Add Envoy TCP Routing example demonstrating source-based dynamic cluster selection #332
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SiiiTschiii
force-pushed
the
SiiiTschiii/example-tcp-re-routing
branch
from
01cba93 to
0d6580d
Compare
PiotrSikora
requested changes
Nov 28, 2025
Member
PiotrSikora
left a comment
PiotrSikora
left a comment
There was a problem hiding this comment.
Thanks, this is great real-world example!
examples/tcp_rerouting/src/generated/envoy.source.extensions.common.wasm.rs
Outdated
Show resolved
Hide resolved
SiiiTschiii
force-pushed
the
SiiiTschiii/example-tcp-re-routing
branch
from
ec7f2b2 to
82184ae
Compare
Author
|
@PiotrSikora thanks for the review. I believe I addressed all of them. |
SiiiTschiii
changed the title
SiiiTschiii
changed the title
Introduce a new Proxy-Wasm TCP filter example that demonstrates dynamic routing of TCP connections based on source IP addresses. This example showcases TCP-level filtering, filling a gap in the existing HTTP-focused examples. Key features: - Dynamic cluster selection based on source IP last octet (even/odd) - Uses Envoy's set_envoy_filter_state foreign function with protobuf encoding - Includes comprehensive Docker Compose setup for testing - Full documentation with usage examples and expected output Implementation details: - Protobuf definitions for Envoy's filter state API - Build script for code generation from proto files - Unit tests for IP parsing and routing logic - Envoy configuration with dual upstream clusters Signed-off-by: Christof Gerber <[email protected]>
- Remove trailing whitespace - Use next_back() instead of last() for better performance Signed-off-by: Christof Gerber <[email protected]>
- Update log 0.4.27 → 0.4.28 - Update proc-macro2 1.0.101 → 1.0.103 - Update quote 1.0.41 → 1.0.42 - Update unicode-ident 1.0.19 → 1.0.22 Generated by: bazelisk run //bazel/cargo:crates_vendor -- --repin all Signed-off-by: Christof Gerber <[email protected]>
Signed-off-by: Christof Gerber <[email protected]>
Signed-off-by: Christof Gerber <[email protected]>
Pin proc-macro2 and quote in build-dependencies to versions compatible with Rust 1.65 (the SDK's MSRV). Without these pins, cargo may select newer versions (e.g., quote 1.0.42) that require Rust 1.68+, causing CI builds to fail. This follows best practices by explicitly pinning problematic transitive dependencies rather than setting rust-version, which is not used by other examples. Signed-off-by: Christof Gerber <[email protected]>
- Add Apache 2.0 license header to set_envoy_filter_state.proto - Remove rust-version field from tcp_rerouting example Cargo.toml - Keep explicit dependency pins for proc-macro2 and quote to ensure Rust 1.65 compatibility This approach follows the pattern of other examples (no rust-version) while ensuring MSRV compatibility through explicit dependency pinning rather than relying on rust-version, which doesn't prevent Cargo from selecting incompatible dependency versions. Signed-off-by: Christof Gerber <[email protected]>
Remove examples/tcp_rerouting/src/generated/ from git tracking and add to .gitignore. Generated code should not be committed as it: - Can be regenerated from the .proto file via build.rs - Creates unnecessary diff noise when dependencies update - Can get out of sync with source The file is automatically generated during build by prost-build, so this does not affect functionality. Signed-off-by: Christof Gerber <[email protected]>
Rename tcp_rerouting to envoy_tcp_routing to: - Clearly indicate this is an Envoy-specific example - Use "routing" instead of "rerouting" for better terminology Changes: - Renamed directory: examples/tcp_rerouting → examples/envoy_tcp_routing - Updated package name: proxy-wasm-example-envoy-tcp-routing - Updated all references in README.md files - Updated Docker Compose network name and WASM filename - Updated Envoy config filter names and WASM path - Updated .gitignore path Signed-off-by: Christof Gerber <[email protected]>
Remove the statement about most examples focusing on HTTP, as it's not essential information for the README. Signed-off-by: Christof Gerber <[email protected]>
