udp: add new key based hash policy

[davidkornel]

Commit Message:
This feature adds a new hash policy to the udp_proxy_filter. Previously there was only one hash policy supported. This patch introduces a new field called 'key'. Envoy users can set this field while configuring and hash based load balancing algorithms
can choose an upstream host based on the value of this new field.

SourceIp based hash policy cannot route multiple clients to the same upstream host. With key based hash policy you can do this easily.

Additional Description: None
Risk Level: LOW
Testing: bazel test
Docs Changes: Add a new option called 'key' under UdpProxyConfig's hash_policy.
Release Notes: None

[repokitteh-read-only]

Hi @davidkornel, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #15967 was opened by davidkornel.

see: more, trace.

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/envoy/.
envoyproxy/api-shepherds assignee is @mattklein123
CC @envoyproxy/api-watchers: FYI only for changes made to api/envoy/.

🐱

Caused by: #15967 was opened by davidkornel.

see: more, trace.

[rojkov]

What's the use case for the new policy? Is it to disable load balancing without touching cluster config?

[mattklein123]

What's the use case for the new policy? Is it to disable load balancing without touching cluster config?

+1 curious about the use case here?

/wait-any

[davidkornel]

What's the use case for the new policy? Is it to disable load balancing without touching cluster config?

As I mentioned in this comment, we want to make envoy handle VOIP calls. In a VOIP call, there are 4 different UDP streams (2 RTP 2 RTCP). The upstream hosts are UDP/RTP proxies, for obvious reasons we want and need to load balance all four streams to the same upstream proxy. We couldn't figure out a better solution than hashing on the call-id. Call-id is unique for each call.

This feature aims to support terminating RTP and RTCP streams at the same endpoint by hashing on a given session-id/call-id.

[mattklein123]

But what is the point of having a fixed hash key that will always hash to effectively a single host? Why not just have a single host in the cluster? Don't you really want to hash some bytes in the payload that represents the call id?

[davidkornel]

But what is the point of having a fixed hash key that will always hash to effectively a single host? Why not just have a single host in the cluster? Don't you really want to hash some bytes in the payload that represents the call id?

So on the VoIP media plane, every single voice call is represented by 4 district UDP streams: a UDP/RTP stream that carries the actual voice samples and a UDP/RTCP stream carrying call quality statistics for the caller->callee direction, and the same for the reverse direction. Each UDP stream will have its own downstream port and so its own UDP listener and its own cluster configured in Envoy, and we need to load-balance all four UDP streams that belong to a single call to the same upstream host (an actual RTP proxy like RTPengine) otherwise things break. Our solution is to set the same key in all four UDP listeners/clusters and then rely on the new hash policy implemented in this PR to make sure all UDP streams are hashed to the same upstream host.
Now another VoIP call will have its own (different) key configured for its 4 UDP listeners/clusters, so the corresponding UDP streams will most probably land at another upstream host. This way we get load balancing at the level of distinct calls, and not at the level of individual UDP streams. We checked this and with this PR things seem to work fine.

But wait, there's more. If the upstream host becomes unhealthy our call will need to be rerouted to another host(there are more than one upstream endpoints). Since we still have the same fix hash key set for each UDP stream this PR also makes sure that the reconnected UDP streams again land at the same upstream once Envoy removes the unhealthy host from the endpoint list.

Unfortunately, we cannot rely on any information in the actual payloads for load balancing, since there are no stable hash keys carried by RTP/RTCP headers (call ids are negotiated in the control plane) across the 4 UDP streams.
I guess the confusion originates in that UDP semantics are so much different from TCP/HTTP: while a TCP listener is multiplexing an arbitrary number of downstream hosts, a UDP listener is dedicated to a single downstream host in VoIP. So we'll have 4x as many UDP listeners configured in Envoy as there are calls, but this is just the way VoIP was defined to work...

[mattklein123]

Unfortunately, we cannot rely on any information in the actual payloads for load balancing, since there are no stable hash keys carried by RTP/RTCP headers (call ids are negotiated in the control plane) across the 4 UDP streams.
I guess the confusion originates in that UDP semantics are so much different from TCP/HTTP: while a TCP listener is multiplexing an arbitrary number of downstream hosts, a UDP listener is dedicated to a single downstream host in VoIP. So we'll have 4x as many UDP listeners configured in Envoy as there are calls, but this is just the way VoIP was defined to work...

