30 open-source projects similar to lyft/envoy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Envoy alternative.
Ocelot is a .NET API gateway that functions as an HTTP reverse proxy to route, balance, and secure traffic between clients and backend services. It serves as a centralized manager for incoming requests, providing a single entry point for traffic orchestration. The project differentiates itself through dynamic request orchestration, allowing it to aggregate multiple backend service responses into a single result to minimize client network round trips. It also supports dynamic gateway configuration, enabling updates to system behavior and operational parameters without requiring a service resta
Sozu is a high-performance, memory-safe reverse proxy and load balancer built in Rust. It is designed to manage HTTP, TCP, and UDP traffic through a multi-process architecture that leverages isolated worker processes to ensure fault tolerance and efficient resource utilization across multi-core hardware. The project distinguishes itself through a focus on continuous availability and dynamic control. It features a unique binary hot-reloading mechanism and a Unix-socket-based control plane, allowing administrators to update proxy configurations, modify listener settings, and even replace the pr
This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu
Lura is an API gateway and traffic router that directs network requests to backend services using a configurable pipeline of processing steps. It functions as a backend load balancer and a request middleware engine designed to validate, modify, and transform incoming requests and responses. The system specializes in API response aggregation, allowing it to execute concurrent requests to multiple backend services and merge the results into a single unified output. This includes the ability to perform dynamic response mapping by renaming fields and filtering data to optimize the final client pa
Dubbo is a Java RPC framework and microservices governance platform designed for high-performance remote procedure calls in distributed architectures. It provides the foundational components necessary to connect distributed services across a network, including a binary data serialization library and a distributed service registry. The platform distinguishes itself through a comprehensive governance suite that manages service discovery, load balancing, and traffic routing. It enables precise control over network traffic via conditional routing and a pluggable extension mechanism based on a ser
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
This project is a comprehensive educational resource and study guide focused on distributed systems architecture and backend infrastructure design. It provides a structured curriculum for mastering the principles of scalability, reliability, and performance required to design complex software systems. The repository distinguishes itself by offering a methodical approach to technical interview preparation, incorporating design patterns, architectural trade-offs, and spaced repetition tools to help users retain complex concepts. It emphasizes constraint-driven analysis, teaching users how to ev
Twemproxy is a lightweight proxy that routes and distributes requests across multiple Redis and Memcached backend servers. It functions as a protocol translation gateway and distributed cache shard manager, partitioning data across clusters to balance load and storage capacity. The system acts as a high-availability cache orchestrator, employing health monitoring and automatic server ejection to maintain continuous access to cached data. It integrates with sentinels for dynamic master and replica discovery and utilizes consistent hashing and tag-based key grouping to manage data distribution
Xget is an edge-based network proxy and request router designed to optimize connectivity and reduce latency for remote resources. It functions as a high-performance interface for AI inference API requests, container registry mirroring, and the acceleration of Git repository operations and software package mirrors. The system distinguishes itself through protocol-aware proxying that preserves authentication and headers for Git and container registries. It utilizes rule-based URL transformation to map requests to accelerated upstream provider endpoints and employs a response rewriting mechanism
The Gateway API is a standardized set of resources for routing HTTP, gRPC, and TCP traffic into and within Kubernetes clusters. It serves as a framework for defining load balancer listeners and routing rules for both Layer 4 and Layer 7 protocols, acting as a specification for ingress and service mesh traffic interfaces. The project utilizes a role-oriented configuration that separates infrastructure provisioning from routing logic. It implements a class-based provider selection system to match requested infrastructure to specific controller implementations and employs a conformance-driven sp
Keepalived is a high availability manager and virtual IP failover tool that ensures continuous service availability. It coordinates the migration of floating IP addresses between master and backup nodes using the Virtual Router Redundancy Protocol to manage router redundancy and seamless failover. The project distinguishes itself by integrating with the Linux kernel IPVS module to function as a transport-layer load balancer. It distributes network traffic across backend servers using various scheduling algorithms and forwarding methods such as NAT, direct routing, or tunneling. The system in
Moleculer is a Node.js microservices framework designed for building distributed systems. It functions as a distributed service broker, task orchestrator, and service mesh framework, enabling a decentralized architecture with built-in service discovery and load balancing. The project differentiates itself through a pluggable transport layer supporting protocols such as NATS, Redis, TCP, and Kafka, as well as a dedicated microservices API gateway that maps external HTTP and WebSocket requests to internal service actions. It includes built-in fault tolerance mechanisms, including circuit breake
Clashfree is a network traffic routing platform designed to facilitate access to restricted online resources and digital services. It functions as a proxy configuration management tool that enables users to route internet traffic through encrypted tunnels, effectively bypassing regional access restrictions. The system provides a centralized way to manage network proxy connections and organize multiple routing profiles across various environments. The project distinguishes itself by providing automated subscription services that distribute daily updated proxy node lists and configuration files
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
Envoy is a high-performance, cloud-native service proxy designed for service-to-service communication in distributed architectures. It functions as a service mesh data plane, providing a centralized mechanism for managing, securing, and observing network traffic between microservices. The project is distinguished by its ability to perform dynamic traffic management and configuration updates in real-time without requiring service restarts or downtime. It utilizes a non-blocking, event-driven architecture to handle high-concurrency connections and supports hot-restart process management, which
