time. The addition of WebAssembly into the Envoy community and ecosystem dramatically improves, streamlines, and expands the ability to extend Envoy and Envoy based solutions like gateways and service meshes. Wasm provides the ability to dynamically update running Envoy processes without having restarts, isolation from failures and security issues, removes the overhead of compiling and maintaining a build of the Envoy code base, and comes with an active and growing developer community.


Envoy proxy is written in C++ and customizations to the proxy behavior are handled through filters available out of the box, or custom built and compiled into the codebase.

  • Requires engineering expertise in C++
  • Time and cost of maintaining Envoy codebase


WebAssembly brings a new model for extensibility that is secure and highly performant, with a vibrant developer community.

WebAssembly Hub


Connect any application workload including legacy monoliths, microservices and serverless functions.


Share, collaborate, and store your extensions with your team and the community.


Discover, pull, and deploy Wasm extensions to your Envoy proxy powered data plane at the edge and in service mesh.

WebAssembly Hub

Build, publish, discover, and deploy Wasm modules

Open Source Community

Contribute in the image specification, SDKs, tools and participate in the discussion