Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuring HCM filter with ECDS in QUIC listeners #38201

Open
iczero opened this issue Jan 27, 2025 · 3 comments · May be fixed by #38221
Open

Allow configuring HCM filter with ECDS in QUIC listeners #38201

iczero opened this issue Jan 27, 2025 · 3 comments · May be fixed by #38221
Labels
enhancement Feature requests. Not bugs or questions.

Comments

@iczero
Copy link

iczero commented Jan 27, 2025
edited
Loading

Description:
The QUIC transport requires the last filter in the filter chain to be an HTTP connection manager. However, the check for this only supports inline typed_config and not ECDS. Since config_discovery explicitly specifies type_urls, I believe it should be possible to support ECDS as well.

Config example:

static_resources:
  listeners:
    name: quic-listener
    address:
      socket_address:
        protocol: UDP
        address: 0.0.0.0
        port_value: 443
    udp_listener_config:
      quic_options:
        idle_timeout: 900s
      downstream_socket_config:
        prefer_gro: true
    filter_chains:
      - transport_socket:
          name: quic-tls
          typed_config:
            '@type': type.googleapis.com/envoy.extensions.transport_sockets.quic.v3.QuicDownstreamTransport
            downstream_tls_context:
              common_tls_context:
                tls_certificates: [...]
        filters:
          - name: quic-http3-hcm
            config_discovery:
              config_source:
                path_config_source:
                  path: '/path/to/ecds.yaml'
              type_urls: ['type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager']

I have written a patch, however I am not sure if it is correct: iczero@afc6a4b. Could you please take a look? I will open a PR if it is workable.
@iczero iczero added enhancement Feature requests. Not bugs or questions. triage Issue requires triage labels Jan 27, 2025
@alyssawilk alyssawilk removed the triage Issue requires triage label Jan 27, 2025
@alyssawilk
Copy link
Contributor

I would suggest if you have a working patch you just raise a PR, as folks are unlikely to take a look without
cc @adisuissa @RyanTheOptimist

@adisuissa
Copy link
Contributor

While it may be possible to add ECDS here, I wonder whether it is the desired behavior?
IMHO changing the entire HCM is somewhat contradictory to the motivation of ECDS - to dynamically update a single filter (HTTP, and then later network/listener were added), so the granularity is sufficiently small.
I'm not against this, but I wonder if the use-case that you desire should be solved in another way.

@iczero
Copy link
Author

iczero commented Jan 27, 2025

@adisuissa I would like to use ECDS so I can update some options on the HCM without reloading the entire listener. I am currently running Envoy with its configuration loaded from the filesystem (xDS path_config_source), so this also comes with the bonus of keeping the HCM config separate from the listener config. I understand it would be less helpful if someone were using an actual control plane.

It's currently possible to use ECDS for the HCM with TCP listeners, but not for QUIC.

@iczero iczero linked a pull request Jan 27, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Feature requests. Not bugs or questions.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

listener: allow configuring HCM filter with ECDS in QUIC listeners iczero/envoy
3 participants
@adisuissa @iczero @alyssawilk