rds: use http filters as part of identifier of rds config provider #26097
Conversation
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
|
/wait fix test and ci |
|
cc @markdroth @adisuissa I think this PR is related to #15025. By this patch, only listeners that have same http filters and rds config will share same subscription. But I have no much background knowledge about |
The rds configuration should be the only identifier to be used to identify a route.
Can you explain what do you mean here? |
When we creating the In the current implementation, the Listener/HCM A and Listener/HCM B may have same rds configuration and complete different In this scene and current impl, the However, I think the correct way should be creating a |
|
For discussion of the intended semantics of the xDS transport protocol caching layer, see #13009. @adisuissa is working on implementing that. I think that once we have that caching layer, this PR will not be necessary. The RDS subscription will be uniquely identified by the RDS resource name alone (not including any state from the Listener such as the list of HTTP filters), and any Listener that uses that RDS resource name will share the same subscription. This is why I reopened #15025: The solution of plumbing the set of filters from the Listener into the RDS subscription is inherently broken, because the client will have only one subscription to that RDS resource, and it needs to validate that resource without knowing or caring which Listener is going to use it. |
|
@markdroth in the current implementation, the rds subscriptions have been identified by the rds configuration and could be shared by multiple listeners/hcms. Will the cache layer change something? Maybe I need to check the background context for more information. 🙂 One of the reasons I choosed this way to solve the problem of current implementation is I want make the 🤔 |
|
The main requirement of the caching layer is that the RDS subscription be uniquely identified only by the RDS resource name. No other information can be part of that key, because if it is, that means we wind up needing multiple subscriptions to the same resource, which we can't do without creating a duplicate stream to the management server. If the current code uniquely identifies the RDS subscription by the RDS resource name, then the caching layer will not change anything. But if this PR is trying to change the code to identify the RDS subscription by both the RDS resource name and the list of HTTP filters, then that change is incompatible with the direction we're heading in for the caching layer. In other words, I don't think we want to proceed with this PR. Fundamentally, I don't think it's possible to make the HTTP filters available to the route table subscription, because with the caching layer, there will be a single RDS subscription no matter how many Listeners are using that RDS resource, and each of those Listeners may have a different set of HTTP filters. To say that another way, this change is basically incompatible with the xDS transport protocol semantics. |
|
@wbpcode I had a similar issue with ECDS because it is per-server but used per-listener. We need a distinction between the subscription and a route provider. The provider uses a subscription but it is contextualized by the point-of-use in the HCM, while the subscription is shared and global. I think it implies RDS needs to be kept verbatim until after the context is available. @markdroth Is this an implicit requirement for the caching layer? I can't think of another way to keep a resource in Envoy without a context apart from the verbatim proto stored. That would add some memory overhead because the runtime "processed" xDS is generally smaller and faster. |
I think we can split the subcription (which will output the proto config) and config provider (which will output the parsed config, By this way, I think we will not violate the cc @markdroth |
I think split the subscription and config provider is a reasonable solution to this issue. The subcription could be shared by anyone the subcribe the resource. And the config provider should container more context about the config users then we can do more optimization here. In the the implementation of rds, the subcription and config provider are bound together. |
wbpcode
changed the title
|
I readed the code of ECDS, seems it's a good example. If you agree that split subcription and config provider is acceptable, I can create a PR to do this for RDS. And after that PR is done, we can go back to proceed with this PR. cc @markdroth |
|
I'm not actually that familiar with how Envoy's xDS code is currently laid out, but I suspect that most of this will wind up changing as part of the work that @adisuissa is doing to implement a caching transport protocol interface. For details, see the design he's posted on #24773. So keep in mind that whatever changes you make here may be purely short-term ones. From the transport protocol perspective, I think the key requirements are:
I'm not sure what the exact interface is in the current code between the subscription and the config provider, so I don't think I'm the right person to answer whether that will be sufficient to solve the problem here. But ultimately, I think as long as the behavior meets the above requirements, it will probably be fine. |
|
cc @markdroth Thanks for you patient and detailed explanation. I think most requirements will be adhered. However, the Take the ECDS as an example, the shared resource is validated by all subscribers (in other words, the resource is validated by every config users). And if there a new subscriber, the new subscriber will validate the last config again. An accepted resource by other subscribers my be not valid for new subscriber in some extreme cases. But this will not effect the ACK/NACK, so I am not sure if it violet the requirement. Take the CDS as another example, if one cluster is failed to pass the validation, a NACK will be returned. But in fact, only one cluster is rejected and all other clusters in the discovery response have been accepted. If I treat the entire discovery response as a resource, it is partially accepted. If we treat each cluster as a resource, we don't have a way to respond to each cluster with an ACK/NACK. |
|
If #24773 cannot land in the short term, I will refer the current implementation of ECDS to proceed this work and require the review of @adisuissa to ensure any change will not be incompatible with the proposal of unified xds manager. |
|
Changed my goal priorities. I will try to land the feature of |
|
/wait |
As long as that per-subscriber validation does not impact the ACK/NACK response, I think this is fine. This is exactly the kind of case I was referring to in my last comment when I said "cases where there are problems that are visible only when the resources are combined". The "validating the individual resource in isolation" requirement refers only to validation that impacts the ACK/NACK response and the updating of the cache. Also, it's worth noting that once #24773 lands, ECDS may not be necessary as a separate layer of indirection, because it will be easy for any Envoy component to subscribe to any resource of an arbitrary type, which means that each filter can directly subscribe to a resource of its own config type if it wants.
I think this is actually a separate problem: this isn't about what validation we do to determine whether a resource should be ACKed or NACKed, it's about a limitation in the transport protocol in that ACK/NACK responses are per-response instead of per-resource. I think there's general agreement that this is a problem, and there's been discussion about adding a mechanism to do a per-resource NACK (see #5739). However, it may make sense to wait on fixing that until we can come up with a more general solution for #11396, since that would likely address both this problem and the "cases where there are problems that are visible only when the resources are combined" problem. Note that in the current transport protocol, the proper behavior is to validate each resource independently and NACK the response if any one resource failed validation. However, even when NACKing a response, the client may still use any resource from the response that passed validation. See discussion in #5739 and https://github.com/grpc/proposal/blob/master/A46-xds-nack-semantics-improvement.md. |
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
github-actions
bot
added
the
stale
|
This pull request has been automatically closed because it has not had activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
Commit Message: rds: use http filters as part of identifier of rds subcription
Additional Description:
When we are creating a rds subcription, the rds configration will be used as an unique identifier of the subscription or route config provider.
If there is an exist subcription that has same identifier, we will re-use it directly. By this way, different listeners/HCMs could share same route config provider/subcription.
However, it should be noticed that the
http_filters(the optional filter set) of HCM is necessary to create theConfigImplinstance from the proto route config.It means the route config providers/subcriptions will depend on the HCM's
http_filters.However, in the previous implementation, only the rds configration is used as identifier. It means that two HCMs may share same subscription and route config instance even they have different
http_filters. It should be wrong.This patch make the
http_filtersof HCM as part of the identifier of route config provider/subcription.Risk Level: Low.
Testing: Added.
Docs Changes: n/a.
Release Notes: n/a.