x-envoy-upstream-rq-timeout-ms & use_remote_addr
303 views
Skip to first unread message
mr.ik...@gmail.com
Sep 1, 2017, 4:51:30 AM9/1/17
to envoy-users
Hi guys,
While deploying envoy at $work I encountered unexpected behavior (for me) which I would like to clarify. Few words about my setup before. We use envoy as local proxy sitting on bare-metal machines and proxies request to services within company.
What I observed is that envoy ignores x-envoy-upstream-rq-timeout-ms set by local downstream client. After studying the code, I found that envoy consider a request without XFF header as external (source/common/http/utility.cc:130) and drop bunch of headers from further consideration (source/http/conn_manager_utility.cc:87). Setting use_remote_addr in HTTP connection manager's configuration set XFF and "fixes" the issue.
The connection between timeouts, XFF and use_remote_add is unclear for me. Can you please clarify?!
I would also propose to clarify this moment in docs (ready to submit PR as soon as things start make sense for me :-)).
Thank you,
Ivan
Matt Klein
Sep 1, 2017, 2:19:02 PM9/1/17
to mr.ik...@gmail.com, envoy-users
Yeah, the docs here could definitely be better. Roughly, your assessment is correct. Envoy sanitizes various headers if a request is not internal for fairly obvious reasons. Internal is ultimately determined via XFF, which may or may not be set via the use_remote_address option as you point out.
Where in the docs should this have been discussed that would have helped you? I could envision adding more information in a few different places and cross linking.
--
You received this message because you are subscribed to the Google Groups "envoy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-users+unsubscribe@googlegroups.com.
To post to this group, send email to envoy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/b52653fd-48ba-451b-8849-a6aaace3993f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ivan Kruglov
Sep 6, 2017, 4:40:01 PM9/6/17
to Matt Klein, envoy-users
Hi Matt,
I think I would like to see more detailed information with examples in following areas:
* internal vs external request (perhaps a definition in "Terminology").
* how it's related to ingress/egress requests
* difference in behavior when serving internal vs external (for instance how timeouts are affected)
* clarification in 'use_remote_address' section that it can make envoy ignore some of the headers
I think that a set of examples explaining common cases would greatly help here.
Also, the "fairly obvious reasons" in "Envoy sanitizes various headers if a request is not internal for fairly obvious reasons." is not so obvious :-) Worth clarification IMO.
Ivan
Matt Klein
Sep 6, 2017, 11:14:38 PM9/6/17
to Ivan Kruglov, envoy-users
Reply all
Reply to author
Forward
0 new messages