当前位置:网站首页>Detailed explanation of MOSN reverse channel

Detailed explanation of MOSN reverse channel

2022-08-03 04:42:00 SOFAStack

文|Zheng Zechao(GitHub ID:CodingSinger )

字节跳动高级工程师


Is keen on micro service and ServiceMesh 开源社区

本文 6802 字 阅读 15 分钟

贡献者前言

It is very catch a horse,当时和 MOSN Meeting for the rain, is was responsible for open source projects Dubbo-go Contribute code attack.In his well as Dubbo 开源社区的 Committer 之后,Wishing to further study Golang 语言,Under the coincidence met MOSN Big brother strong yuan(Yuan and always led me into the MOSN The door to community).

As a goal alignment Envoy High-performance scalable security network proxy,MOSN Support the ecological capacity of closer to the domestic Internet company technology stack,And response for a new function is also very quickly.其次 MOSN Has a lot to draw lessons from the use of clever design and prestige skills,Can fully meet their in-depth study outside of work Golang The appeals of the language.
 

目前,I have in the community to participate in the EDF Scheduler、LAR、WRR 负载均衡、DSL 路由能力、UDS Listener、Plugin 模式的 Filter Extensions and reverse channel such as larger feature 能力建设.Thank you again for the elder brother of the rain、Yuan of the total、鹏总、YiSong community such as a and all the leaders to help me elegant solutions and help me Review 代码.

This paper mainly introduces before new merge master 分支的「反向通道」The usage scenario and design principle of,欢迎大家留言探讨.

MOSN 项目概述

MOSN(Modular Open Smart Network)是一款主要使用 Go 语言开发的云原生网络代理平台,由蚂蚁集团开源并经过双 11 大促几十万容器的生产级验证,具备高性能易扩展的特点.MOSN 可以和 Istio 集成构建 Service Mesh,也可以作为独立的四、七层负载均衡、API Gateway、云原生 Ingress 等使用.

MOSN The reverse channel to achieve

At the edge of the cloud collaborative network scenarios,Usually are one-way network,Unable to initiate the connection with edge cloud side node communication.This limitation though for the most part to ensure the safety of edge node,但缺点也很明显,Initiate access the cloud that allows only edge node.

Cloud side tunnel is designed to solve the problem of the cloud can't active access edge node,Its essence is a reverse channel(Later referred to as reverse channel).At the edge side initiate even the ways and the cloud between nodes to build a proprietary full-duplex connection,Used to transfer the cloud node request data and sends the final result.

At present, for example SuperEdge、Yurttunnel Such as a renowned cloud side open source framework together,For cloud edge communication implementations are based on reverse channel.

本文将着重介绍 MOSN On the reverse channel operation process and principle.总体架构如下所示(图中箭头表示 TCP To build the reverse)

The whole operation process can be summarized as simple:

1.边缘侧的 MOSN 实例(后文统称为 Tunnel Agent)在启动时 Tunnel Agent Related services coroutines.

2.By specifying a static configuration or dynamic service discovery approach to need to reverse jianlian public cloud side MOSN Server 地址列表(后文统称 Tunnel Server ),And reverse connection to.

3.云侧的 Frontend 与 Tunnel Server Side of the forwarding port for data interaction,This part of the data is managed to establish reverse connection to send before.

4.Edge nodes after receive the request,Then forwards the request to the actual backend target node,Return back pack process is a distance.

Reverse channel boot process

MOSN Agent 通过 ExtendConfig 特性,在 MOSN Start loading and complete initialization Tunnel Agent 的工作.

ExtendConfig 中定义 AgentBootstrapConfig 结构如下:

type AgentBootstrapConfig struct {
	Enable bool `json:"enable"`
	// The number of connections established between the agent and each server
	ConnectionNum int `json:"connection_num"`
	// The cluster of remote server
	Cluster string `json:"cluster"`
	// After the connection is established, the data transmission is processed by this listener
	HostingListener string `json:"hosting_listener"`
	// Static remote server list
	StaticServerList []string `json:"server_list"`

	// DynamicServerListConfig is used to specify dynamic server configuration
	DynamicServerListConfig struct {
		DynamicServerLister string `json:"dynamic_server_lister"`
	}

