Envoy for NFS
152 views
Skip to first unread message
Justin Garrison
Jun 21, 2017, 11:49:27 PM6/21/17
to envoy-users
I'm curious if anyone is using Envoy as a proxy for NFS traffic. Would like to use it mostly to gain insight in how much data is being accessed but also possibly to provide better access control and security.
If someone has examples or similar configuration I'd love to check it out.
Thanks
Matt Klein
Jun 22, 2017, 12:20:37 AM6/22/17
to Justin Garrison, envoy-users
Not that I know of. If you are looking for L4 proxy and stats that is easy to setup and will work. There is no L7 support for NFS at the current time.
Thanks,
Matt
--
You received this message because you are subscribed to the Google Groups "envoy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-users+unsubscribe@googlegroups.com.
To post to this group, send email to envoy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/5f0e3d27-01f0-4428-91cb-be869108ff28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Justin Garrison
Jun 22, 2017, 12:25:14 AM6/22/17
to envoy-users, justinle...@gmail.com
What are the downsides when proxying L4 vs L7? I'm assuming it's mostly application specific metrics that are missing but maybe there is more. As a L4 proxy would I just be able to see how much raw data is being sent where? Would I get other benefits proxying protocols not supported by L7 proxy?
On Wednesday, June 21, 2017 at 9:20:37 PM UTC-7, Matt Klein wrote:
Not that I know of. If you are looking for L4 proxy and stats that is easy to setup and will work. There is no L7 support for NFS at the current time.Thanks,Matt
On Wed, Jun 21, 2017 at 8:49 PM, Justin Garrison <justinle...@gmail.com> wrote:
I'm curious if anyone is using Envoy as a proxy for NFS traffic. Would like to use it mostly to gain insight in how much data is being accessed but also possibly to provide better access control and security.If someone has examples or similar configuration I'd love to check it out.Thanks
--
You received this message because you are subscribed to the Google Groups "envoy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-users...@googlegroups.com.
To post to this group, send email to envoy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/5f0e3d27-01f0-4428-91cb-be869108ff28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Matt Klein
Jun 22, 2017, 12:26:36 AM6/22/17
to Justin Garrison, envoy-users
There would be just raw TCP level stats, along with health checking, service discovery, etc. (if applicable).
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-users+unsubscribe@googlegroups.com.
To post to this group, send email to envoy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/6ca41d05-eee3-469d-942c-efb38d8bf92c%40googlegroups.com.
Justin Garrison
Jun 22, 2017, 12:31:52 AM6/22/17
to envoy-users, justinle...@gmail.com
I'm assuming adding application insights into a protocol like NFS is non-trivial. Is the L7 support pluggable and documented somewhere? Even if it's only basic data I don't think I would want/need everything from the protocol and just a little bit of application data would offset the TCP stats.
In L4 proxy mode could I still use the proxy for access control? Because it's TCP I'm guessing I'd only be able to block NFS endpoints entirely.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/6ca41d05-eee3-469d-942c-efb38d8bf92c%40googlegroups.com.
Matt Klein
Jun 22, 2017, 12:27:15 PM6/22/17
to Justin Garrison, envoy-users
At the L4 level for access control we currently support OOB SSL mutual auth as well as the client SSL auth filter.
Typically adding a new L7 protocol filter is a non-trivial task. It really depends on how complicated the L7 protocol is.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-users+unsubscribe@googlegroups.com.
To post to this group, send email to envoy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/0917aae1-6f8a-41e7-a70e-d8d4b9d43243%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages