KAE-enabled Envoy Acceleration
Envoy is a high-performance L7 (application layer) proxy and communication bus designed for modern cloud native architectures. It is widely used as a data-plane component in service meshes, typically operating in sidecar mode alongside each service. Envoy transparently handles inbound and outbound traffic between services, enabling core capabilities such as traffic management, security, and observability. With support for dynamic configuration, it serves as key infrastructure for service mesh technologies like Istio. In microservice scenarios, Envoy needs to process a large number of TLS requests, regardless of whether it functions as an ingress gateway or a microservice proxy. Especially in the handshake phase, asymmetric encryption and decryption consume a large number of CPU resources. If microservices are deployed on a large scale, this overhead may become a system performance bottleneck. To address this, the KAE private key provider of Envoy offloads time-consuming encryption and decryption operations from the CPU to KAE. This accelerates encryption and decryption while releasing CPU computing power for other service workloads.
