upstream: New original_dst cluster type. #1314
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
L3/L4 information from the downstream connection can be used to make the upstream load balancing decision and/or real host selection. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
…ation address. A following patch introduces a cluster type that connects to the original destination address of the downstream connection. Knowing if the downstream connection was actually redirected helps in avoiding opening the upstream connection to the same address the downstream connection was actually received at. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Store primary cluster pointer as a shared pointer, so that we can pass a weak reference to the primary cluster to the thread local clusters, so that the thread local cluster can call back to the primary cluster as long as the primary cluster has not been removed. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Envoy already supports SO_ORIGINAL_DST to retrieve the original destination IP address and L4 port number that were overwritten by netfilter REDIRECT action. So far the original destination address has been only used to switch from the initial listener to another listener on the original address. This patch adds a new cluster type that uses the original destination address as the upstream destination for the requests coming from a connection where the SO_ORIGINAL_DST returns an address that is different from the initial destination address the connection was received on. The request must be routed to this new cluster type for this to happen, and other cluster types can still be used as before, ignoring the original destination address on the upstream side. The "original_dst" cluster type makes transparent proxying with envoy easier in scenarios where it is impractical to configure a dedicated cluster for each possible upstream host, e.g., when acting as an egress proxy facing a large external network. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
This was referenced Jul 24, 2017
Add a LoadBalancerContext* to tcpConnForCluster, so that an original dst cluster gets access to the downstream connection. This is needed for the cluster to open a connection to the original destination address of the downstrea connection. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Add missing override keywords and change hashKey() to return a non-existing hash rather than zero hash. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
|
@jrajahalme so this one should be closed? I'm confused which one needs to be reviewed. (I don't really care can we just close one PR so everyone knows what needs to be reviewed). Thanks, |
|
Deleted this one. |
jpsim
pushed a commit
that referenced
this pull request
Nov 28, 2022
Description: envoyproxy/envoy-mobile#1314 attempts to make `//test/python/integration:test_send_headers` runnable in CI by defining a Python toolchain + installing pip dependencies as part of the Bazel build. Unfortunately I'm still on the steep part of the Bazel learning curve, aka I can't actually get anything working :) But then I realized: I don't actually need to install `gevent` to get this working, I just need to stop using `gevent`. This approach also has the advantage of cutting out an unnecessary dependency. I will still be working on #1314, but this unblocks getting coverage on the Python platform + is cleaner, imo. Risk Level: Low Testing: This is the test! Signed-off-by: Cerek Hillen <chillen@lyft.com> Signed-off-by: JP Simard <jp@jpsim.com>
jpsim
pushed a commit
that referenced
this pull request
Nov 29, 2022
Description: envoyproxy/envoy-mobile#1314 attempts to make `//test/python/integration:test_send_headers` runnable in CI by defining a Python toolchain + installing pip dependencies as part of the Bazel build. Unfortunately I'm still on the steep part of the Bazel learning curve, aka I can't actually get anything working :) But then I realized: I don't actually need to install `gevent` to get this working, I just need to stop using `gevent`. This approach also has the advantage of cutting out an unnecessary dependency. I will still be working on #1314, but this unblocks getting coverage on the Python platform + is cleaner, imo. Risk Level: Low Testing: This is the test! Signed-off-by: Cerek Hillen <chillen@lyft.com> Signed-off-by: JP Simard <jp@jpsim.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Envoy already supports SO_ORIGINAL_DST to retrieve the original
destination IP address and L4 port number that were overwritten by
netfilter REDIRECT action. So far the original destination address
has been only used to switch from the initial listener to another
listener on the original address.
This patch adds a new cluster type that uses the original
destination address as the upstream destination for the requests
coming from a connection where the SO_ORIGINAL_DST returns an address
that is different from the initial destination address the connection
was received on. The request must be routed to this new cluster type
for this to happen, and other cluster types can still be used as
before, ignoring the original destination address on the upstream
side.
The "original_dst" cluster type makes transparent proxying with envoy
easier in scenarios where it is impractical to configure a dedicated
cluster for each possible upstream host, e.g., when acting as an
egress proxy facing a large external network.
Signed-off-by: Jarno Rajahalme jarno@covalent.io