	// ConnectRetryTimes
	ConnectRetryTimes int `json:"connect_retry_times"`
	// ReconnectBaseDuration
	ReconnectBaseDurationMs int `json:"reconnect_base_duration_ms"`

	// ConnectTimeoutDurationMs specifies the timeout for establishing a connection and initializing the agent
	ConnectTimeoutDurationMs int    `json:"connect_timeout_duration_ms"`
	CredentialPolicy         string `json:"credential_policy"`
	// GracefulCloseMaxWaitDurationMs specifies the maximum waiting time to close conn gracefully
	GracefulCloseMaxWaitDurationMs int `json:"graceful_close_max_wait_duration_ms"`

	TLSContext *v2.TLSConfig `json:"tls_context"`
}

ConnectionNum:Tunnel Agent 和每个 Tunnel Server Establish the number of physical connection.

HostingListener:指定 Agent After establishing a connection managed MOSN Listener,即 Tunnel Server From the request will be by the Listener 托管处理.

DynamicServerListConfig:动态 Tunnel Server The service discovery related configuration,Can be customized service discovery service component provides the dynamic address.

CredentialPolicy:Custom connection level of authentication policy configuration.

TLSContext:MOSN TLS 配置,提供 TCP Confidentiality and reliability of the above communication.

For each remote Tunnel Server 实例,Agent 对应一个 AgentPeer 对象,Startup in addition to actively establish ConnectionNum A reverse communication connection,Will additional build a bypass connections,The bypass connections is mainly used to send some control parameters,For example a smooth closing connections、Adjust the proportion of connection.

func (a *AgentPeer) Start() {
	connList := make([]*AgentClientConnection, 0, a.conf.ConnectionNumPerAddress)
	for i := 0; i < a.conf.ConnectionNumPerAddress; i++ {
	  // Initialization and reverse connection to
		conn := NewAgentCoreConnection(*a.conf, a.listener)
		err := conn.initConnection()
		if err == nil {
			connList = append(connList, conn)
		}
	}
	a.connections = connList
	// To build a bypass control connection
	a.initAside()
}

initConnection Methods for specific initialization complete reverse connection,Adopt the index retreated to guarantee within the maximum retries jianlian success.

func (a *connection) initConnection() error {
	var err error
	backoffConnectDuration := a.reconnectBaseDuration

	for i := 0; i < a.connectRetryTimes || a.connectRetryTimes == -1; i++ {
		if a.close.Load() {
			return fmt.Errorf("connection closed, don't attempt to connect, address: %v", a.address)
		}
		// 1. Initialize the physical connection and transfer reverse connection metadata
		err = a.init()
		if err == nil {
			break
		}
		log.DefaultLogger.Errorf("[agent] failed to connect remote server, try again after %v seconds, address: %v, err: %+v", backoffConnectDuration, a.address, err)
		time.Sleep(backoffConnectDuration)
		backoffConnectDuration *= 2
	}
	if err != nil {
		return err
	}
	// 2. 托管listener
	utils.GoWithRecover(func() {
		ch := make(chan api.Connection, 1)
		a.listener.GetListenerCallbacks().OnAccept(a.rawc, a.listener.UseOriginalDst(), nil, ch, a.readBuffer.Bytes(), []api.ConnectionEventListener{a})
	}, nil)
	return nil
}

The main steps:

1.a.init( ) 方法会调用 initAgentCoreConnection Method initializes the physical connection and complete the building even interaction.Tunnel Server 通过 Agent Transmission of metadata information,Manage reverse connection.Specific interactions and agreement will fine speak later.

2.Build even after successful,Tunnel Agent 托管 raw conn 给指定的 Listener.之后该 raw conn The life cycle of by the Listener 全权管理,And simply reuse the Listener 的能力.

It defines the initialization reverse connection interactive process,Specific code details can see:

pkg/filter/network/tunnel/connection.go:250,This article is not a technical details.

交互过程

目前 MOSN The reverse channel support only raw conn 的实现,So define a network communication protocol, a set of simple and clear.

主要包括:

协议魔数:2 byte;

协议版本:1 byte;

The main structure types:1 byte,包括初始化、Smooth closing, etc;

The main data length:2 byte;

JSON The main body of the serialized data.

