Introduction

While working with Envoy and EnRoute over the years, performance has been a key consideration, and not an afterthought.

We start with one of the most common asks that we get — how do you compare against Kong?

In this article, we aim to clarify the differences between the two solutions while considering several key aspects. This test is focused on scalability for control-plane and data plane; there are several other methods to conduct performance tests with different configurations. We have tried to keep it a high-level comparison to help show how architectural choices can influence ‌ performance. 

From the inception of Saaras EnRoute, we have prioritized performance as a foundational principle. We have consistently made deliberate design choices to ensure that the addition of new capabilities does not compromise the platform’s performance

Defining Performance

Performance has several vectors. We will describe our reasoning behind the benchmarking approach.

With the Kubernetes Gateway API becoming the established standard for handling ingress, egress, and internal cluster traffic, more gateways are implementing this API. While gateways may appear functionally equivalent, selecting the right gateway carries significant consequences, especially concerning scalability.

With Gateway API, we can easily compare the performance of multiple gateways by maintaining the same configuration. Additionally, it is crucial to evaluate both the Data Plane and Control Plane components.

When we started building Saaras EnRoute, we took great care to ensure it was architected with performance in mind. We have noticed that EnRoute's performance exceeds that of other gateways by orders of magnitude. While this performance comparison focuses on comparing it to Kong, we will run similar performance benchmarks with other gateways and publish the results.

Here, we conduct a detailed performance comparison between Saaras EnRoute and Kong. In our performance tests, we noticed the EnRoute control plane is over 20 times more performant than Kong. This is critical. A control plane that cannot scale, cannot program the data plane, rendering it useless.

Saaras EnRoute Data Plane is built from Envoy, and it has been shown to exhibit superior performance over proxies like Nginx and OpenResty. This is also apparent in the tests. We notice a jump in tail latencies when benchmarking Envoy with the proxy used by Kong. Note that this test was done without any plugins configured. We believe additional processing could further hinder the performance of platforms like Kong, which relies on interpreted Lua code, versus Envoy, which is built using C++.

Control Plane Performance

We installed Saaras EnRoute and Kong on separate clusters and progressively added HTTPRoutes to both gateways. We monitored the control plane and data plane components of both gateways.

• 5K: We started with 5K HTTPRoutes, where both Saaras EnRoute and Kong were functional. However, the memory consumption of Kong was orders of magnitude higher

• 10K: With 10K HTTPRoutes, Saaras EnRoute was functional. Kong ingress controller component stopped accepting routes with failures.

2025-05-28T19:28:06Z	error	dataplane-synchronizer	Could not update kong admin	
{"error": "performing update for https://10.150.0.60:8444 failed: config update 
failed: failed to reload declarative configuration: HTTP status 413 (message: 
\"failed posting new config to /config\")"}

10.150.0.62 - - [28/May/2025:19:29:36 +0000] 
"POST /config?check_hash=1&flatten_errors=1 HTTP/2.0" 413 148 
"-" "Go-http-client/2.0"

‍

The routes did not get programmed on the data plane and caused failures

• 15K-200K: We noticed the same result where Saaras EnRoute scaled to 15K, 100K and 200K HTTPRoutes. However, Kong did not recover and did not work in any of these scenarios.
  
  • We verified the number of routes programmed on EnRoute and Envoy
    
• EnRoute

root@ubuntu-c-2-sfo3-01:~# kubectl get httproutes.gateway.networking.k8s.io -n echo | more
NAME                            HOSTNAMES                          AGE
enroute-httproute-echo-1        ["hello-gateway.saaraslabs.com"]   20h
enroute-httproute-echo-100      ["hello-gateway.saaraslabs.com"]   20h
...

root@ubuntu-c-2-sfo3-01:~# kubectl get httproutes.gateway.networking.k8s.io -n echo | wc -l
222811

• Envoy

root@enroute-gw-688c55749-g5n4r:/# curl -s localhost:9001/config_dump | grep prefix | more
           "stat_prefix": "stats",
           "prefix": "/ready"
           "prefix": "/stats"
           "prefix": "/echo-100000"
           "prefix": "/echo-100001"
...

root@enroute-gw-688c55749-g5n4r:/# curl -s localhost:9001/config_dump | grep prefix | wc -l
222816

While running these tests, we captured the memory and CPU of Saaras EnRoute and Kong. We noticed the memory consumption of Kong was 10x or more compared to what Saaras EnRoute.

‍

Data Plane Performance

This measures how efficiently the data plane can handle traffic. While Kong's performance is comparable at lower percentiles, it has long-tail latencies for P99.

We created a simple listener and routes without any additional configurations. The wrk2 tool was used to capture accurate latencies

Number of concurrent HTTPs Requests

• 3000 RPS

‍

• 2000 RPS

• 1000 RPS

Number of concurrent HTTP Requests

• 3000 RPS

• 2000 RPS

• 1000 RPS

‍

Memory Usage

For Saaras EnRoute, we notice a linear memory increase as the number of configuration objects increases. This is what would be expected of a well designed system.

‍

We also notice that there are no memory leaks with an overnight run even after such a high number of configuration objects

‍

‍

Performance Matters

High control plane performance directly translates to infrastructure savings. One of our customers, who operates microservices for hundreds of tenants serving high-performance, real-time workloads, faced significant challenges due to the scalability limitations of their Ingress control plane.

To accommodate the load, they were forced to provision multiple clusters, resulting in substantial infrastructure costs and operational complexity. Each new infrastructure upgrade or release required updates across all clusters, and troubleshooting issues necessitated sifting through every cluster to identify the source of the problem.

With the configuration layer of several components increasingly centralized in the Kubernetes API Server, a performant control plane is critical. The impact is even more pronounced in High Availability (HA) setups, where identical solutions must be deployed across multiple availability zones.

By adopting EnRoute, the customer reduced their cluster count to a quarter of the original, achieving a 70%+ reduction in both infrastructure and operational costs.

Wrapping Up

While Saaras EnRoute is 20 times more performant than Kong for the control plane, its data plane, built on the robust Envoy Proxy, provides superior performance overall.

Resource consumption of Saaras EnRoute is one-tenth of Kong.

Saaras EnRoute is a drop-in replacement for Kong, offering significant savings on infrastructure and operational simplicity. Saaras EnRoute also features a deterministic pricing model.

If you would like more details about the test or are interested in exploring Saaras EnRoute further, please don’t hesitate to reach out. We’d be happy to assist you.

‍