Multiple Istio Ingress Gateways

Consider large application: 50-100 services, >100 pods behind each, some living in distinct namespaces. What is the recommended deployment model for the Istio Ingress Gateway?

  1. Single Ingress Gateway for the entire Kubernetes cluster, distributing traffic to ALL services withing the mesh.
  2. Multiple Ingress Gateways, e.g., one per namespace or one per N services?

I noticed people deploying multiple gateways to isolate public/private traffic or in cases in which separate TLS/domain settings are imposed. However, never seen people doing it in per-namespace fashion.

I wonder if there are benefits in terms of performance, scalability, and configurability in having multiple gateways?

Is having a single gateway, scaled to a high extent, and handling the entire ingress traffic a good (and recommended) practice?

Does Istio provide stable support for the multiple-gateway model?