with envoy, what is different between using cluster IP and fqdn for adress of proxy_pass in nginx?

Question

I am trying to test Istio 1.9 on Kubernetes 1.20.2 (on premise)

First of all, when Nginx proxy_pass has fqdn of service for tomcat deployment

location /  {
            proxy_pass              http://tomcat.default.svc.cluster.local:8080;
            proxy_http_version      1.1;
            proxy_set_header        Connection "";
            proxy_redirect          off;
            proxy_set_header        Host    $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto  $scheme;
        }

while showing 404 error, It doesn't work and I couldn't find any tcp packet towards tomcat from tcpdump in Nginx pod.

Secondly, If I change the fqdn in proxy_pass into clusterIP or pod IP of tomcat pod, It works very well.

Finally, If I remove istio sidecar(envoy) injected into nginx, it works with fqdn in proxy_pass.

In this case, when the fqdn is used with envoy, why proxy_pass is not working? is there any required configurationn for Nginx with envoy?

I can expect the fqdn is used commonly in the light of the fact clusterIP could be changed.