5

Scenario

I'm using Istio 1.5

From this question I know the default envoy access log format that Istio uses, which is

\[%{TIMESTAMP_ISO8601:timestamp}\] \"%{DATA:method} (?:%{URIPATH:uri_path}(?:%{URIPARAM:uri_param})?|%{DATA:}) %{DATA:protocol}\" %{NUMBER:status_code} %{DATA:response_flags} \"%{**DATA:mixer_status**}\" %{NUMBER:bytes_received} %{NUMBER:bytes_sent} %{NUMBER:duration} (?:%{NUMBER:upstream_service_time}|%{DATA:tcp_service_time}) \"%{DATA:forwarded_for}\" \"%{DATA:user_agent}\" \"%{DATA:request_id}\" \"%{DATA:authority}\" \"%{DATA:upstream_service}\" %{DATA:upstream_cluster} %{DATA:upstream_local} %{DATA:downstream_local} %{DATA:downstream_remote} %{**DATA:requested_server**}

Note: Since the referenced question is quite old, I'm not sure if this format is still correct for istio 1.5 but it looks pretty is.

Here are my logs

Source:

"-" "-" 0 232 10 9 "-" "curl/7.52.1" "772a4c12-bb1a-4f26-9a18-f354f5a081e0" "ai-service:5000" "10.2.34.209:5000" outbound|5000||ai-service.default.svc.cluster.local 10.2.8.95:45340 172.20.126.246:5000 10.2.8.95:53462 - default

Destination:

[2020-03-26T23:19:00.311Z] "- - -" 0 - "-" "-" 1068 379 9 - "-" "-" "-" "-" "127.0.0.1:5000" inbound|5000||ai-service.default.svc.cluster.local 127.0.0.1:37604 10.2.34.209:5000 10.2.8.95:45340 outbound_.5000_._.ai-service.default.svc.cluster.local -

Question

What are the upstream_local, downstream_local and downstream_remote?

Tran Triet
  • 1,257
  • 2
  • 16
  • 34

2 Answers2

1

Based on the envoy documentation access logging

%UPSTREAM_LOCAL_ADDRESS%

Local address of the upstream connection. If the address is an IP address it includes both address and port.

%DOWNSTREAM_LOCAL_ADDRESS%

Local address of the downstream connection. If the address is an IP address it includes both address and port. If the original connection was redirected by iptables REDIRECT, this represents the original destination address restored by the Original Destination Filter using SO_ORIGINAL_DST socket option. If the original connection was redirected by iptables TPROXY, and the listener’s transparent option was set to true, this represents the original destination address and port.

%DOWNSTREAM_REMOTE_ADDRESS%

Remote address of the downstream connection. If the address is an IP address it includes both address and port.

Community
  • 1
  • 1
Jakub
  • 8,189
  • 1
  • 17
  • 31
  • What I don't understand is "remote" vs "local". `Local address of the upstream connection` - what is the local address? Why is it that in my example, in the source pod, local address is the pod's IP address whereas in the destination, it's the loopback device? – Tran Triet Mar 28 '20 at 02:54
  • 1
    As far as I understand Upstream connections are the service Envoy is initiating the connection to. Downstream connections are the client that is initiating a request through Envoy.[The downstream remote](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/original_src_filter#extra-setup) address used will likely be globally routable. By default, packets returning from the upstream host to that address will not route through Envoy. The network must be configured to forcefully route any traffic whose IP was replicated by Envoy back through the Envoy host. – Jakub Mar 30 '20 at 05:51
0

Here are the definitions from the envoy terminology page:

  • Downstream: A downstream host connects to Envoy, sends requests, and receives responses.
  • Upstream: An upstream host receives connections and requests from Envoy and returns responses.

This matches what @Jakub said in a comment

As far as I understand Upstream connections are the service Envoy is initiating the connection to. Downstream connections are the client that is initiating a request through Envoy

Phil
  • 1,226
  • 10
  • 20