Due to a restriction in Envoy’s http 1.1 parser, I’m forced to SNI route to one of my backend services using TCP. Unfortunately, this service is stateful: I need to ensure multiple flows from the same source arrive at the same pod. I decided to use consistent hashing based on the source IP to achieve this
It does not work.
I can see that the destination rule is associated with the cluster, so I didn’t mess that up. Looking further, I noticed that the envoy HashPolicy is normally set in the http route for http backends. There is no such construct in envoy’s tcp proxy: the hashPolicy is set directly in the tcpProxy’s configuration.
I dumped the istioctl proxy-config for the tcpPolicy, and didn’t see any hashPolicy set.
Looking through the istio source for hashPolicy, I can only find it being set for httpRoutes. Is this an oversight? Or am I doing something wrong? Is there anything I can do to enable consistent hashing?
This is the my traffic policy, fwiw:
trafficPolicy: connectionPool: tcp: connectTimeout: 1500ms loadBalancer: consistentHash: useSourceIp: true outlierDetection: baseEjectionTime: 2s consecutiveGatewayErrors: 3 interval: 5s