Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xdsresolver uses ldsResourceName instead of using data plane authority #6996

Closed
arvindbr8 opened this issue Feb 21, 2024 · 2 comments · Fixed by #6997
Closed

xdsresolver uses ldsResourceName instead of using data plane authority #6996

arvindbr8 opened this issue Feb 21, 2024 · 2 comments · Fixed by #6997
Assignees
@arvindbr8
Labels
Type: Bug

Comments

@arvindbr8
Copy link
Member

While testing the new bootstrap generator (GoogleCloudPlatform/traffic-director-grpc-bootstrap#57) which adds the new xdstp style in client_default_listener_name_template to the config, I found that the virtual hosts lookup was failing with the following error:

2024/02/21 22:39:04 WARNING: [core] [Channel #1] ccResolverWrapper: reporting error to cc: no matching virtual host found for "xdstp://traffic-director-global.xds.googleapis.com/envoy.config.listener.v3.Listener/439293274322/default/helloworld-gke:8000"
2024/02/21 22:39:04 INFO: [core] [Channel #1] Channel switches to new LB policy "pick_first"
2024/02/21 22:39:04 INFO: [core] [pick-first-lb 0xc0002ae4b0] Received error from the name resolver: no matching virtual host found for "xdstp://traffic-director-global.xds.googleapis.com/envoy.config.listener.v3.Listener/439293274322/default/helloworld-gke:8000"
2024/02/21 22:39:04 INFO: [core] [Channel #1] Channel Connectivity change to TRANSIENT_FAILURE
2024/02/21 22:39:04 could not greet: rpc error: code = Unavailable desc = name resolver error: no matching virtual host found for "xdstp://traffic-director-global.xds.googleapis.com/envoy.config.listener.v3.Listener/439293274322/default/helloworld-gke:8000"

even though, we are getting a valid RDS response

2024/02/21 22:39:04 INFO: [xds] [xds-resolver 0xc000242d80] Received update for RouteConfiguration resource "URL_MAP/439293274322_grpc-gke-url-map_0_helloworld-gke:8000": {
  "VirtualHosts": [
    {
      "Domains": [
        "helloworld-gke:8000"
      ],
      "Routes": [
        {
          "Path": null,
          "Prefix": "",
          "Regex": null,
          "CaseInsensitive": false,
          "Headers": null,
          "Fraction": null,
          "HashPolicies": null,
          "MaxStreamDuration": null,
          "HTTPFilterConfigOverride": null,
          "RetryConfig": {
            "RetryOn": null,
            "NumRetries": 0,
            "RetryBackoff": {
              "BaseInterval": 0,
              "MaxInterval": 0
            }
          },
          "ActionType": 1,
          "WeightedClusters": {
            "cloud-internal-istio:cloud_mp_439293274322_77023378241484717": {
              "Weight": 1,
              "HTTPFilterConfigOverride": null
            }
          },
          "ClusterSpecifierPlugin": ""
        }
      ],
      "HTTPFilterConfigOverride": null,
      "RetryConfig": null
    }
  ],
  "ClusterSpecifierPlugins": {},
  "Raw": {
    "type_url": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
    "value": "CjtVUkxfTUFQLzQzOTI5MzI3NDMyMl9ncnBjLWdrZS11cmwtbWFwXzBfaGVsbG93b3JsZC1na2U6ODAwMBK+ARITaGVsbG93b3JsZC1na2U6ODAwMBqmAQoCCgASWwo8Y2xvdWQtaW50ZXJuYWwtaXN0aW86Y2xvdWRfbXBfNDM5MjkzMjc0MzIyXzc3MDIzMzc4MjQxNDg0NzE3QgIIHkoXCg1nYXRld2F5LWVycm9yEgIIARoCCB5yQ1VSTF9NQVAvNDM5MjkzMjc0MzIyX2dycGMtZ2tlLXVybC1tYXBfMF9oZWxsb3dvcmxkLWdrZTo4MDAwLXJvdXRlLTA="
  }
}

The issue is that while parsing RDS to lookup virtual host we are using the entire LDS resource name and not just the domain, which is the dial target provided by the user.

I found the same issue in gRPC-java. This works in the following cases: when the virtual hosts domain name is the same the LDS resource name.
@arvindbr8 arvindbr8 self-assigned this Feb 21, 2024
@arvindbr8
Copy link
Member Author

This is the code that handles it

grpc-go/xds/internal/xdsclient/xdsresource/matcher.go

Line 228 in 76a23bf

func FindBestMatchingVirtualHost(host string, vHosts []*VirtualHost) *VirtualHost { // Maybe move this crap to client

grpc-go/xds/internal/resolver/xds_resolver.go

Line 416 in 76a23bf

matchVh := xdsresource.FindBestMatchingVirtualHost(r.ldsResourceName, update.VirtualHosts)

@arvindbr8
Copy link
Member Author

per @markdroth

You should not be using the LDS resource name to match the virtual host name. You should be using the data plane authority.

If the gRPC channel is created with target URI xds://whatever/server.example.com, then the data plane authority is server.example.com, regardless of what LDS resource name is constructed via the bootstrap file.

A47 also agrees with the same:

Note that the authority used for the data plane connections (which is also used to select the VirtualHost within the xDS RouteConfiguration) will continue to be the last path component of the xds URI used to create the gRPC channel (i.e., the part following the last / character, or the entire path if the path contains no / character).

@arvindbr8 arvindbr8 changed the title xdsresolver uses ldsResourceName instead of using the dial target xdsresolver uses ldsResourceName instead of using data plane authority Feb 22, 2024
This was referenced Feb 22, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arvindbr8 arvindbr8

Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

xdsclient: use dataplane authority for virtualhost lookup arvindbr8/grpc-go
1 participant
@arvindbr8