Logo

traffic mirroring

Testing a service in production is important to help ensure reliability. Sending live production traffic to a new version of a service can help reveal bugs that went untested during continuous integration and functional tests.

Using Istio, you can use traffic mirroring to duplicate traffic to another service. You can incorporate a traffic mirroring rule as part of a canary deployment pipeline, allowing you to analyze a service’s behavior before sending live traffic to it.

In this example, we have deployed a video processing pipeline to Kubernetes. The render service has a dependency on the encode-prod service, and we want to roll out a new version of encode, encode-test.

traffic mirroring

We can use an Istio VirtualService to mirror all encode-prod traffic to encode-test. The client side Envoy proxy for render will then send requests to both encode-prod (request path) and encode-test (mirrored path). prod and test are two subsets of the encode Kubernetes service, specified in an Istio DestinationRule.

Note: render will not wait to receive responses from encode-test — mirrored requests are “fire and forget.”

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: encode-mirror
spec:
  hosts:
    - encode
  http:
  - route:
    - destination:
        host: encode
        subset: prod
      weight: 100
    mirror:
      host: encode
      subset: test
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: encode
spec:
  host: encode
  subsets:
  - name: prod
    labels:
      version: prod
  - name: test
    labels:
      version: test