-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Notice: grpc-go will stop sending RPCs before HTTP/2 SETTINGS frame is received #64
Comments
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
due to soheilhy/cmux#64 fix #820 fix #840 fix #841
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
Any ideas how to match grpc-go requests then? |
@lulian7 - IIUC you should be able to use the workaround suggested here for Java gRPC clients: https://github.com/soheilhy/cmux#limitations |
@dfawley Works. I missed that. |
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
This removes RequireHandshakeHybrid support and changes the default behavior to RequireHandshakeOn. Dial calls will now block and wait for a successful handshake before proceeding. Users relying on the old hybrid behavior (cmux users) should consult soheilhy/cmux#64. Also, several tests have been updated to take this into consideration by sending settings frames.
Testing with gRPC-Go 1.19.1 I can't get this to work even with
Has anything changed in 1.19 to make this even harder? I tried debugging by sending non-matched entries to another listener and printing the output and this is what I got:
or as a byte slice:
I'm not sure what format this is. Any ideas? @menghanl @dfawley |
@johanbrandhorst No, this behavior didn't change in 1.19. Does it work with 1.18? Is the client a simple client? |
I haven't tried 1.18 yet, but yes it is a simple grpc-go client. I'll try 1.18 and below. |
Hm, everything is working as expected when serving gRPC without TLS. I guess this is a false alarm. What's the best way to use |
For future reference; I got the following working:
|
This was carried over from some ancient grpc-gateway example code[1]; and we're not exposing the GRPC API that way right now. Using (*grpc.Server).ServeHTTP has some issues: 1. it's known to be slow, very slow[2] 2. it's seems to be not working with go-grpc >= 1.19 [3] Furthermore, we're exposing the proper GRPC server (the native go-grpc one) on a different port. If decide to (finally!) expose our GRPC API, that's the thing we should expose. So, since we don't need this multiplexing business, we shouldn't keep the code around. This is the cleanup. [1]: https://github.com/philips/grpc-gateway-example/ [2]: grpc/grpc-go#586 [3]: soheilhy/cmux#64 (comment) Signed-off-by: Stephan Renatus <[email protected]>
This was carried over from some ancient grpc-gateway example code[1]; and we're not exposing the GRPC API that way right now. Using (*grpc.Server).ServeHTTP has some issues: 1. it's known to be slow, very slow[2] 2. it's seems to be not working with go-grpc >= 1.19 [3] Furthermore, we're exposing the proper GRPC server (the native go-grpc one) on a different port. If decide to (finally!) expose our GRPC API, that's the thing we should expose. So, since we don't need this multiplexing business, we shouldn't keep the code around. This is the cleanup. [1]: https://github.com/philips/grpc-gateway-example/ [2]: grpc/grpc-go#586 [3]: soheilhy/cmux#64 (comment) Signed-off-by: Stephan Renatus <[email protected]>
* automate-gateway: cleanup GRPC/HTTP multiplexing cruft This was carried over from some ancient grpc-gateway example code[1]; and we're not exposing the GRPC API that way right now. Using (*grpc.Server).ServeHTTP has some issues: 1. it's known to be slow, very slow[2] 2. it's seems to be not working with go-grpc >= 1.19 [3] Furthermore, we're exposing the proper GRPC server (the native go-grpc one) on a different port. If decide to (finally!) expose our GRPC API, that's the thing we should expose. So, since we don't need this multiplexing business, we shouldn't keep the code around. This is the cleanup. [1]: https://github.com/philips/grpc-gateway-example/ [2]: grpc/grpc-go#586 [3]: soheilhy/cmux#64 (comment) * [integration] automate-gateway: fix tests to use GRPC port So apparently these HAD used the multiplexing code I've deleted. Well, they don't have to. Changed the hardcoded port to automate-gateway's default grpc port. Signed-off-by: Stephan Renatus <[email protected]>
@johanbrandhorst I finally took some time to sketch a code snippet to make our use case work. It did, but I don't know if it's going to work after reading this commit (as we didn't upgraded to that grpc-go version yet). I want to expose grpc-gateway + pure grpc in the same port without security; It's a microservice never exposed directly to the outside so it's ok. But I don't want to commit to a solution that cannot be extended in the future by adopting an approach like BeyondCorp. This means that our microservice should be able to be exposed publicly by, obviously, using TLS. The mentioned code allows addition TLS over the whole cmux but I don't know if you encountered further problems with this approach? |
There should be no reason you can't do TLS termination before any packets reach the service. |
Correct, thanks for confirming. Although we found another issue with the combo grpc-gateway, grpc, port-sharing, cmux and persistent connections kept by a reverse proxy (envoy in this case). It seems that Take this sequence as an example:
