You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This functionality is relevant for the following example use case:
Envoy is deployed as a forward tcp-proxy
I want to only proxy connections for specific combinations of destination ports / IPs
I may have a very large number of these combinations, e.g. I want to proxy any request to 1.1.1.1 in the port range 20_000 - 50_000)
Based on my understanding of the V3 API, in order to achieve the specific example above I need 30_000 Filter Chains, where the Nth FilterChainMatch looks something like
{
destination_port: 20_000 + N
prefix_ranges: ["1.1.1.1/32"]
}
This seems like overkill from a configuration perspective, since each Filter Chain is otherwise identical (terminates with a tcp_proxy filter pointed at a single cluster).
While searching for better solutions to this specific use case, I found #345 for adding functionality to specify multiple Routes within the tcp_proxy filter. It appears that this was implemented in V2 but abandoned for the V3 API.
Is there a reason this functionality does not exist for V3? Is it something that could potentially be added?
A separate alternative that would also address my use case would be to expand FilterChainMatches to handle port ranges instead of just individual ports, but I'm not sure what the scope / impact of that change would be.
The text was updated successfully, but these errors were encountered:
Have you considered using the matching API for filter chains (https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/matching/matching_listener)?
I think you could accomplish this with a list matcher, each with AND predicate for the IP and the port range.
If you want sub-linear matching, then you could use a trie matcher on IP first, then the port predicate next.
The new API avoids repetition of filter chains using indirection with a filter chain name.
lizan
added
question
Questions that are neither investigations, bugs, nor enhancements
and removed
enhancement
Feature requests. Not bugs or questions.
triage
Issue requires triage
labels
May 4, 2022
This functionality is relevant for the following example use case:
1.1.1.1
in the port range20_000 - 50_000
)Based on my understanding of the V3 API, in order to achieve the specific example above I need 30_000 Filter Chains, where the Nth FilterChainMatch looks something like
This seems like overkill from a configuration perspective, since each Filter Chain is otherwise identical (terminates with a tcp_proxy filter pointed at a single cluster).
While searching for better solutions to this specific use case, I found #345 for adding functionality to specify multiple Routes within the tcp_proxy filter. It appears that this was implemented in V2 but abandoned for the V3 API.
Is there a reason this functionality does not exist for V3? Is it something that could potentially be added?
A separate alternative that would also address my use case would be to expand FilterChainMatches to handle port ranges instead of just individual ports, but I'm not sure what the scope / impact of that change would be.
The text was updated successfully, but these errors were encountered: