Istio failover to external service when internal service is unhealthy

Need to failover/redirect to external service (which is not in Mesh) when internal service is unhealthy (is in Mesh).

External Service – abc.example.com
Internal Service – abc.svc.cluster.local

Tried the following config but the redirection doesn’t seem to be working as expected. When I scale down the pods of internal service and send request to “abc.svc.cluster.local”, it doesn’t redirect to “abc.example.com” – it just keeps on giving me 5xx.

Expected result – Should redirect to “abc.example.com” when “abc.svc.cluster.local” is down.

1. Created the ServiceEntry for external service

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: external-backend
spec:
  hosts:
  - abc.example.com
  location: MESH_EXTERNAL
  ports:
  - number: 443
    name: https
    protocol: TLS
  resolution: DNS

2. Created a DestinationRule that will keep on checking if service is healthy

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: backend-destination-rule
spec:
  host: abc.svc.cluster.local
  trafficPolicy:
    outlierDetection:
      consecutive5xxErrors: 3
      interval: 10s
      baseEjectionTime: 30s

3. Created VirtualService for redirection

apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
  name: my-service
spec:
  hosts:
  - abc.svc.cluster.local
  http:
  - route:
    - destination:
        host: abc.svc.cluster.local
        port:
          number: 80
      weight: 100
    retries:
      attempts: 3
      perTryTimeout: 2s
    timeout: 5s
  - route:
    - destination:
        host: abc.example.com
        port:
          number: 443
      weight: 0