go-dnscollector icon indicating copy to clipboard operation
go-dnscollector copied to clipboard

Published 20 hours ago verified publisher icon dmachard

DNSTAP compression - selectable per-stream

Open johnhtodd opened this issue 8 months ago • 4 comments

Is your feature request related to a problem? Please describe. Compression/decompression should be an option on any DNSTAP or TCP transmitted stream

Describe the solution you'd like Any data that transits via a DNSTAP or raw TCP session should have the option of being compressed, or uncompressed. This may "break" the other side if it is not a go-dnscollector consumer, but in many cases this is true, such as when DNSTAP messages are transmitted from many edge instances to a central DNSTAP collector (which is also running go-dnscollector.)

Describe alternatives you've considered Using forwarding sockets (localhost:1234) that push data through a compression tool that then forwards the data on could be used, but that's ugly and configuration is extremely difficult to keep track of. A VPN with compression could be used, but many VPNs do not support compression and therefore are not options (and most places will not replace their VPN for this one benefit.)

Additional context DNSTAP messages are highly compressible. They can be sent in reasonably large blocks, which enables significant compression for transmission over long-haul network links. While DNSTAP does not natively support compression, it seems not unreasonable that go-dnscollector could have a configurable compression flag that would mark a stream as being compressed with one of the different models of compression that are supported in other areas of the code currently. This would allow a much more efficient transmission of DNSTAP-based messages through various components.

Example config:

dnstap:
  transport: tcp
  compression: ztd
  remote-address: 10.0.0.1
  remote-port: 6000

It may be useful in the future to allow configuration of additional compression flag based on the model used, since some of the compression methods have better CPU performance or compression based on buffer sizes, etc. (see https://home.apache.org/~dongjin/post/apache-kafka-improved-compression/#:~:text=In%20general%2C%20the%20compressed%20ratio,compression%2Fdecompression%20speed%20and%20size.)

johnhtodd avatar Nov 30 '23 20:11 johnhtodd