Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support setting the DNS lookup family #944

Closed
klarose opened this issue Oct 30, 2018 · 2 comments
Closed

Support setting the DNS lookup family #944

klarose opened this issue Oct 30, 2018 · 2 comments
Assignees
@kflynn
Milestone
0.50.1

Comments

@klarose
Copy link

klarose commented Oct 30, 2018
edited
Loading

Please describe your use case / problem.
I want to allow access to an external service such as a google api. I want to force access to that external service to be IPv4 or IPv6 depending on my kubernetes deployment.

This problem arises when an external service may resolve to an IPv4 or IPv6 address (e.g. ryun . Envoy does not run Happy Eyeballs, so if my ambassador pod does not have IPv6 access, and DNS resolves the service to an IPv6 address, or vice versa with IPv4, then the upstream request will fail.

This problem may not be consistent, as it depends entirely on how the DNS resolution logic invoked by Envoy behaves.

Describe the solution you'd like
I want to be able to tell a given service to use:

  • V4 Only
  • V6 Only
  • Auto

The default should stay as it is now -- "Auto".

Envoy supports a cluster option called dns_lookup_family. The solution should set this value according to the Mapping configuration.

I propose a new attribute of the Mapping object, called "dns". It will contain any options related to DNS resolution for the given mapping.

Underneath that attribute, we will add: lookup_family: <v4-only|v6-only|auto>

For example, if we want to access httpbin.org only with IPv4 connections:

apiVersion: ambassador/v0
kind:  Mapping
name:  httpbin_mapping
prefix: /httpbin/
service: httpbin.org:80
host_rewrite: httpbin.org
dns:
    lookup_family: v4-only

Describe alternatives you've considered
I would have preferred a solution which used happy eyeballs, but I couldn't figure out how to make envoy do that.

Additional context
An example of a service with both V4 and V6 addresses:

nslookup chat.googleapis.com
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
chat.googleapis.com	canonical name = googleapis.l.google.com.
Name:	googleapis.l.google.com
Address: A.B.C.1
Name:	googleapis.l.google.com
Address: A.B.C.2
Name:	googleapis.l.google.com
Address: A.B.C.3
[SNIP]
Name:	googleapis.l.google.com
Address: A.B.C.N
Name:	googleapis.l.google.com
Address: wwww:xxxx:yyyy:zzzz:1234

I proposed this in the ambassador-dev slack channel.

I prototyped this by hacking it into ircluster.py.
@klarose klarose mentioned this issue Oct 30, 2018
Closed
@swalberg
Copy link
Contributor

I am having a similar problem, and would like to be able to either turn off v6 at the service level or globally. Disabling IPv6 on my nodes has not been enough to get Envoy to stop trying IPv6.

@kflynn kflynn self-assigned this Feb 1, 2019
@kflynn kflynn added this to the 0.50.1 milestone Feb 1, 2019
@kflynn
Copy link
Member

kflynn commented Feb 12, 2019

Done in 0.50.1.

@kflynn kflynn closed this as completed Feb 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kflynn kflynn

Labels
None yet
Projects
None yet
Milestone
0.50.1
Development

No branches or pull requests
3 participants
@swalberg @kflynn @klarose