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
Edgetunnel is a serverless network proxy service designed to route traffic through global edge computing platforms. By leveraging distributed infrastructure, it facilitates secure and flexible connectivity for outgoing network requests, allowing users to bypass traditional server management while maintaining control over their traffic routing. The project distinguishes itself by providing a comprehensive suite of tools for managing proxy deployments, including a visual dashboard for monitoring connection logs and traffic statistics. It supports the generation of automated subscription feeds,
Linkerd is a Kubernetes service mesh that manages network traffic between microservices. It functions as a transparent networking proxy, layer 7 traffic manager, and mutual TLS security layer, providing observability and reliability for service-to-service communication without requiring changes to application code. The project distinguishes itself through a sidecar-proxy architecture that intercepts TCP and application-level traffic to provide automatic mutual TLS encryption and identity verification. It enables cross-cluster service networking to link multiple clusters and implements cloud-n
MetalLB is a Kubernetes load balancer implementation and IP address manager designed for bare metal clusters. It functions as a networking tool that provides external connectivity and traffic distribution by assigning external IPv4 and IPv6 addresses to services. The project differentiates itself by providing two distinct advertisement modes. It can operate as a BGP routing controller, using the Border Gateway Protocol to announce service IPs to external routers with support for bidirectional forwarding detection and VRF-aware routing. Alternatively, it can act as a Layer 2 network advertiser
This project is a comprehensive infrastructure guide and technical reference for designing and deploying cloud native and AI native environments using Kubernetes. It serves as a manual for managing container orchestration, pod lifecycles, and declarative state reconciliation to maintain scalable cluster workloads. The resource provides instructional material on building custom controllers and implementing operational logic via the operator pattern. It also functions as a framework for optimizing the delivery of large language models through specialized gateways and workload scheduling. The h
Nacos is a service discovery and configuration platform designed for cloud native environments. It serves as a management plane that orchestrates service registries, handles dynamic application settings through a remote configuration store, and functions as a load balancing control plane for distributed clusters. The platform differentiates itself by providing real-time configuration updates that push changes to clients without requiring service restarts. It also implements weighted routing and DNS-based traffic routing to manage load balancing policies across a fleet of healthy service insta
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency. What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a L
Zuul is an API gateway service that manages incoming network traffic to backend services. It serves as a routing layer and edge security proxy that provides centralized control over security and monitoring for microservices. The project implements a dynamic request router that maps incoming paths to backend locations using configurable rules that can be updated at runtime. It also includes a circuit breaker implementation to monitor backend failure rates and stop traffic to failing services to prevent cascading outages. The gateway provides a filter-based request pipeline for processing traf
Tyk is an open-source API gateway written in Go that routes, secures, and monitors network traffic across REST, GraphQL, TCP, and gRPC protocols. It functions as a multi-protocol proxy designed to deliver requests to backend services while managing the end-to-end API lifecycle. The system distinguishes itself through a plugin-based architecture that allows for the injection of custom logic into the request and response middleware chain. It also features native Kubernetes integration, operating as an ingress controller that uses operators and custom resource definitions to deploy security poli
Traefik is a cloud-native load balancer and dynamic reverse proxy designed for microservices traffic routing. It automatically discovers services and generates network routes by listening to infrastructure changes in orchestrators and service registries. The project distinguishes itself through auto-configuring service routing, which eliminates manual configuration by updating routing rules in real time as infrastructure scales. It also provides automated SSL certificate management, utilizing ACME-based automation to request and renew certificates from remote authorities. Additional capabili
Pingora is a Rust-based framework for building high-performance network services, including HTTP reverse proxies, layer seven load balancers, and TLS termination proxies. It serves as an asynchronous network library designed to intercept and route HTTP, gRPC, and WebSocket traffic between clients and upstream backend servers. The project enables zero-downtime service updates by handing over listening sockets between processes during binary or configuration upgrades. It utilizes a programmable multi-phase pipeline to modify request and response bodies and headers, and it provides a pluggable T
XMRig is a multi-algorithm hashing tool and cryptocurrency miner that utilizes CPU, CUDA, and OpenCL hardware to execute hashing algorithms across multiple operating systems. It functions as a computational engine for mining cryptocurrency and benchmarking hardware efficiency. The project includes a Stratum proxy server that routes mining traffic between worker clients and pools to optimize connectivity and balance load. It also provides a secured HTTP management API for monitoring hashrates and modifying miner configuration in real time without restarting the process. The software covers a
Cilium is a networking, security, and observability platform for containerized environments that leverages kernel-level data paths to process traffic. By executing programs directly within the Linux kernel, it provides high-performance packet filtering, routing, and load balancing without the need for traditional user-space proxies or context switching. The platform distinguishes itself through identity-based security enforcement, which filters traffic based on service labels rather than volatile IP addresses. It integrates containerized workloads with external physical or virtual infrastruct
This project is a comprehensive Java backend engineering guide and technical reference focused on high-concurrency design, distributed systems, and microservices architecture. It provides detailed strategies for decomposing monolithic applications, managing service discovery, and implementing the architectural patterns required for scalable backend environments. The repository distinguishes itself through an extensive collection of big data algorithmic references and database scaling strategies. It covers memory-efficient techniques for analyzing massive datasets, such as Top-K element extrac