Orion Proxy is a high performance and memory safe implementation of popular Envoy Proxy. Orion Proxy is implemented in Rust using high-quality open source components.
Memory Safety
Rust programming language allows to avoid a whole lot of bugs related to memory management and data races making Orion Proxy a very robust and secure application.
Performance
Orion Proxy offers 2x-4x better throughput and latency than Envoy Proxy. Refer to Performance to see performance figures and for more details how we tested Orion Proxy .
Compatibility
Orion Proxy configuration is generated from Envoy's xDS protobuf definitions. Orion Proxy aims to be a drop in replacement for Envoy.
Note: To control how many CPU cores/threads Orion uses (especially in containers), set the ORION_CPU_LIMIT environment variable. In Kubernetes, use the Downward API:
env:
- name: ORION_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
divisor: "1"Orion can be configured to use a specific number of CPU cores/threads by setting the ORION_CPU_LIMIT environment variable. This is especially useful in containerized environments where access to /sys/fs may be restricted.
Add the following to your container spec to set ORION_CPU_LIMIT to the container's CPU limit:
env:
- name: ORION_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
divisor: "1"Orion will automatically use this value to determine the number of threads/cores.
git clone https://github.com/kmesh-net/orion
cd orion
git submodule init
git submodule update --force
cargo buildcargo run --bin orion -- --config orion/conf/orion-runtime.yamlBuild and run with Docker:
# Build
docker build -t orion-proxy -f docker/Dockerfile .
# Run
docker run -p 8000:8000 --name orion-proxy orion-proxy
# Verify service
curl -v http://localhost:8000/direct-response # Should return HTTP 200 with "meow! 🐱"For testing load balancing with real backend servers:
# Start two nginx containers
docker run -d -p 4001:80 --name backend1 nginx:alpine
docker run -d -p 4002:80 --name backend2 nginx:alpine
# Start Orion Proxy (uses host networking to access localhost:4001/4002)
docker run -d --network host --name orion-proxy orion-proxy
# Test load balancing
curl http://localhost:8000/ # Proxies to nginx backends!
# Cleanup
docker rm -f backend1 backend2 orion-proxyFor detailed Docker configuration options, see docker/README.md.
Orion includes a comprehensive TLV (Type-Length-Value) listener filter demo compatible with the Kmesh project for service mesh integration. This demo provides end-to-end testing of the TLV filter functionality.
To test the TLV filter:
cd examples/tlv-filter-demo
./test_tlv_config.shThis demo will:
- Start Orion with TLV filter configuration matching Kmesh format
- Load the TLV listener filter using TypedStruct configuration
- Send actual TLV packets to test the filter functionality
- Extract and verify original destination information from TLV data
- Show debug logs confirming successful TLV processing
- Verify compatibility with Kmesh TLV configuration format
For detailed information, see examples/tlv-filter-demo/README.md.
Orion Proxy is licensed under the Apache License, Version 2.0.
