Skip to content

reverse_tunnels: add gRPC streaming client for reverse tunnel reporting #44344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
aakugan wants to merge 3 commits into
base: main
Choose a base branch
from

Grpc client for reverse tunnel reporting and the unit tests

d568b1f
Select commit
Loading
Failed to load commit list.
Draft

reverse_tunnels: add gRPC streaming client for reverse tunnel reporting #44344

Grpc client for reverse tunnel reporting and the unit tests
d568b1f
Select commit
Loading
Failed to load commit list.
CI (Envoy) / Envoy/Checks succeeded Apr 9, 2026 in 16m 49s

Envoy/Checks (success)

Check has finished

Details

Check run finished (success ✔️)

The check run can be viewed here:

Envoy/Checks (pr/44344/main@d568b1f)

Check started by

Request (pr/44344/main@d568b1f)

aakugan @aakugan d568b1f #44344 merge main@94828ca

reverse_tunnels: add gRPC streaming client for reverse tunnel reporting

BUILDS on #44342. Please review that one first.
INCREMENTAL DIFFS

Commit Message

Add gRPC streaming client for reverse tunnel reporting

Additional Description

Adds a bidirectional gRPC streaming client that pushes reverse tunnel connection state to a remote ReverseTunnelReportingService. This is a client implementation for the EventReporter introduced in the previous PR.

Protocol:

  • On connect (and every reconnect) the client does a full state push of all known connections obtained from the reporter.
  • Between connects the client sends incremental diffs on a periodic send timer. Empty messages serve as heartbeats.
  • Each request carries an incrementing nonce. The server ACKs by echoing the nonce; a NACK carries an error_detail and triggers disconnect.
  • If too many nonces remain unacked the client disconnects and reconnects, treating the server as dead or stuck.
  • The server may adjust the send interval via report_interval in its ACK; the client floors it at 25ms to prevent tight loops.

Key components:

  • GrpcClient: implements ReverseTunnelReporterClient and Grpc::AsyncStreamCallbacks. Manages stream lifecycle, nonce tracking, send/retry timers, and per-cluster stats.
  • GrpcClientFactory: dynamically registered factory resolved by the EventReporter when constructing clients from config.
  • GrpcClientConfig: parsed config struct with defaults (5s send interval, 5s retry, 5 max retries, 1M buffer).

Additional considerations:

  • initialized_ guard prevents silent event queuing if cluster lookup or client creation fails during onServerInitialized().
  • Buffer overflow while disconnected does not re-arm the retry timer.
  • Nonce reset on every new stream to avoid stale ACK confusion.

Risk Level: Low

Testing

Unit tests

Environment

Request variables

Key Value
ref ac3e56d
sha d568b1f
pr 44344
base-sha 94828ca
actor aakugan @aakugan
message reverse_tunnels: add gRPC streaming client for reverse tunnel reporting...
started 1775736158.192682
target-branch main
trusted false
Build image

Container image/s (as used in this CI run)

Key Value
default docker.io/envoyproxy/envoy-build:86873047235e9b8232df989a5999b9bebf9db69c
mobile docker.io/envoyproxy/envoy-build:mobile-86873047235e9b8232df989a5999b9bebf9db69c
Version

Envoy version (as used in this CI run)

Key Value
major 1
minor 38
patch 0
dev true
View more details on CI (Envoy)