Skip to content

Provide better error logs for filter chains with overlapping rules #6905

Closed
#6906
Closed
Provide better error logs for filter chains with overlapping rules#6905
#6906
Labels
enhancementFeature requests. Not bugs or questions.
Milestone
1.11.0
@PiotrSikora

Description

@PiotrSikora
PiotrSikora
opened on May 11, 2019

Description:

There are 2 configs included:

  • config_exact.yaml with 2 filter chains for example.com,
  • config_overlapping.yaml with 2 filter chains, one for example.com, and another for example.com and www.example.com.

The original detection mechanism for conflicting filter chains from #3217 is based on MessageUtil::hash(), which means that it can only detect exact duplicates of complete filter chain messages, but it cannot detect duplicates in the repeated fields that can have multiple values (e.g. server_names).

The extra detection that was added in #6022 is catching those now (even though it was added for a different reason - to detect use of defined, but unimplemented fields, since it was circumventing the detection based on MessageUtil::hash()), but it returns slightly confusing error.

Repro steps:

bazel-bin/source/exe/envoy-static -c /tmp/configs/config_exact.yaml
[...]
error adding listener '0.0.0.0:9443': multiple filter chains with the same matching rules are defined

bazel-bin/source/exe/envoy-static -c /tmp/configs/config_overlapping.yaml
[...]
error adding listener '0.0.0.0:9443': multiple filter chains with effectively equivalent matching rules are defined

Config:

$ cat /tmp/configs/config_exact.yaml

admin:
  access_log_path: /dev/null
  address:
    socket_address:
      address: 127.0.0.1
      port_value: 9901

static_resources:
  listeners:
  - name: default_listener
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 9443
    filter_chains:
    - filter_chain_match:
        server_names: ["example.com"]
    - filters:
      - name: envoy.tcp_proxy
        config:
          stat_prefix: stats
          cluster: default_cluster
    - filter_chain_match:
        server_names: ["example.com"]
      filters:
      - name: envoy.tcp_proxy
        config:
          stat_prefix: stats
          cluster: default_cluster

  clusters:
  - name: default_cluster
    connect_timeout: 1s
    type: STATIC
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: default_cluster
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: 127.0.0.1
                port_value: 9902

$ cat /tmp/configs/config_overlapping.yaml

admin:
  access_log_path: /dev/null
  address:
    socket_address:
      address: 127.0.0.1
      port_value: 9901

static_resources:
  listeners:
  - name: default_listener
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 9443
    filter_chains:
    - filter_chain_match:
        server_names: ["example.com", "www.example.com"]
    - filters:
      - name: envoy.tcp_proxy
        config:
          stat_prefix: stats
          cluster: default_cluster
    - filter_chain_match:
        server_names: ["example.com"]
      filters:
      - name: envoy.tcp_proxy
        config:
          stat_prefix: stats
          cluster: default_cluster

  clusters:
  - name: default_cluster
    connect_timeout: 1s
    type: STATIC
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: default_cluster
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: 127.0.0.1
                port_value: 9902

Related:
istio/istio#13717

cc @htuch @duderino @howardjohn

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementFeature requests. Not bugs or questions.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions