Skip to content

VIP15: Specifying source address for outgoing sockets

Jump to bottom Edit New page
Dridi Boukelmoune edited this page Jun 24, 2022 · 5 revisions

Synopsis

Make it possible to specify source address for outgoing TCP connections (backends, -M)

Why?

Traffic engineering.

How?

This is the hard bit. Ideally the IETF had paid more attention to how one specifies network addresses, but as the long list of RFC's on how to write IPv6 addresses document, they are morons.

The best proposal I can come up with is something like:

IP [PORT] '/' IP [PORT]

The trivial way to implement this would be to double the size of struct suckaddr which has merits as it could then be used to have all the info about a TCP connection, but it is a major API breakage fest.

A less intrusive way is to special-case it for -M and backend definitions, which "only" breaks that backend API for VMODS.

Alternate suggestions by Dridi

Regarding API considerations, I think suckaddr should not be concerned with source addresses, and endpoints where need to track both destinations and sources should have suckaddrs for both. We probably want a separate function for this source address use case:

int
VTCP_connect_from(const struct suckaddr *dest, const struct suckaddr *src, int msec);

For source address usage, we should mimic timeouts and start from a runtime parameter:

backend_source_address

  • default value: auto (don't bind, leave it to the system)
  • syntax: CIDR[, CIDR]

Up to two IP addresses or blocks, one per address family.

We could then override at the backend level:

backend be {
    .host = "IP";
    .source_address = "auto | CIDR[, CIDR]";
}

And finally, override at the task level:

sub vcl_backend_fetch {
    set bereq.source_address = "auto | CIDR[, CIDR]";
}

This implies that we don't generalize a syntax for -M or other features in this setup.

Add a custom footer
Add a custom sidebar
Clone this wiki locally