address: support IPv4/IPv6 dual bind.#332
Conversation
This is the same as haproxy's v4v6 bind option: https://serverfault.com/questions/747895/bind-to-all-interfaces-for-ipv4-and-ipv6-in-haproxy. Signed-off-by: Harvey Tuch <[email protected]>
|
@rlazarus @mattklein123 Needed for Google dual stacks environments. If this proposal is agreeable, we can hold off on the merge until I implement the equivalent capability Envoy-side. |
| // <https://tools.ietf.org/html/rfc3493#page-11>`_. Binding to :: will allow | ||
| // both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 | ||
| // space as ::FFFF:<IPv4-address>. | ||
| bool ipv4_compat = 6; |
There was a problem hiding this comment.
Another option would be to allow binding to multiple addresses, and then explicitly specifying both the ipv4 and ipv6 addresses to bind to. That would also allow binding to multiple ipv4 addresses, for instance.
If we go with this instead, how is this implemented? Is there a socket option that enables this, or is it implemented by binding two sockets (one for each address family)?
There was a problem hiding this comment.
I agree multiple addresses are another option. It depends where we want to use this; we have an immediate need in the admin interface, so this would involve adding support for multiple admin addresses. For regular use in listeners, it's already possible to just configure a second listener which is otherwise identical.
For our purposes, the current PR is a small delta that fixes our admin interface problem. If there is broader interest in more flexible admin interface binding from others, I'd be open to doing that instead.
In terms of implementation, this is the IPV6_V6ONLY socket option, described in http://man7.org/linux/man-pages/man7/ipv6.7.html. We already set this, forcing it IPv6-only in https://github.com/envoyproxy/envoy/blob/master/source/common/network/address_impl.cc#L223.
There was a problem hiding this comment.
I think this is fine then. It is the easiest way to listen on any address for both ipv4 and ipv6. We can still add multiple-address listeners later if we want/need to.
Signed-off-by: Harvey Tuch <[email protected]>
This adds support for listening for both IPv4 and IPv6 when binding to ::. Risk Level: Low Testing: Added unit tests for resolver and address implementations. No integration tests yet, need to convert the admin integration test to v2 first to allow for ipv4_compat to be set on the admin bind address. API Changes: envoyproxy/data-plane-api#332 Signed-off-by: Harvey Tuch <[email protected]>
3 participants
This is the same as haproxy's v4v6 bind option:
https://serverfault.com/questions/747895/bind-to-all-interfaces-for-ipv4-and-ipv6-in-haproxy.
Signed-off-by: Harvey Tuch [email protected]