MOSN Reverse channel full lifecycle interaction process:

Jianlian process by the Tunnel Agent 主动发起,并且在 TCP 连接建立成功(TLS 握手成功)之后,Will set up even reverse the key information ConnectionInitInfo Serialized and transmitted to the end Tunnel Server,This structure defines the reverse channel metadata information.

// ConnectionInitInfo is the basic information of agent host,
// it is sent immediately after the physical connection is established
type ConnectionInitInfo struct {
	ClusterName      string                 `json:"cluster_name"`
	Weight           int64                  `json:"weight"`
	HostName         string                 `json:"host_name"`
	CredentialPolicy string                 `json:"credential_policy"`
	Credential       string                 `json:"credential"`
	Extra            map[string]interface{} `json:"extra"`
}

Tunnel Server After accept the metadata information,主要工作包括:

1.If you have set the custom authentication way,Is connected to;

2.clusterManager To add the connection to the specified ClusterSnapshot And back to write to build even the results.

Jianlian process in order to be complete at this time.

func (t *tunnelFilter) handleConnectionInit(info *ConnectionInitInfo) api.FilterStatus {
	// Auth the connection
	conn := t.readCallbacks.Connection()
	if info.CredentialPolicy != "" {
		// 1. The custom authentication operation,篇幅原因省略
	}
	if !t.clusterManager.ClusterExist(info.ClusterName) {
		writeConnectResponse(ConnectClusterNotExist, conn)
		return api.Stop
	}
	// Set the flag that has been initialized, subsequent data processing skips this filter
	err := writeConnectResponse(ConnectSuccess, conn)
	if err != nil {
		return api.Stop
	}
	conn.AddConnectionEventListener(NewHostRemover(conn.RemoteAddr().String(), info.ClusterName))
	tunnelHostMutex.Lock()
	defer tunnelHostMutex.Unlock()
	snapshot := t.clusterManager.GetClusterSnapshot(context.Background(), info.ClusterName)
	// 2. host加入到指定的cluster
	_ = t.clusterManager.AppendClusterTypesHosts(info.ClusterName, []types.Host{NewHost(v2.Host{
		HostConfig: v2.HostConfig{
			Address:    conn.RemoteAddr().String(),
			Hostname:   info.HostName,
			Weight:     uint32(info.Weight),
			TLSDisable: false,
		}}, snapshot.ClusterInfo(), CreateAgentBackendConnection(conn))})
	t.connInitialized = true
	return api.Stop
}

Then the communication process,为了便于理解,The following figure request one-way flow diagram for example:
 

在传统的 MOSN Sidecar 应用场景中,Frontend Send the request of the first pass Client-MOSN,And then through the routing module,Initiative to create a connection(虚线部分)And transfer to the end,经由 Server-MOSN biz-listener Handling over to Backend.

The scene at the edge of the cloud of reverse channel implementation,Client MOSN(Tunnel Server) On to the end Tunnel Agent Launched to create a reverse channel after the request of,Is the physical connection to join the routing to the end MOSN 的 cluster snapshot 中.从而 Frontend The request of the flow can be seen by the reverse channel flow to the end MOSN,而因为 Tunnel Agent Side gave the connection managed to biz-listener,Read and write processing were made by biz-listener 进行处理,biz-listener Will process the request and then forwarded to the real Backend 服务.

总结和规划

本文主要介绍了 MOSN A reverse channel the principle and design idea.MOSN As high-performance cloud native network agent,Hope to more effectively support the ability of a reverse channel as the edge of cloud synergy scenario continues the east-west traffic duty.

当然,We will continue to do a series of follow-up development support,包括但不限于:

1.A reverse channel support gRPC 实现,gRPC As the most generic cloud native times service communication framework,Itself is built in a variety of strong governance capacity;

2.Combined with more cloudy native scene,Built-in more general Tunnel Server Dynamic service discovery component;

3.More complete automated operations and deployment tools.

 了解更多...

MOSN Star 一下:
https://github.com/mosn/mosn

Come and join us to build🧸

原网站

版权声明
本文为[SOFAStack]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/215/202208030435092862.html