Closed furtiman closed 2 years ago
I think we can try adding the gateway IP address to the GatewayConnectionStats
message.
The only question is if/how this is going to work when The Things Stack is behind a load balancer / proxy. Then we can't reliably determine the original IP address (unless we add PROXY protocol support).
The only question is if/how this is going to work when The Things Stack is behind a load balancer / proxy. Then we can't reliably determine the original IP address (unless we add PROXY protocol support).
Indeed and additionally, if gateways are using a VPN then this won't work either. This is also one of the reasons we decided not to use IP addresses for location data.
I believe that this should be a sub-component of the broader gateway management issue; https://github.com/TheThingsIndustries/lorawan-stack/issues/2694
@htdvisser I think we can try adding the gateway IP address to the
GatewayConnectionStats
message.
Yes, for it to be requested from GS, for the Console. We don't have to put the IP address in every stats update (to store or events to NOC); only on connect. We could add a initial GatewayConnectionStats
message as event payload to gs.gateway.connect
(currently there's no payload), and include the IP address there.
@htdvisser The only question is if/how this is going to work when The Things Stack is behind a load balancer / proxy. Then we can't reliably determine the original IP address (unless we add PROXY protocol support).
It becomes a bit deployment specific, but in case of UDP we already have the source IP address (even if AWS NLB is in between). In case of Basic Station and MQTT, indeed we'd need Proxy Protocol support. But I would argue that having the source IP address is useful anyhow.
@KrishnaIyer I believe that this should be a sub-component of the broader gateway management issue; TheThingsIndustries/lorawan-stack#2694
How so? The use case here is to show the gateway's IP address in the NOC and potentially Console.
It becomes a bit deployment specific, but in case of UDP we already have the source IP address (even if AWS NLB is in between). In case of Basic Station and MQTT, indeed we'd need Proxy Protocol support.
Indeed, in our AWS ECS deployments we should be able to determine the source IP address, also for MQTT, which uses pretty much the same AWS NLB settings as UDP. For Basic Station, Envoy should also get the correct source IP from AWS NLB, and add an X-Forwarded-For header that we can read in The Things Stack.
The problem is mostly with other (unknown) proxy configurations, but I suppose we can just get away with saying that this feature only works reliably in officially supported deployment models.
The problem is mostly with other (unknown) proxy configurations, but I suppose we can just get away with saying that this feature only works reliably in officially supported deployment models.
Yep. Including not using a load balancer, which isn't really needed with TTSOS anyway.
So we the origin IP already for UDP, Basic Station, GRPC and MQTT. The only thing is that the frontends need to provide the IP address nicely, probably with a new context key.
@KrishnaIyer please assign a version milestone or we discuss in next weekly call.
I've added v3.20.2
taking holidays into account.
Cool. Implementation proposal:
net.Addr
Connect()
(just like rights are set in certain frontends)connect()
(of pkg/gatewayserver/io/udp.(*srv)
) take the *net.UDPAddr
so it can put that in a derived context before calling Connect
Connect()
(of pkg/gatewayserver/io/mqtt.(*connection)
) put the RemoteAddr
and Transport
from the given auth info in a new struct that implements net.Addr
X-Real-IP
to the desired valuegs.gateway.connect
(also make sure to declare the event data type in the event definition) with a type that includes the address and transport strings. These come straight from net.Addr
.GatewayConnectionStats
so they get stored by GS and they can be retrieved by the Console etc. This value needs to be stored just once as it doesn't change. It therefore doesn't need to be in the new gs.gateway.connection.stats
event either.Proposal looks good to me. However, I think that adding the new struct (or net.Addr
) as an argument to Connect
seems better to me instead of passing it in the context.
Summary
Add gateway IP address to
gs.gateway.connect
event. Can be reliably determined for UDP, Basic Station and gRPC gateways but not for MQTT gateways.Why do we need this?
To be able to use / display IP of the gateway to users.
What is already there? What do you see now?
evtGatewayConnect
not containing IP addressWhat is missing? What do you want to see?
IP address added to payload of the event.
Environment
3.19.2
How do you propose to implement this?
Add extra payload and change event data type in
gs.gateway.connect
event (pkg/gatewayserver/observability
)How do you propose to test this?
UT?
Can you do this yourself and submit a Pull Request?
cc @johanstokking will put you for now