网络过滤器
网络过滤器在 TCP 连接级别处理流量,支持各种协议和功能。
TCP 代理过滤器
基本配置
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: tcp_proxy
cluster: tcp_service
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/var/log/envoy/tcp_access.log"
高级配置
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: tcp_proxy
cluster: tcp_service
idle_timeout: 1h
max_downstream_connection_duration: 2h
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/var/log/envoy/tcp_access.log"
format: "[%START_TIME%] %DOWNSTREAM_REMOTE_ADDRESS% -> %UPSTREAM_HOST% %RESPONSE_FLAGS%\n"
MongoDB 代理过滤器
基本配置
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 27017
filter_chains:
- filters:
- name: envoy.filters.network.mongo_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy
stat_prefix: mongo_proxy
access_log: "/var/log/envoy/mongo_access.log"
emit_dynamic_metadata: true
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: tcp_proxy
cluster: mongo_cluster
MongoDB 功能
- 解析 MongoDB 协议
- 记录查询和响应
- 支持动态元数据
- 提供详细的统计信息
Redis 代理过滤器
基本配置
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 6379
filter_chains:
- filters:
- name: envoy.filters.network.redis_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy
stat_prefix: redis_proxy
settings:
op_timeout: 5s
enable_hashtagging: true
enable_redirection: true
max_buffer_size_before_flush: 16384
buffer_flush_timeout: 3ms
max_upstream_unknown_connections: 100
prefix_routes:
catch_all_route:
cluster: redis_cluster
Redis 集群配置
clusters:
- name: redis_cluster
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: MAGLEV
load_assignment:
cluster_name: redis_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: redis-1
port_value: 6379
- endpoint:
address:
socket_address:
address: redis-2
port_value: 6379
- endpoint:
address:
socket_address:
address: redis-3
port_value: 6379
MySQL 代理过滤器
基本配置
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 3306
filter_chains:
- filters:
- name: envoy.filters.network.mysql_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.mysql_proxy.v3.MySQLProxy
stat_prefix: mysql_proxy
access_log: "/var/log/envoy/mysql_access.log"
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: tcp_proxy
cluster: mysql_cluster
Thrift 代理过滤器
基本配置
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 9090
filter_chains:
- filters:
- name: envoy.filters.network.thrift_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy
stat_prefix: thrift_proxy
transport: AUTO_TRANSPORT
protocol: AUTO_PROTOCOL
route_config:
name: local_route
routes:
- match:
method_name: "getUser"
route:
cluster: user_service
Dubbo 代理过滤器
基本配置
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 20880
filter_chains:
- filters:
- name: envoy.filters.network.dubbo_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.dubbo_proxy.v3.DubboProxy
stat_prefix: dubbo_proxy
protocol_type: Dubbo
serialization_type: Hessian2
route_config:
- name: local_route
interface: "com.example.UserService"
routes:
- match:
method:
name:
exact: "getUser"
route:
cluster: user_service
过滤器链配置
多过滤器组合
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.rate_limit
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.ratelimit.v3.RateLimit
stat_prefix: rate_limit
domain: rate_limit_domain
rate_limit_service:
transport_api_version: V3
grpc_service:
envoy_grpc:
cluster_name: rate_limit_cluster
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: tcp_proxy
cluster: tcp_service
过滤器统计
统计指标
网络过滤器提供丰富的统计指标:
downstream_cx_total:下游连接总数downstream_cx_active:活跃下游连接数downstream_cx_destroy:销毁的下游连接数downstream_cx_destroy_remote:远程关闭的连接数downstream_cx_destroy_local:本地关闭的连接数
自定义统计
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: custom_tcp_proxy
cluster: tcp_service
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/var/log/envoy/custom_tcp_access.log"
format: "[%START_TIME%] %DOWNSTREAM_REMOTE_ADDRESS% -> %UPSTREAM_HOST% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT%\n"
最佳实践
1. 性能优化
- 合理设置缓冲区大小
- 使用适当的超时设置
- 监控过滤器性能
- 避免不必要的过滤器
2. 监控和调试
- 启用访问日志
- 监控统计指标
- 设置性能告警
- 定期审查配置
3. 安全考虑
- 验证上游连接
- 使用 TLS 加密
- 实施访问控制
- 监控异常流量
注意事项
- 网络过滤器会影响连接性能
- 复杂的过滤器链可能难以调试
- 需要确保协议兼容性
- 配置变更需要谨慎测试
网络过滤器为 Envoy 提供了强大的协议处理能力,合理使用可以实现复杂的网络需求。