TCP Proxy¶
TCP Proxy configuration overview.
config.filter.network.tcp_proxy.v2.TcpProxy¶
[config.filter.network.tcp_proxy.v2.TcpProxy proto]
{
"stat_prefix": "...",
"cluster": "...",
"metadata_match": "{...}",
"idle_timeout": "{...}",
"access_log": [],
"deprecated_v1": "{...}",
"max_connect_attempts": "{...}"
}
- stat_prefix
- (string, REQUIRED) The prefix to use when emitting statistics.
- cluster
(string) The upstream cluster to connect to.
Note
Once full filter chain matching is implemented in listeners, this field will become the only way to configure the target cluster. All other matching will be done via filter chain matching rules. For very simple configurations, this field can still be used to select the cluster when no other matching rules are required. Otherwise, a deprecated_v1 configuration is required to use more complex routing in the interim.
- metadata_match
- (core.Metadata) Optional endpoint metadata match criteria. Only endpoints in the upstream cluster with metadata matching that set in metadata_match will be considered. The filter name should be specified as envoy.lb.
- idle_timeout
- (Duration) The idle timeout for connections managed by the TCP proxy filter. The idle timeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection. If not set, connections will never be closed by the TCP proxy due to being idle.
- access_log
- (config.filter.accesslog.v2.AccessLog) Configuration for access logs emitted by the this tcp_proxy.
- deprecated_v1
(config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1) TCP Proxy filter configuration using deprecated V1 format. This is required for complex routing until filter chain matching in the listener is implemented.
Attention
Using this field will lead to problems loading the configuration. If you want to configure the filter using v1 config structure, please make this field a boolean with value
true
and configure via the opaquevalue
field like is suggested in the filter README.
- max_connect_attempts
- (UInt32Value) The maximum number of unsuccessful connection attempts that will be made before giving up. If the parameter is not specified, 1 connection attempt will be made.
config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1¶
[config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1 proto]
TCP Proxy filter configuration using V1 format, until Envoy gets the ability to match source/destination at the listener level (called filter chain match).
{
"routes": []
}
- routes
- (config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1.TCPRoute, REQUIRED) The route table for the filter. All filter instances must have a route table, even if it is empty.
config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1.TCPRoute¶
[config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1.TCPRoute proto]
A TCP proxy route consists of a set of optional L4 criteria and the name of a cluster. If a downstream connection matches all the specified criteria, the cluster in the route is used for the corresponding upstream connection. Routes are tried in the order specified until a match is found. If no match is found, the connection is closed. A route with no criteria is valid and always produces a match.
{
"cluster": "...",
"destination_ip_list": [],
"destination_ports": "...",
"source_ip_list": [],
"source_ports": "..."
}
- cluster
- (string, REQUIRED) The cluster to connect to when a the downstream network connection matches the specified criteria.
- destination_ip_list
- (core.CidrRange) An optional list of IP address subnets in the form “ip_address/xx”. The criteria is satisfied if the destination IP address of the downstream connection is contained in at least one of the specified subnets. If the parameter is not specified or the list is empty, the destination IP address is ignored. The destination IP address of the downstream connection might be different from the addresses on which the proxy is listening if the connection has been redirected.
- destination_ports
- (string) An optional string containing a comma-separated list of port numbers or ranges. The criteria is satisfied if the destination port of the downstream connection is contained in at least one of the specified ranges. If the parameter is not specified, the destination port is ignored. The destination port address of the downstream connection might be different from the port on which the proxy is listening if the connection has been redirected.
- source_ip_list
- (core.CidrRange) An optional list of IP address subnets in the form “ip_address/xx”. The criteria is satisfied if the source IP address of the downstream connection is contained in at least one of the specified subnets. If the parameter is not specified or the list is empty, the source IP address is ignored.
- source_ports
- (string) An optional string containing a comma-separated list of port numbers or ranges. The criteria is satisfied if the source port of the downstream connection is contained in at least one of the specified ranges. If the parameter is not specified, the source port is ignored.