[QUESTION] Why an Envoy Service infront of Services with Envoy Sidecar? Why an NLB?

[omenking]

Hey @gmridula @tiagoReichert 👋

Preramble

I am currently migrating my Ruby on Rails application over to ECS Fargate with Cloud Map and App Mesh and I'm trying to make sense of two architectural design decisions that I could not find described in the article or video.

https://aws.amazon.com/blogs/containers/service-connectivity-inside-and-outside-the-mesh-using-aws-app-mesh-ecs-fargate/

I have two questions:

Envoy Gateway

The architectural diagram does not show it but there is an Envoy Service that sits between the NLB and microservices. What does the Envoy Gateway service serve?

Is it a Envoy Front Proxy? Why do I want this in my application? https://noise.getoto.net/2018/06/14/setting-up-an-envoy-front-proxy-on-amazon-ecs/

Network Load Balancer

Was there a specific reason NLB was used over ALB? The reason I ask is that my healthchecks are failing to the Envoy Gateway Service because I have yet to deploy an services behind it which could return an HTTP request since I'm doing this step by step.

I know if I switch over to NLB the health checks are different so I may fair better but I thought maybe there was a specific reason the NLB was choosen? Maybe the Envoy Gateway replicates functionality of the ALB advanced routing so it just makes more sense to use NLB.