dpvs
dpvs copied to clipboard
iqiyi
DPVS支持proxy protocol吗?
https://leeweir.github.io/2018/01/31/%E8%A7%A3%E5%86%B3fullnat%E4%B8%8B%E8%8E%B7%E5%8F%96%E7%94%A8%E6%88%B7%E6%BA%90IP/ 参考下这个下面的介绍,代理协议即 PROXY protocol,是haproxy的作者Willy Tarreau于2010年开发和设计的一个Internet协议,通过为tcp添加一个很小的头信息,来方便的传递客户端信息(协议栈、源IP、目的IP、源端口、目的端口等),在网络情况复杂又需要获取客户IP时非常有用
类似于TOA是在转发的时候将客户端信息传到tcp option里面,而proxy protocol是插在tcp payload里面。后端可以按照需要去获取
DPVS定义了一个私有协议传递CientIP,和这个非常类似,可以避免修改app,解决可能的MTU和IP头选项字段不足的问题,参考include/uoa.h和uoa/README.md。 不过只针对UDP实现了这个协议,TCP已经有TOA了。
新协议插入到原来TCP payload的位置,之前也考虑过,不过意味着要修改app,做不到app透明。 虽然UOA也需要修改UDP的app,不过这是UDP Socket无连接导致的。如果将UOA/OPP这个私有选项协议用于TCP,理论上不需要APP做任何修改,可以做到不入侵APP,完全透明。 当然,你说的这个协议,可能是个标准协议,各个开源会去支持,我看支持的项目还挺多的。 而私有协议只能自己去实现,推广比较难。
Hi, thank you for dpvs! I would love to switch from haproxy to dpvs in our project but we need this proxy protocol support for get real IP on nginx's nodes.
BTW, starting from nginx 1.13.11 supports the PROXY protocol v2. It would be great if it would be possible to choose the version.
@hroost we have implemented proxy protocol, but not fully tested yet. and team was busy with dpvs/ipv6, it may need more time to truly support this protocol.
mu
Not support yet, but we will consider to support this.
At 2019-03-01 19:32:56, "Aleksey" [email protected] wrote:
Hey, is the any news or plans about protocol support?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
https://leeweir.github.io/2018/01/31/%E8%A7%A3%E5%86%B3fullnat%E4%B8%8B%E8%8E%B7%E5%8F%96%E7%94%A8%E6%88%B7%E6%BA%90IP/
Updated URL: https://leeweir.github.io/posts/fullnat-get-sip/
