This topic describes how to manage traffic by using Istio. Specifically, you can use Istio to set corresponding parameters for a load balancing algorithm, session affinity, connection pool, circuit breaker, or faulty injection.

Before you begin

  1. Log on to the Container Service console.
  2. In the left-side navigation pane under Container Service-Kubernetes, choose Service Mesh > Virtual Services.
  3. On the right of the target virtual service, click Manage. Then, you can manage traffic related to the service according to your needs.

Control traffic

Find the required version of the target virtual service, and then click Traffic Control.

  • Set load balancing.
    Istio provides two methods to set load balancing: Load Balancer Algorithm and Session Affinity.
    Note These two methods are mutually exclusive.
    Select a load balancing algorithm according to your needs.
    • ROUND_ROBIN: Evenly distributes loads across the endpoints in the load balancing pool. This is the default algorithm used by the Istio proxy.
    • LEAST_CONN: Selects two healthy hosts randomly and uses the host with fewer requests to provide service.
    • RANDOM: Selects one healthy host randomly and evenly distributes loads on the endpoints in the load balancing pool. In the case that you have not set health checks, this is more efficient than ROUND_ROBIN.
    • PASSTHROUGH: Forwards requests directly to the IP address specified by the client. For security purposes, we recommend that you exercise caution before implementing this algorithm.
    Figure 1. Supported load balancing algorithms


    Select a type of session affinity according to your needs.
    • HTTP Headers: Obtains hashes based on a specific HTTP header.
    • Cookie: Obtains hashes based on HTTP cookies.
    • Source IP: Obtains hashes based on the source IP addresses.
    Figure 2. Session affinity options


  • Set a connection pool.
    • maxConnections: Indicates the maximum number of connections that Envoy will create for all the hosts in the upstream clusters. This parameter applies only to the connections that use the TCP or HTTP/1.1 protocol.
    • connectTimeout: Indicates the TCP connection timeout. The minimum value of this parameter must be greater than 1 ms. This parameter applies only to the connections that use the TCP or HTTP protocol.
    • maxRequestsPerConnection: Indicates the maximum number of requests that are destined for a backend through a connection. Setting this parameter to 1 disables the keep-alive feature. This parameter only applies to the connections that use the HTTP/1.1, HTTP/2, or gRPC protocol.
    • maxRetries: Indicates the maximum number of retries of an HTTP request that is sent to a destination host during a specified period of time. The default value of this parameter is 3. This parameter only applies to the connections that use the HTTP/1.1, HTTP/2, or gRPC protocol.


  • Set a circuit breaker.
    • consecutiveErrors: Indicates the number of consecutive errors that occur to a host in a specified interval. If the value set is exceeded, the host where the consecutive errors occurred is removed from the connection pool. The default value of this parameter is 5.
      Note If the upstream host is accessed through an HTTP connection, a status code of the 5xx format is identified as an error. If the upstream host is accessed through a TCP connection, a TCP connection timeout, a connection error, or a connection failure will be identified as an error.
    • maxEjectionPercent: Indicates the maximum ratio of removable hosts to all the hosts in a load balancing pool of the upstream service. The default value of this parameter is 10%.
    • baseEjectionTime: Indicates the minimum interval of a time an unhealthy host can be removed from the load balancing pool. The amount of time that an unhealthy host is removed from the load balancing pool is equal to this parameter multiplified by the number of times the host has already been removed. By using this parameter, the amount of time that an unhealthy host is removed from the load balancing pool can be increased automatically.
    • interval: Indicates the period of time during which the system detects errors. The default value of this parameter is 10s. The minimum value of this parameter is 1 ms.


Note If you want the preceding settings to take effect for all the versions of the target virtual service, you need to select the Apply to all versions check box.

Inject faults to traffic

On the page that displays the details of the target virtual service, click Fault Injection Policy.

You can inject two types of faults: delay faults and abort faults. The fault injection feature supports the HTTP protocol.

  • Create a fault injection to delay traffic flow.

    This type of fault injection is used to simulate faults, such as network faults and faults caused by upstream service overload.



    Create a fault injection rule to delay traffic, set the following parameters.
    • percent: Set the ratio of the requests to be delayed as all requests that are forwarded to the requested destination. The value range of this parameter is 0 to 100.
    • fixedDelay: Set the delayed time before the specified ratio of requests are forwarded (in seconds by default). You can also set the delayed time in hours, minutes, or milliseconds. This is the required parameter for injecting a delay fault. The minimum value of this parameter is 1ms.
  • Create an fault injection that terminates a request that comes from a downstream service and return a corresponding error to the downstream service.

    This type of fault injection is used to simulate a condition where an error code occurs to the upstream service.



    To create an fault injection that terminates a request that comes from a downstream service, set these parameters.
    • percent: Set the ratio of the requests that you want to terminate to all the requests that are forwarded to the requested destination. The value range of this parameter is 0 to 100.
    • httpStatus: Set the HTTP status code that will be returned to a client service. This is the required parameter for injecting an abort fault.