This seems utterly insane, but thanks for the length explanation. This makes sense to me. @rojkov ?

Can you fix CI? (note main is currently broken and will be fixed soon)

[davidkornel]

Thanks for the quick response.
One of the new tests fails here. I'll look at it tomorrow, interesting part is that it does not fail if I run it locally. Any idea how could this happen?

[rojkov]

Thank you for the explanation! It's amazing Envoy is still applicable in such interesting setups. This case is worth to be documented IMHO.

I left a few comments about formatting mostly.

[rojkov]

I guess this doc string needs to be extended to reference the VoIP case and to mention that listeners (unlike clusters?) are created dynamically by control plane for every single call (am I right here?).

[davidkornel]

Alright, I'll rewrite this, and mentioning the VoIP case is a good idea. Should I tag/mention this PR in that for further information for future users?

[rojkov]

I'd better make it self sufficient, because this string will go to the user docs.

[rojkov]

Replace it with

 UNREFERENCED_PARAMETER(downstream_addr);

[davidkornel]

Changed it! Thanks.

[rojkov]

Move this member to the private section and rename it to key_ to conform the coding style.

[davidkornel]

Moved it! Thanks.

[rojkov]

Mark it explicit.

[davidkornel]

Done! Thanks.

[rojkov]

Just return the result of HashUtil::xxHash64(Key) for brevity.

[davidkornel]

Yes, it's better. Thanks.

[rojkov]

Better make the names conform the style: key_ and empty_key_.

[davidkornel]

Did it. Thanks.

[rojkov]

I'd better make it self sufficient, because this string will go to the user docs.

[rojkov]

Make sure the string this member is referencing doesn't go out of scope. This may be the reason why the CI test if failing.
And speaking of the string... Wouldn't it be more efficient to calculate the hash only once upon the hash method's instantiation if key is const anyway?

[davidkornel]

Make sure the string this member is referencing doesn't go out of scope. This may be the reason why the CI test is failing.

It was the problem, thanks for the hint.

And speaking of the string... Wouldn't it be more efficient to calculate the hash only once upon the hash method's instantiation if key is const anyway?

I changed the KeyHashMethod class as you suggested. I have a question. According to the doc string, key must have a minimum length of one. I'm not sure if I should check whether key is empty or not in the constructor (explicit KeyHashMethod(const std::string& key) { hash_ = HashUtil::xxHash64(key); }). I feel like I should, but as I see it would be unnecessary. WDYT?

[rojkov]

Yes, it's not necessary indeed - protobuf will validate the value. But it won't harm to ASSERT() the key is not empty to make sure the tests are properly set up.

Since HashUtil::xxHash64() handles empty inputs gracefully you can move hash_ initialization to the init list, e.g.:

explicit KeyHashMethod(const std::string& key) : hash_{HashUtil::xxHash64(key)} { ASSERT(!key.empty()); }

[rojkov]

Thank you! LGTM modulo one comment is addressed.

[rojkov]

Make it const.

[davidkornel]

Oh, I forgot. Thanks.

[davidkornel]

@rojkov I've made all the changes you requested. Is there anything else you think should be changed? Let me know.

[rojkov]

Thanks! I think it's ready for a second pass @mattklein123

[davidkornel]

@rojkov Could you review? Matt assigned you, I guess it's on you now.

[rojkov]

I can only restate my approval as a first pass reviewer.

[rojkov]

nit: The formatting is funny though. I guess no need to put a new line after every punctuation mark.

[davidkornel]

I changed, it was indeed very interesting looking. I know there's no need for that, but back then I thought it will be good. I just wanted to have shorter lines but ended up looking funny.

[davidkornel]

@rojkov BTW I guess you must approve one more time due to my latest changes. After your approval, Matt has to approve as well, right?

[rojkov]

restating approval

[mattklein123]

LGTM with small doc request, thanks!

/wait

[mattklein123]

Please add a release note for this feature: https://github.com/envoyproxy/envoy/blob/main/docs/root/version_history/current.rst (with link to this new field).

[davidkornel]

I added it, not so sure if it's OK or not, don't have much experience writing release notes. I tried to follow the previous ones.

[mattklein123]

Thanks!