In this session, attendees will receive an in-depth analysis of effects and ways to make Envoy resilient to sudden increases in load. An analysis of last year's industry-wide CVE HTTP/2 'Rapid Reset' DDoS attack will illustrate practical implementation of mitigation measures. The session will further describe features developed in Envoy to defend against resource starvation. This includes system-level configuration practices and recent advancements in Envoy's overload manager designed to make Envoy resilient to spiky traffic.