Multiple TCP services are not routed properly based on the hosts field

Question

I am trying to route the tcp traffic based on hosts , Below are the procedure i followed

I have created a TCP entry on gateway I have the 2 tcp services running in bakend , I created the 2 virtualservices based on hosts field route the traffic.

hosts:
 - echotest.xxxxx.xxxxxxx.com
 tcp:
 - match:
   - port: 31400
   route:
   - destination:
       host: tcp-echo
       port:
         number: 9000
 hosts:
 - isolated-xspp.xxxxx.xxxxxxx.com
 tcp:
 - match:
   - port: 31400
   route:
   - destination:
       host: isolated-xspp-1-0-1
       port:
         number: 8082

RESULTS: Query is always routed to 1st service which is created, hosts section is not processed. But when i query from inside the pod using the k8s service names both the services are responding properly. But Via virtualservice it is not routing properly.

There's no information in a raw TCP connection about which host it tried to connect to - you cannot route TCP connections based on that like you can with HTTP. — nos

Piotr Malec Piotr Malec · Accepted Answer · 2020-01-02T15:50:53

As nos mentioned in comments it is not possible to do this with tcp protocol as there are no L4 Match Attributes that can distinguish TCP connections on same port.

The configuration You have most likely points at the same vip address with same port number. So there is only one listener with matching IP:Port and connections cannot be distinguished from each other so they route to first one every time.

To verify that You can follow Istio deep dive into envoy configuration.

This can be worked around by either modifying the port numbers to be unique or by switching to HTTP protocol so that host information or headers would be present.

Hope this helps.

Multiple TCP services are not routed properly based on the hosts field

1 Answers