contour icon indicating copy to clipboard operation
contour copied to clipboard

Published 20 hours ago verified publisher icon projectcontour

Envoy IP tagging support

Open bgagnon opened this issue 5 years ago • 3 comments

We have a need for geo-location of incoming client requests for application routing decisions. Contour supports source IP preservation in various ways, including the PROXY protocol.

We think we can leverage Envoy's IP tagging filter for this, but it is not currently available from Contour.

I understand this is really a niche request, but I figured I'd file an issue anyway, as suggested by @youngnick.

bgagnon avatar Oct 11 '19 15:10 bgagnon

We have an extra requirement that makes this even more niche: the CIDRs for the tags are changing often enough in our network that we need to automatically refresh this information from the control plane, without interrupting Envoy on the data plane.

This feature could be generalized to support public geo IP databases (like Maxmind) that would also benefit from periodic automated updates.

In a nutshell, the effect for users of Contour is an extra header in the HTTP requests that reach their upstream service and pods. This extra header geo-locates the incoming client request by subnet/site/city/country/continent or whatever granularity is needed.

bgagnon avatar Oct 11 '19 17:10 bgagnon

https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/geoip_filter there is native support from the envoy

nefelim4ag avatar Jul 15 '23 14:07 nefelim4ag