UDP proxying support

[rshriram]

Edit: (@alyssawilk on behalf of @cmluciano)

Design doc:

https://docs.google.com/document/d/1G9IVq7F7Onwinsl6EYzGsdzAGvVbo2FGfcPt35ItIx8)

Roadmap

• General API refactoring (Ex. less file-descriptor hardcoding)
• UDP listener
• UDP "session manager"
• Basic UDP proxying sessions (proxy -> host)
• Advanced UDP proxying features (timeouts, filters, etc.)
• Network filters (need a use-case)
• Clear documentation with configuration and developer walkthroughs of UDP features

Original top level comment (@rshriram)

Just like TCP proxying, it would be great if Envoy had support UDP proxying as well.

The current code for TCP proxying is pretty generic for most part. The flow is something like this:
on_connection_received_callback()
-->pick upstream and connect to it
on_data_received_callback(data)
-->write_to_upstream(data)
on_stream_reset_callback() [downstream reset or upstream reset?]
-->cleanups
Based on a cursory scan through the code, there is also a timer that cleans up connections beyond a certain period of inactivity ( @mattklein123 please confirm).

In terms of UDP support, much of the code in filters above can be repurposed or renamed to be generic to TCP/UDP where possible.

The ClientConnectionImpl class hardcodes the socket type to be Stream. This needs to be changed.

UDP packets with source port 0 should be dropped(?)

Instead of creating/destroying UDP connection objects per packet, the process can be optimized by having a keepalive style timer that deletes the connection objects after timer expiry. UDP datagram size can be fixed to one MTU or less, as a first order approximation, that should (RFC 791, RFC 2460). We do not need to buffer up data and send it out. WDYT?

In terms of session affinity, packets from same src port, src ip would go to same dst port, dst ip.

[mattklein123]

Just like TCP proxying, it would be great if Envoy had support UDP proxying as well.

The current code for TCP proxying is pretty generic for most part. The flow is something like this:
on_connection_received_callback()
-->pick upstream and connect to it
on_data_received_callback(data)
-->write_to_upstream(data)
on_stream_reset_callback() [downstream reset or upstream reset?]
-->cleanups
Based on a cursory scan through the code, there is also a timer that cleans up connections beyond a certain period of inactivity ( @mattklein123 please confirm).

There is not currently any idle timer in the tcp_proxy filter. This is a useful feature to add in either case, and we would want this for UDP.

In terms of UDP support, much of the code in filters above can be repurposed or renamed to be generic to TCP/UDP where possible.

Agreed, almost all of the code can be shared. The name of the "tcp_proxy" filter is unfortunate. I don't know if I would bother renaming it right away. We can do that in a dedicated change if we want.

The ClientConnectionImpl class hardcodes the socket type to be Stream. This needs to be changed.

This is related to what @jamessynge was asking about in terms of why the Address interface also includes socket stuff. I mainly did this for simplicity. Ultimately, for UDP upstreams, we would like the ability to specify the upstream probably as udp://1.2.3.4:80 in terms of the cluster definitions, CDS, etc. Given the current code, the simplest way to do this would be have the Address interface also hold the socket type (as you mentioned in Gitter), and remove this parameter from the various socket related functions. The alternative would be to split the Address interface out and have an Address and a SocketAddress, where a SocketAddress contains an Address. I could really go either way on this. I don't think it's a huge deal.

UDP packets with source port 0 should be dropped(?)

Instead of creating/destroying UDP connection objects per packet, the process can be optimized by having a keepalive style timer that deletes the connection objects after timer expiry. UDP datagram size can be fixed to one MTU or less, as a first order approximation, that should (RFC 791, RFC 2460). We do not need to buffer up data and send it out. WDYT?

Per above, I don't think the filter needs to do anything different whatsoever than it does today. The code can pretty much be identical, along with an idle timer to destroy things. I think where you have to deal with UDP is probably inside ConnectionImpl. You are going to need to know that it is UDP and deal with MTU there. Doing anything else will be too complicated I think.

In terms of session affinity, packets from same src port, src ip would go to same dst port, dst ip.

I don't think you need to worry about this. We will need to have UDP listeners, which bind, and have a filter stack. All of the normal rules then apply for where to forward. Along these lines, we are going to need to make the listener configuration more extensible. Right now we just support "port". I would like to extend this to be something along the lines of:

"bind_config": {
  "type": "udp",
  "address": "0.0.0.0:80"
}

Doing the above will make it easy for schemas, allow us to have pipe listeners, do IPv6, etc. In general I would appreciate it if you could sync up with @jamessynge on all of this, as I think it's related to IPv6 stuff, as well as future work I know probably needs to happen around QUIC, etc.

[mattklein123]

@moderation ^^^ Can you provide any info on the specifics of what scenario you need to support in terms MTU handling, etc.? Want to make sure we are hitting a specific use case.

@rshriram if we do this, I would like to do this in several different changes. For example, we could start with adding UDP listeners, which proxy to TCP. That is a pretty straightforward change and is independent.

[rshriram]

I agree with splitting this into multiple PRs. There are small changes to different subsystems. We should do this piecemeal to make sure we can triage issues easily.

I am unfamiliar with the requirements on QUIC.

With regard to the bind_config, it looks very structured. But couple of questions: why do we need to key off address as well, when port is what matters? (is this related to the issue that @kyessenov posted?) Secondly, will this config be backward compatible with existing configs ? because, it seems to break the config format.

Here is an alternate format (I am okay with either one frankly).

listeners: [
 {
  "port": 80
   "port_type": "udp|tcp" [tcp is default]
...
}

[shalako]

Has there been any progress made on this effort? Is it in active development or open to contribution?

[mattklein123]

No one is working on this that I know of. This did come up today in the context of something that would be good to work on. This is actually a fairly complicated feature and needs some thinking.

@shalako can you provide more color on what you need here actually? Do you just need UDP -> UDP? UDP -> TCP? Should datagram boundaries be preserved? Etc.