Add explanation that the example operates at the TCP stream context (L4) rather than the HTTP application layer, highlighting its usefulness for scenarios where application-layer processing should be avoided. Signed-off-by: Christof Gerber <[email protected]>
Add links to TCP stream and HTTP stream contexts in the Proxy-Wasm spec, and clarify that operating at the TCP level is useful for performance and protocol-agnostic routing decisions. Signed-off-by: Christof Gerber <[email protected]>
…ure enhancements - Fix grammar: "In separate terminals" → "In a separate terminal" - Add consistency: "routes to" → "routes via" in output examples - Add "Note on Destination Information" section explaining: - Hardcoded httpbin.org endpoints in both clusters - PROXY protocol for preserving metadata across TCP hops - Implementation approach using WASM stream context + Envoy config - Document future enhancement for source-based egress router use case: - Routing via different external IPs (e.g., even vs. odd source IP) - Explain conventional network approach (routing tables + IP rules) - Note challenges in managed K8s (requires plugins like Multus CNI) - Clarify how K8s abstracts layer 3 routing configuration Signed-off-by: Christof Gerber <[email protected]>
This reverts commit 467e8d6. The Bazel dependency updates are not related to the envoy_tcp_routing example, which builds using cargo with wasm32-wasip1 target. The example has its own dependency pins in Cargo.toml for MSRV compatibility and does not use the Bazel build system. Signed-off-by: Christof Gerber <[email protected]>
…ble deps - Change build target from wasm32-wasip1 to wasm32-wasi for MSRV (1.65) compatibility - Update docker-compose.yaml to mount wasm32-wasi artifact path - Pin build dependencies to latest MSRV-compatible versions: - prost-build 0.11.9, quote 1.0.41, proc-macro2 1.0 (existing pins) - indexmap 2.11.4, home 0.5.5 (pinned transitive deps) - Update README.md build instructions to reflect new target The wasm32-wasip1 target is not available in Rust 1.65. By switching to wasm32-wasi and constraining transitive dependencies that require newer Rust editions (indexmap 2.12+ needs edition 2024, home 0.5.12+ needs edition 2024), we ensure the example builds with the project's MSRV. Signed-off-by: Christof Gerber <[email protected]>
SiiiTschiii
force-pushed
the
SiiiTschiii/example-tcp-re-routing
branch
from
0e3019b to
1745d75
Compare
Author
|
@PiotrSikora Note on cargo outdated CI Check that is failing The cargo outdated check in CI currently fails for this example because it runs with the latest stable Rust (1.83) rather than the project's MSRV (1.65). When analyzing available updates, it encounters transitive dependencies like home 0.5.12 which require edition 2024 (not yet stabilized in Rust 1.83). The example itself builds successfully with MSRV 1.65 because we've pinned the problematic transitive dependencies (indexmap = "=2.11.4", home = "=0.5.5"). However, cargo outdated doesn't respect these pins when checking the crates.io index for newer versions—it attempts to parse manifests of all available versions and fails on edition 2024 crates. Potential solutions:
The dependency pins are intentional and necessary to maintain MSRV compatibility while still using the latest compatible versions of direct dependencies. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduce a new Proxy-Wasm TCP filter example that demonstrates dynamic routing of TCP connections based on source IP addresses at the TCP stream context (L4). This example showcases application-layer routing decisions without HTTP processing, filling a gap in the existing HTTP-focused examples.
Inspired by the wasmerang project, this example demonstrates advanced TCP routing patterns in Envoy/Istio/K8s environments using WASM filters.
Key Features
set_envoy_filter_stateforeign function with protobuf encodingImplementation Details
Documentation Highlights
This example is useful for scenarios requiring performance-critical or protocol-agnostic routing decisions where application-layer processing should be avoided.