Features

Architecture

• Out of process architecture
• Single process with multiple threads
• Non-blocking event-based design
• Small memory footprint
• Language agnostic (works with Java, C++, Go, PHP, Python, etc.)
• Hot restart capability
• Pluggable filter chain mechanism

Protocol Support

HTTP

• HTTP/1.1 support
• HTTP/2 support (first class)
• HTTP/3 support (alpha)
• Transparent HTTP/1.1 to HTTP/2 proxy
• HTTP/1.1 to HTTP/3 translation
• HTTP/2 to HTTP/3 translation
• WebSocket support
• WebSocket over HTTP/2 tunneling
• WebSocket over HTTP/3 tunneling
• HTTP CONNECT support
• CONNECT-UDP support (RFC 9298)
• HTTP upgrades

gRPC

• Full gRPC support
• gRPC bridging
• gRPC-JSON transcoding

Other Protocols

• Raw TCP proxy
• UDP proxy
• Unix domain socket support
• MongoDB protocol support
• DynamoDB protocol support
• Redis protocol support
• Postgres protocol support
• Kafka protocol support
• Thrift protocol support
• Dubbo protocol support

Load Balancing

• Weighted round-robin
• Maglev
• Least-loaded
• Random
• Ring hash
• Priority-based load balancing
• Locality weighted load balancing
• Zone aware routing
• Panic threshold configuration
• Slow start mode
• Load balancer subsets
• Aggregate cluster load balancing
• Composite cluster support

Traffic Management

• Automatic retries
• Retry host predicates
• Retry priority predicates
• Circuit breaking
• Global rate limiting
• Local rate limiting
• Bandwidth limiting
• Request shadowing (mirroring)
• Request hedging
• Traffic shifting
• Traffic splitting
• Outlier detection
• Connection pooling
• Overload management

Service Discovery

• Static configuration
• DNS-based discovery
• Strict DNS
• Logical DNS
• EDS (Endpoint Discovery Service)
• Custom service discovery plugins

Health Checking

• Active health checking
• Passive health checking (via outlier detection)
• HTTP health checks
• TCP health checks
• gRPC health checks
• Custom health check intervals per endpoint
• Health check event logging

Routing

• Path matching (exact, prefix, regex)
• Header matching
• Cookie matching
• Query parameter matching
• Virtual hosts
• Virtual clusters
• Route-level timeouts
• Route-level retries
• Request redirection
• Path rewriting
• Prefix rewriting
• Host rewriting
• Regex rewriting with capture groups
• Direct responses
• Traffic mirroring
• Weighted routing
• Route scoping (SRDS)
• Generic matching API
• Internal redirects (3xx handling)

Filters

Listener Filters

• TLS inspector
• HTTP inspector
• Original destination
• Proxy protocol

Network Filters (L3/L4)

• TCP proxy
• UDP proxy
• HTTP connection manager
• Redis proxy
• MongoDB proxy
• MySQL proxy
• Postgres proxy
• Kafka broker
• Rate limiting
• RBAC
• TLS client certificate authentication
• Dubbo proxy
• Generic proxy
• Wasm filters

HTTP Filters (L7)

• Router
• CORS
• CSRF
• Fault injection
• gRPC-JSON transcoder
• gRPC-Web
• gzip/compression
• Health check
• IP tagging
• JWT authentication
• Lua scripting
• Rate limiting
• RBAC
• Buffer
• External authorization
• OAuth2
• Header manipulation
• Adaptive concurrency
• Admission control
• AWS request signing
• Cache
• Compressor
• Decompressor
• ext_proc (external processing)
• GCP authentication
• Language detection
• On-demand route discovery
• Original IP detection
• Wasm filters

Security

TLS

• TLS termination
• TLS origination
• mTLS (mutual TLS)
• SNI (Server Name Indication) support
• ALPN support
• Certificate rotation
• OCSP stapling
• SDS (Secret Discovery Service)
• Custom certificate validation
• Multiple certificate support

Authentication & Authorization

• JWT (JSON Web Token) authentication
• External authorization
• Role-Based Access Control (RBAC)
• Client certificate authentication
• OAuth2 support

Other Security Features

• IP allowlisting/denylisting
• Request size limits
• Connection limits
• Trusted downstream addresses

Observability

Statistics

• Extensive built-in statistics
• Per-listener stats
• Per-cluster stats
• Per-route stats
• Per-upstream stats
• Custom stat tags
• Stat sinks (statsd, DogStatsD, Hystrix, etc.)
• Admin port statistics viewing

Tracing

• Distributed tracing support
• Zipkin integration
• Jaeger integration
• Datadog integration
• OpenTelemetry integration
• LightStep integration
• SkyWalking integration
• X-Ray integration
• Trace context propagation
• Custom trace sampling

Access Logging

• File-based access logs
• gRPC access log service
• Stdout/stderr logging
• Fluentd integration
• OpenTelemetry logging
• Custom log formats
• Access log filters
• Periodic access logs
• Start of session access logs