WDYT @johanbrandhorst? PS.: I don't really know which is the right forum for this question as there are lots of little components taking part in the overall problem... |
This is probably not the place, no. Maybe raise an issue against Envoy? |
Already asked in Envoy and it seems like nothing could be done there as it keeps one and only connection pool for everything no matter it's plain or gRPC. UPDATE: It can be done but cannot because we're using Contour to manage Envoy. @mpuncel wrote:
|
There's a question to be asked about why you're using cmux behind a proxy like envoy anyway. Envoy can do the traffic splitting for you, so why not just remove the cmux? |
There are several reasons:
Did you have this problem previously @johanbrandhorst? How do you currently operate services that publish both gRPC + REST in your environment? Thanks! |
I think we can move this discussion to the #grpc channel on Gophers slack. We've taken up this issue for long enough. |
breaking change: grpc/grpc-go#2406 workaround described in: - soheilhy/cmux#64 - https://github.com/soheilhy/cmux#limitations
breaking change: grpc/grpc-go#2406 workaround described in: - soheilhy/cmux#64 - https://github.com/soheilhy/cmux#limitations Signed-off-by: Christian Weichel <[email protected]>
breaking change: grpc/grpc-go#2406 workaround described in: - soheilhy/cmux#64 - https://github.com/soheilhy/cmux#limitations Signed-off-by: Christian Weichel <[email protected]>
breaking change: grpc/grpc-go#2406 workaround described in: - soheilhy/cmux#64 - https://github.com/soheilhy/cmux#limitations Signed-off-by: Christian Weichel <[email protected]>
* Add unit test for gRPC over cmux Signed-off-by: Yuri Shkuro <[email protected]> * Fix tests Signed-off-by: Yuri Shkuro <[email protected]> * Fix gRPC query service cmux breaking change: grpc/grpc-go#2406 workaround described in: - soheilhy/cmux#64 - https://github.com/soheilhy/cmux#limitations Signed-off-by: Christian Weichel <[email protected]> * Fix asertions Signed-off-by: Yuri Shkuro <[email protected]> * Use DialContext Signed-off-by: Yuri Shkuro <[email protected]> * Clean-up timeouts Signed-off-by: Yuri Shkuro <[email protected]>
* Add unit test for gRPC over cmux Signed-off-by: Yuri Shkuro <[email protected]> * Fix tests Signed-off-by: Yuri Shkuro <[email protected]> * Fix gRPC query service cmux breaking change: grpc/grpc-go#2406 workaround described in: - soheilhy/cmux#64 - https://github.com/soheilhy/cmux#limitations Signed-off-by: Christian Weichel <[email protected]> * Fix asertions Signed-off-by: Yuri Shkuro <[email protected]> * Use DialContext Signed-off-by: Yuri Shkuro <[email protected]> * Clean-up timeouts Signed-off-by: Yuri Shkuro <[email protected]>
do I understand this correctly if I assume that I can still serve http2 and http1(grpc server+ grpc gateway server) via cmux on the same port and have TLS for the clients and I only have to enable tls on the listener that I provide to cmux and disable tls for the servers the cmux is routing to? ie. I still can serve secure grpc and grpc gateway via cmux since both servers are linked to the cmux only via memory and not network, hence no security issue with tls "termination" on cmux level? |
That is correct, TLS is terminated by cmux, but it's still in-memory, so it's about the same level of security. |
Ran into this issue. Can we at least update the documentation for this? |
gRPC-Go has been waiting for the settings frame for a while now (soheilhy#64), and having the old handler in the example is confusing users (soheilhy#67). Use the new handler in the example and remove the "Limitations" from the README.
gRPC-Go has been waiting for the settings frame for a while now (soheilhy#64), and having the old handler in the example is confusing users (soheilhy#67). Use the new handler in the example and remove the "Limitations" from the README.
* Add unit test for gRPC over cmux Signed-off-by: Yuri Shkuro <[email protected]> * Fix tests Signed-off-by: Yuri Shkuro <[email protected]> * Fix gRPC query service cmux breaking change: grpc/grpc-go#2406 workaround described in: - soheilhy/cmux#64 - https://github.com/soheilhy/cmux#limitations Signed-off-by: Christian Weichel <[email protected]> * Fix asertions Signed-off-by: Yuri Shkuro <[email protected]> * Use DialContext Signed-off-by: Yuri Shkuro <[email protected]> * Clean-up timeouts Signed-off-by: Yuri Shkuro <[email protected]>
This is a notice that grpc-go intends to change in a way that we know will break the way cmux currently works by default. This will bring grpc-go in line with grpc-java's behavior, and C/wrapped languages will be following suit as well. Details and justification for the change can be found in grpc/grpc#17006. grpc-go's migration plan is proposed in grpc/grpc-go#2406. Please feel free to comment in the appropriate PR/issue for questions or concerns about this. Apologies in advance for the breaking change.
The text was updated successfully, but these errors were encountered: