MOSN is a cloud native proxy for edge or service mesh. https://mosn.io

MOSN logo

Build Status codecov Go Report Card license

中文

MOSN is a network proxy written in Golang. It can be used as a cloud-native network data plane, providing services with the following proxy functions: multi-protocol, modular, intelligent, and secure. MOSN is the short name of Modular Open Smart Network-proxy. MOSN can be integrated with any Service Mesh which support xDS API. It also can be used as an independent Layer 4 or Layer 7 load balancer, API Gateway, cloud-native Ingress, etc.

Features

As an open source network proxy, MOSN has the following core functions:

  • Support full dynamic resource configuration through xDS API integrated with Service Mesh.
  • Support proxy with TCP, HTTP, and RPC protocols.
  • Support rich routing features.
  • Support reliable upstream management and load balancing capabilities.
  • Support network and protocol layer observability.
  • Support mTLS and protocols on TLS.
  • Support rich extension mechanism to provide highly customizable expansion capabilities.
  • Support process smooth upgrade.

Download&Install

Use go get -u mosn.io/mosn, or you can git clone the repository to $GOPATH/src/mosn.io/mosn.

Notice

  • If you need to use code before 0.8.1, you may needs to run the script transfer_path.sh to fix the import path.
  • If you are in Linux, you should modify the SED_CMD in transfer_path.sh, see the comment in the script file.

Documentation

Contributing

See our contributor guide.

Partners

Partners participate in MOSN co-development to make MOSN better.

End Users

The MOSN users. Please leave a comment here to tell us your scenario to make MOSN better!

Community

See our community materials on https://github.com/mosn/community.

Visit the MOSN website for more information on working groups, roadmap, community meetings, MOSN tutorials, and more.

Scan the QR code below with DingTalk(钉钉) to join the MOSN user group.

Community meeting

MOSN community holds regular meetings.

Landscapes

  

MOSN enriches the CNCF CLOUD NATIVE Landscape.

Owner
MOSN
The Cloud Native Proxy for Edge or Service Mesh
MOSN
https://github.com/mosn/mosn
Comments
  • mosn smooth upgrade problem

    mosn smooth upgrade problem

    为什么热重启机制需要新老进程 两个 unix domain socket server 通信交互?

    目前分为 旧进程 reconfigerServer 新进程 transferServer,

    1. reconfigerServer 只是新进程主动判断 isReconfigure() 就结束了连接
    2. 迁移 listener fd 以及 connection fd 让旧进程作为 client 角色

    如果仅使用 reconfigerServer 作为交互通信会存在哪些问题.

    Environment

    • SOFAMosn 0.7.0
  • fix(update sub context): support to set upstream sub protocol dynamically

    fix(update sub context): support to set upstream sub protocol dynamically

    … context

    https://github.com/mosn/mosn/issues/1809

    Your PR should present related issues you want to solve.

    Solutions

    通过路由发生协议切换,需要更新 sub 协议的值,否则无法创建对应链接池的信息

  • 两个并发,upstream消息返回但是没有处理,导致请求超时

    两个并发,upstream消息返回但是没有处理,导致请求超时

    Describe the bug

    2个并发,500+请求,rpc请求,用的xprotocol

    必现有一个或者多个请求超时,上游服务端已经正常返回消息,但是mosn并没有处理请求。

    367e9b96-7751-408a-af4e-f1dd8f74ec61为客户端发送的streamid debug日志发现 [367e9b96-7751-408a-af4e-f1dd8f74ec61] Xprotocol get serverStreamConnectionEventListener 其他正常的请求 [b1a19589-fb67-41e9-a48c-130f632b12a5] Xprotocol get serverStreamConnectionEventListener &{0xc4205b9f90 0xc4204527e0 0xc4200274d0 0xc4200c7920 0xc4204f23c0 0xc420474d80 0xc4203b08c0 0xc420027440 {{0 0} 0 0 0 0} 0xc4203ae780 0xc4203ae640 [0xc420048a00]}

    有一个客户端请求conn.serverStreamConnectionEventListener为空导致的问题,mosn认为请求是由upstream响应的请求,只转发了请求,但是并未处理回来的请求。

    Concurrency Level: 2 Time taken for tests: 32.080 seconds Complete requests: 500 Failed requests: 1 (Connect: 0, Receive: 0, Length: 1, Exceptions: 0) Write errors: 0 Non-2xx responses: 1 Total transferred: 99769 bytes HTML transferred: 16254 bytes Requests per second: 15.59 [#/sec] (mean) Time per request: 128.322 [ms] (mean) Time per request: 64.161 [ms] (mean, across all concurrent requests) Transfer rate: 3.04 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 1 1.8 0 13 Processing: 6 69 1343.9 9 30059 Waiting: 6 69 1343.9 8 30058 Total: 7 71 1343.9 10 30062 Percentage of the requests served within a certain time (ms) 50% 10 66% 11 75% 12 80% 13 90% 15 95% 17 98% 19 99% 21 100% 30062 (longest request)

    Environment

    0.5

  • MOSN是否支持动态设置BindPort

    MOSN是否支持动态设置BindPort

    Your question

    我的mosn前面有个负载均衡器,当mosn的端口开始监听的时候,负载均衡器就会认为业务正常,但是实际情况,mosn监听端口不一定代表业务正常。

    所以咨询一下mosn是否支持动态设置BindPort,比如我的listenerConfig默认设置bindToPort=false,等业务逻辑ready了(如:健康检查通过了),再主动set bindToPort = true,开始监听端口。

    Environment

    • MOSN Version

    Logs

    • Paste the logs you see.
  • [BUG] Request hangs if the upstream connection closes at the first time and then it does retry.

    [BUG] Request hangs if the upstream connection closes at the first time and then it does retry.

    Describe the bug

    本地启动了两个端口,分别监听http2和http1端口,配置cluster的两个实例分别对应到这两个端口。mosn转发的端口配置HTTP2协议,开启http2_use_stream配置,期望请求在转发到http1实例失败后成功重试并得到http2端口的响应。

    但实际测试时,请求hang住了。我加上日志打点后,发现第一次http2的请求到http1端口后,upstream关闭了连接,然后触发了异步协程写data时的报错,然后 HandleError pkg/module/http2/mhttp2.go L1296 这个函数会关闭downstream的SendData,再次重试时,SendData在 pkg/module/http2/mhttp2.go L1140 读取时失败,goroutine退出,因为第一次的http2 server没有关闭connection,导致waitNotify的请求协程一直等待,直到超时退出。

    总结,一共两个问题:

    1. 请求失败后直接关闭SendData是否应该?
    2. 异步协程退出后是否需要有相应机制保证请求的协程能收到事件?
  • run mosn as data plane sidecar proxy along with istio 1.10.0

    run mosn as data plane sidecar proxy along with istio 1.10.0

    Issues associated with this PR

    Your PR should present related issues you want to solve.

    Solutions

    You should show your solutions about the issues in your PR, including the overall solutions, details and the changes. At this time, Chinese is allowed to describe these.

    UT result

    Unit Test is needed if the code is changed, your unit test should cover boundary cases, corner cases, and some exceptional cases. And you need to show the UT result.

    Benchmark

    If your code involves the processing of every request, you should give the Benchmark Result.

    Code Style

    • Make sure Goimports has run
    • Show Golint result
  • Golang update to 1.18

    Golang update to 1.18

    The New Feature

    Describe the new feature you want to support clearly.

    Your scenes

    Describe your use scenes (why need this feature).

    Your advice

    Describe the advice or solution of this new feature.

    Environment

    • MOSN Version
  • feature: grpc network filter

    feature: grpc network filter

    背景

    MOSN 基于go grpc server框架提供一个GRPC Server的能力,相比于原生的go grpc server框架,可以获得如下能力:

    • 完全复用MOSN Sidecar的部署、升级、运维能力
    • 可复用MOSN中通用的基础能力:热升级、Listener Filter、部分Network Filter 等

    设计思路

    • MOSN的gRPC 能力主要还是基于官方的gRPC 库进行核心能力的实现,并且尽量减少gRPC Server开发者感受到的差异
    • 基于NetworkFilter机制进行实现

    详细设计

    • 首先梳理一下NetworkFilter机制与处理流程 image
    • 在配置解析时,完成gRPC Server的启动,随着MOSN的Listener监听开始提供服务
    • 一个连接对应一个NetworkFilter对象
      • InitializeReadFilterCallbacks 和 OnNewConnection 也是在连接创建时调用的接口,负责进行连接初始化的工作
      • OnData是在收到数据以后调用的接口,负责数据的传递
    • go gRPC Server库,从“监听”的Listener中Accept一个连接,然后进行读写,而在MOSN框架中,Listener的监听和连接数据的读写都处理过了,这里需要进行一层处理
      • Listener和Conn 都是interface,可以在MOSN的Filter中进行处理以后,再把数据传给gRPC Server,做到gRPC Server无感知
      • 在配置解析时,实现Listener的封装
      • 在InitializeReadFilterCallbacks中实现Conn的封装
      • 在OnNewConnection中将封装的Conn传递给封装的Listener,触发Listener.Accept
      • 在OnData中将读取到的数据传递给封装的Conn,触发Conn.Read image
    • gRPC Server的实现
      • 在使用官方gRPC 框架实现gRPC Server的时候,开发者需要基于proto文件生成一个.pb.go文件,同时需要实现一组接口满足proto中定义的接口实现,将其注册(Register)到gRPC Server框架中
      • MOSN的gRPC NetworkFilter也需要提供类似的注册能力,让开发者只关注对应gRPC Server实现逻辑,然后注册到MOSN框架中即可
    • MOSN GRPC框架要求开发者实现一个函数,该函数返回一个未调用Serve方法的grpc server。框架会使用自定义的Listener去调用Serve方法实现对数据的拦截处理
    func init() {
    mgrpc.RegisterServerHandler("mygrpc", MyFunc)
}
func MyFunc(_ json.RawMessage) *grpc.Server {
    s := grpc.NewServer()
    // pb 是.pb.go所在的package路径
    // server 是开发者实现的api接口
    pb.RegisterGreeterServer(s, &server{})
    return s
}
    • 预期使用的配置示例
    {
        "servers":[
                {
                        "default_log_path":"stdout",
                        "default_log_level":"DEBUG",
                        "listeners":[
                                {
                                        "address":"127.0.0.1:2045",
                                        "bind_port": true,
                                        "filter_chains": [{
                                                "filters": [
                                                        {
                                                                "type":"grpc",
                                                                "config": {
                                                                        "server_name":"mygrpc",
                                                                        "address":"127.0.0.1:2045"
                                                                }
                                                        }
                                                ]
                                        }]
                                }
                        ]
                }
        ]
}
  • Feature update to xDS v3 API

    Feature update to xDS v3 API

    Issues associated with this PR

    #1311

    Solutions

    Update xDS v3 API with Istio 1.7.7

    UT result

    Unit Test is needed if the code is changed, your unit test should cover boundary cases, corner cases, and some exceptional cases. And you need to show the UT result.

    Benchmark

    If your code involves the processing of every request, you should give the Benchmark Result.

    Code Style

    • Make sure Goimports has run
    • Show Golint result
  • add ip_access filter

    add ip_access filter

    add IPAllowlist filter

    Issues associated with this PR

    Your PR should present related issues you want to solve.

    Solutions

    You should show your solutions about the issues in your PR, including the overall solutions, details and the changes. At this time, Chinese is allowed to describe these.

    UT result

    Unit Test is needed if the code is changed, your unit test should cover boundary cases, corner cases, and some exceptional cases. And you need to show the UT result.

    Benchmark

    If your code involves the processing of every request, you should give the Benchmark Result.

    Code Style

    • Make sure Goimports has run
    • Show Golint result
  • [DISCUSSION] Add SkyWalking go SDK as a plugin

    [DISCUSSION] Add SkyWalking go SDK as a plugin

    The New Feature

    Does the MOSN have a plugin or filter mechanism to add a tracing/APM agent? SkyWalking has its LUA agent for Nginx, Kong and OpenResty, https://github.com/apache/skywalking-nginx-lua As it has the go agent https://github.com/SkyAPM/go2sky, so if you have the mechanism, we could try to invite our committer, @arugal to work with your team.

    WDYT?

  • release version v1.4.0

    release version v1.4.0

    Issues associated with this PR

    Your PR should present related issues you want to solve.

    Solutions

    You should show your solutions about the issues in your PR, including the overall solutions, details and the changes. At this time, Chinese is allowed to describe these.

    UT result

    Unit Test is needed if the code is changed, your unit test should cover boundary cases, corner cases, and some exceptional cases. And you need to show the UT result.

    Benchmark

    If your code involves the processing of every request, you should give the Benchmark Result.

    Code Style

    • Make sure Goimports has run
    • Show Golint result
  • optimize: jwtauthn

    optimize: jwtauthn

    Issues associated with this PR

    Your PR should present related issues you want to solve.

    Solutions

    You should show your solutions about the issues in your PR, including the overall solutions, details and the changes. At this time, Chinese is allowed to describe these.

    UT result

    Unit Test is needed if the code is changed, your unit test should cover boundary cases, corner cases, and some exceptional cases. And you need to show the UT result.

    Benchmark

    If your code involves the processing of every request, you should give the Benchmark Result.

    Code Style

    • Make sure Goimports has run
    • Show Golint result
  • feat: key auth

    feat: key auth

    Issues associated with this PR

    参考 apisix 的 key-auth 功能,https://apisix.apache.org/zh/docs/apisix/plugins/key-auth/

    Solutions

    match 部分的结构和代码主要参考 jwtauthn,对 envoy/jwt_authn/v3 进行了一定的删减

    UT result

    Unit Test is needed if the code is changed, your unit test should cover boundary cases, corner cases, and some exceptional cases. And you need to show the UT result.

    Benchmark

    If your code involves the processing of every request, you should give the Benchmark Result.

    Code Style

    • Make sure Goimports has run
    • Show Golint result
  • Why pprof debug server do not support hot upgrade?

    Why pprof debug server do not support hot upgrade?

    Your question

    Debug server init here,

    func DefaultInitStage(c *v2.MOSNConfig) {
	InitDefaultPath(c)
	InitDebugServe(c)
	InitializePidFile(c)
	InitializeTracing(c)
	InitializePlugin(c)
	InitializeWasm(c)
	InitializeThirdPartCodec(c)
}

    And started here:

    func (m *Mosn) inheritConfig(c *v2.MOSNConfig) (err error) {
	m.Config = c
	server.EnableInheritOldMosnconfig(c.InheritOldMosnconfig)

	// default is graceful mode, turn graceful off by set it to false
	if !c.DisableUpgrade && server.IsReconfigure() {
		m.isFromUpgrade = true
		if err = m.inheritHandler(); err != nil {
			return
		}
	}
	log.StartLogger.Infof("[mosn] [NewMosn] new mosn created")
	// start init services
	if err = store.StartService(nil); err != nil {
		log.StartLogger.Errorf("[mosn] [NewMosn] start service failed: %v, exit", err)
	}
	return
}

    StartService(nil) means do not inherit old listeners. So if "pprof" enabled, hot upgrade will fail.

  • integrate with mosn.io/envoy-go-extension

    integrate with mosn.io/envoy-go-extension

    Issues associated with this PR

    Your PR should present related issues you want to solve.

    Solutions

    You should show your solutions about the issues in your PR, including the overall solutions, details and the changes. At this time, Chinese is allowed to describe these.

    UT result

    Unit Test is needed if the code is changed, your unit test should cover boundary cases, corner cases, and some exceptional cases. And you need to show the UT result.

    Benchmark

    If your code involves the processing of every request, you should give the Benchmark Result.

    Code Style

    • Make sure Goimports has run
    • Show Golint result
Related tags
Network proxy service-mesh sidecar data-plane
Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。

Advertisement GOPROXY Introduction The GoProxy is a high-performance http proxy, https proxy, socks5 proxy, ss proxy, websocket proxies, tcp proxies,

Jan 9, 2023
Simple edge server / reverse proxy

reproxy Reproxy is simple edge HTTP(s) sever / reverse proxy supporting various providers (docker, static, file). One or more providers supply informa

Dec 29, 2022
Mcc - The MESH Companion Container (MCC) is a p2p layer and modified Kademlia DHT that provides functionality for service discovery

MCC The MESH Companion Container (MCC) is a p2p layer and modified Kademlia DHT

Jun 20, 2022
The Cloud Native Application Proxy
 The Cloud Native Application Proxy

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your ex

Dec 30, 2022
Native ZooKeeper client for Go. This project is no longer maintained. Please use https://github.com/go-zookeeper/zk instead.

