我的书签
添加书签
移除书签HTTP dynamic forward proxy
The dynamic forward proxy HTTP filter is used to pause requests if the target DNS host is not already in cache.
Envoy will begin asynchronously resolving the DNS address, unblocking any requests waiting on the response when the resolution completes.
Any future requests will not be blocked as the DNS address is already in cache. The resolution process works similarly to the logical DNS service discovery type with a single target address being remembered at any given time.
Hosts that have not been used for a period of time are subject to a TTL that will purge them.
When the upstream cluster has been configured with a TLS context, Envoy will automatically perform SAN verification for the resolved host name as well as specify the host name via SNI.
The above implementation details mean that at steady state Envoy can forward a large volume of HTTP proxy traffic while all DNS resolution happens asynchronously in the background. Additionally, all other Envoy filters and extensions can be used in conjunction with dynamic forward proxy support including authentication, RBAC, rate limiting, etc.
For further configuration information see the .
Each resolved host/port pair uses a fixed amount of memory global to the server and shared amongst all workers.
Hosts removed via TTL are purged once all active connections stop referring to them and all used memory is regained.
The max_hosts field can be used to limit the number of hosts that the DNS cache will store at any given time.
Long lived upstream connections can have the underlying logical host expire via TTL while the connection is still open. Upstream requests and connections are still bound by other cluster circuit breakers such as . The current assumption is that host data shared between connections uses a marginal amount of memory compared to the connections and requests themselves, making it not worth controlling independently.