Configuration

Static Configuration

• Bootstrap configuration
• Static listeners
• Static clusters
• Static routes

Dynamic Configuration (xDS)

• LDS (Listener Discovery Service)
• RDS (Route Discovery Service)
• CDS (Cluster Discovery Service)
• EDS (Endpoint Discovery Service)
• SDS (Secret Discovery Service)
• VHDS (Virtual Host Discovery Service)
• SRDS (Scoped Route Discovery Service)
• RTDS (Runtime Discovery Service)
• ECDS (Extension Config Discovery Service)
• ADS (Aggregated Discovery Service)
• Delta xDS (incremental updates)
• xDS TTL support

Runtime Configuration

• Runtime feature flags
• Runtime percentage-based features
• Layer-based configuration

Connection Management

• Connection pooling (HTTP/1.1, HTTP/2, HTTP/3)
• Connection draining
• Graceful shutdown
• Listener connection balancing
• Max connections per cluster
• Max requests per connection
• Connection idle timeout
• Max connection duration

Advanced Features

Extensibility

• Custom filter development
• Wasm (WebAssembly) extension support
• Lua scripting
• Dynamic modules
• Extension security levels
• Filter chain composition

Request Handling

• Request/response buffering
• Streaming support
• Trailer support
• Header manipulation
• Request ID generation
• Request timeout management
• Idle timeout management
• Per-try timeout
• Global timeout

IP Transparency

• Original source preservation
• Proxy Protocol (v1 and v2)
• x-forwarded-for handling
• Original destination listener filter

Compression

• gzip compression
• Brotli compression
• Zstd compression
• Decompression support

Admin Interface

• Configuration dump
• Statistics viewing
• Cluster management
• Health check management
• Logging level control
• Profiling endpoints
• Runtime modification

Deployment Patterns

• Service mesh sidecar
• Front/edge proxy
• Ingress gateway
• API gateway
• Internal load balancer
• Double proxy configuration

Platform Support

• Linux
• macOS
• Windows
• Container/Kubernetes native
• Bare metal deployment

Use Cases

Service Mesh

• Sidecar proxy for microservices
• Service-to-service communication
• Transparent network abstraction for applications
• Uniform observability across polyglot services
• Consistent load balancing and retry policies
• mTLS between services
• Traffic management within a cluster

Edge/Ingress Proxy

• API gateway
• Kubernetes ingress controller
• Front proxy for web applications
• TLS termination at the edge
• Rate limiting external traffic
• Authentication/authorization gateway
• DDoS protection layer

Load Balancing

• L4 (TCP/UDP) load balancer
• L7 (HTTP/gRPC) load balancer
• Global load balancing across data centers
• Weighted traffic distribution
• Canary deployments
• Blue-green deployments
• A/B testing traffic splits

Traffic Management

• Circuit breaking for fault tolerance
• Automatic retries with backoff
• Request hedging for latency reduction
• Timeout enforcement
• Traffic mirroring/shadowing for testing
• Request routing based on headers/paths
• Traffic shifting during migrations

Protocol Bridging

• HTTP/1.1 to HTTP/2 translation
• HTTP to gRPC bridging
• gRPC-JSON transcoding
• Legacy protocol modernization
• WebSocket proxying
• HTTP/3 adoption bridge

Observability Platform

• Centralized metrics collection
• Distributed tracing integration
• Access logging aggregation
• Real-time traffic monitoring
• Debugging network issues
• Performance analysis
• SLA monitoring

Security Gateway

• TLS/mTLS termination and origination
• JWT validation
• OAuth2 authentication
• External authorization integration
• RBAC policy enforcement
• Secret rotation
• Certificate management

Database Proxy

• MongoDB traffic routing and observability
• Redis cluster proxy
• Postgres connection pooling
• MySQL proxy
• DynamoDB request monitoring
• Database traffic rate limiting

API Management

• API versioning through routing
• Request/response transformation
• API rate limiting
• API authentication
• Request validation
• Response caching

Multi-Cloud/Hybrid Deployments

• Consistent networking across clouds
• Hybrid cloud traffic management
• Cloud migration traffic shifting
• Multi-cluster service discovery
• Cross-datacenter failover

Developer Experience

• Local development proxy
• Service mocking/stubbing
• Fault injection for testing
• Request/response logging
• Debug proxy for troubleshooting

Legacy Modernization

• Strangler pattern implementation
• Incremental migration to microservices
• Protocol upgrades
• Adding observability to legacy apps
• Gradual traffic migration

Compliance & Governance

• Audit logging
• Traffic encryption enforcement
• Policy enforcement point
• Access control
• Data locality routing

Performance Optimization

• Connection pooling
• Keep-alive management
• Compression/decompression
• Caching layer
• Request coalescing
• Latency-based routing

Specialized Networking

• UDP tunneling over HTTP
• TCP tunneling over HTTP CONNECT
• Forward proxy for outbound traffic
• Transparent proxy
• CONNECT-UDP for HTTP/3 proxying