.. _config_config_validation: Config Validations ================== Envoy supports dynamic configuration using the :ref:`xDS protocol <xds_protocol>`. When receiving a new configuration, Envoy first verifies that all fields are valid, according to their protoc-gen-validate (PGV) constraints, and that the new config keeps Envoy's internal state correct. If a given config violates a constraint, that config is rejected (see :ref:`ACK/NACK and resource type instance version <xds_ack_nack>`). In addition to the above, Envoy also supports custom config validations where verifications can be made, when using `gRPC-based subscriptions <xds_protocol_streaming_grpc_subscriptions>` . An example of such a validator is where an Envoy instance is expected to always have a minimal number of clusters, then any config update that results with a number of clusters which is less than the threshold should be rejected. Custom config validators are defined using Envoy's :ref:`extension <extending>` framework. Envoy's builtin config validators are listed :ref:`here <v3_config_config_validators>`. To use a config validation extension, it needs to be added to the :ref:`config_validators list <envoy_v3_api_field_config.core.v3.ApiConfigSource.config_validators>` field of the API configuration source that will be validated.