Native Go Zookeeper Client Library License 3-clause BSD. See LICENSE file. This Repository is No Longer Maintained Please use https://github.com/go-zo

Dec 19, 2022
A service to proxy requests to a given backend service.

Proxy Service A service to proxy requests to a given backend service. Go 1.17+ Clone git clone [email protected]:janu-cambrelen/proxy-service.git Run (L

Jan 5, 2022
HTTP, HTTP2, HTTPS, Websocket debugging proxy
 HTTP, HTTP2, HTTPS, Websocket debugging proxy

English | 简体中文 We recommend updating whistle and Node to ensure that you receive important features, bugfixes and performance improvements. Some versi

Dec 31, 2022
inlets-connect is a proxy that supports HTTPS and the CONNECT method

inlets-connect inlets-connect is a proxy that supports HTTPS and the CONNECT method. It can be deployed as a side-car or stand-alone to proxy to a sin

Nov 7, 2022
Local Portable HTTP/HTTPS Proxy

SkelgoKey Portable Local Web Proxy - Creates a local proxy that bypasses any network certificate checks - USAGES Windows .\SkeletonKey.exe (web addres

Oct 13, 2021
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
 Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.

Features • Installation • Usage • Running Proxify • Installing SSL Certificate • Applications of Proxify • Join Discord Swiss Army Knife Proxy for rap

Jan 8, 2023
Goproxy - HTTP/HTTPS Forward and Reverse Proxy

Go HTTP(s) Forward/Reverse Proxy This is intended to provide the proxy for the goproxy frontend. It is currently a work in progress, and is not very s

Jan 4, 2022
This is a tool that will proxy simple HTTPS requests to an external HTTP endpoint
 This is a tool that will proxy simple HTTPS requests to an external HTTP endpoint

AcmeShield A secured HTTP proxy that forwards requests from a remote service(Postman). This is a tool that will proxy simple HTTPS requests to an exte

Mar 21, 2022
Websockify-go - A reverse proxy that support tcp, http, https, and the most important, noVNC, which makes it a websockify

websockify-go | mproxy a reverse proxy that support tcp, http, https, and the mo

Aug 14, 2022
Simple HTTP/HTTPS proxy - designed to be distributed as a self-contained binary that can be dropped in anywhere and run.

Simple Proxy This is a simple HTTP/HTTPS proxy - designed to be distributed as a self-contained binary that can be dropped in anywhere and run. Code b

Jan 7, 2023
Connect your devices into a single private WireGuard®-based mesh network.

Wiretrustee A WireGuard®-based mesh network that connects your devices into a single private network. Why using Wiretrustee? Connect multiple devices

Dec 31, 2022
NAT puncher for Wireguard mesh networking.

natpunch-go This is a NAT hole punching tool designed for creating Wireguard mesh networks. It was inspired by Tailscale and informed by this example.

Dec 12, 2022
🌐 (Web 3.0) Pastebin built on IPFS, securely served by Distributed Web and Edge Network.
 🌐 (Web 3.0) Pastebin built on IPFS, securely served by Distributed Web and Edge Network.

pastebin-ipfs 简体中文 (IPFS Archivists) Still in development, Pull Requests are welcomed. Pastebin built on IPFS, securely served by Distributed Web and

Jan 1, 2023
Service that calls uzma24/project1 service, takes input from .txt file and prints JSON output returned from the service.

Service that calls uzma24/project1 service, takes input from .txt file and prints JSON output returned from the service. Program can take large input files.

Feb 6, 2022
Compiler as a Service is a compiler that is available over http/https and gRPC

BlakBoks(CaaS) Elasticsearch but for compiling untrusted code Compiler as a Service is a compiler that is available over http/2 and gRPC. Setup First

Nov 24, 2021