Basically, Istio mesh represents ingress communication model between external Load Balancer through istio-ingressgateway and logical traffic management CRD components, which define a network routes, Authentication/Authorization aspects and service-to-service interactions.

Istio Gateway as the major contributor with an edge istio-ingressgateway service describes essential information about ports and protocols for HTTP/HTTS/TCP connections that are entering the service mesh and a way how to manage the further routing scenarios, therefore istio-ingressgateway does not decide itself about network traffic workflow and target application endpoints.

Retries concept in Istio is actually enclosed in routing rules and composed within VirtualService resource, showing us the main principle of network request re-attempts and their timeouts in case of initial call's failure.

When Istio istio-ingressgateway Pod starts it retrieves the discovery data about Envoy sidecars from Pilot, approaching the desired state through pilot-agent specific flags.

However, I couldn't determine the reported 503 error, during down-scaling istio-ingressgateway replicas in Istio 1.3.