Add SubnetAddressTranslator to translate Cassandra node IPs from private network based on its subnet mask

[jahstreet]

When running Cassandra in a private network and accessing it from outside of that private network via some kind of proxy, we have an option to use FixedHostNameAddressTranslator. But when we want to set it up in a HA way and have more control over latencies in multi-datacenter deployments, that is not enough.

This PR proposes a SubnetAddressTranslator, which translates Cassandra node IP addresses based on the match to the configured subnet IP range (CIDR notation). The assumption is that each Cassandra datacenter nodes belong to different subnets not having intersecting IP ranges, which is the usual configuration for multi-DC Kubernetes and K8ssandra, for example.

[jahstreet]

Is there any additional documentation I should update with this change?

[tolbertam]

Excellent work @jahstreet, thank you! Have some suggestions, but I'm +1 either way.

[tolbertam]

👍 while resolve-contact-points defaults to true, I was thinking about whether we should do the same here, but I think you probably will generally use a DNS name that might change its backing IPs from time to time, so makes sense for this to be false. Was that what you were thinking as well?

[jahstreet]

100%, I expect proxy to have at least 2 replicas eligible for "periodic" restarts, that was the intuition to decide here.

[jahstreet]

Excellent work @jahstreet, thank you! Have some suggestions, but I'm +1 either way.

Thanks! I will push a commit with annotations till Monday morning.

[absurdfarce]

I like the overall idea, just a few things I think need to be tweaked here. Moving the DriverOptions around shouldn't be too bad but I am a bit concerned about adding a new dependency just for this. I'm also not sure I love the additional exception handling code that's been added now... but I can be convinced on either point.

[absurdfarce]

I really don't love the inclusion of another dependency here, even if it's an optional one. It's only used in one class (near as I can tell)... is there really no way to get the functionality we need without adding this in?

[jahstreet]

First thing that comes to mind is implementing it ourselves (or in other words copying it over from the library). Lemme evaluate how much of the util code is needed.

[jahstreet]

We need at least the following functionality to work with subnets here:

• Validate subnet string is in a prefix block format
• Check if subnet contains IP address
• All for IPv4 and IPv6

The library is quite big, so copying over its parts is an overkill.
Then the alternative is to implement these functions ourselves.
Looking into it.

[jahstreet]

A bit of vibe-coding and we can have it with around 100 lines of code. Will work on integrating a change.

[jahstreet]

Submitted the change and dropped the dependency, PTAL 🙏 .

[absurdfarce]

Could just continue here to next iteration of the outer for loop. You know addresses is the empty set at this point so there's no point iterating over it below.

[absurdfarce]

As I look at this now it feels like we had to make this a bit more complicated because AddressUtils.extract() now throws exceptions in most cases rather than just logging errors and returning an empty set. Was there a particular reason for this change? It's not immediately clear the exceptions buy you much here.

[jahstreet]

Previously, #extract code was used only in this class and we logged errors together with reasons of these errors. Now the info about reasons is moved to util method, which is called from multiple places. In this class, I aimed to keep logging (as well as other functionality) as close to the origin as seemed possible to avoid opinionated refactoring, so I needed a way to get reasons of errors from the utility #extract to log them together with the context logs.
Happy to agree on the way it should look like and change accordingly.

[absurdfarce]

Does this log message offer us much useful information?

[jahstreet]

Same as above, it was there so I kept it as is.
As for me, this log is a good additional info when debugging failed to connect issues. Like, one could be surprised to see the client failed to connect logs where contact points do not match the configured ones.
What is your opinion on the need of it?

[absurdfarce]

Apologies, this is on my list but I haven't made it back to reconsider the updated comments in this review. I appreciate your patience @jahstreet!

FWIW I have added this to the 4.19.1 release planning doc under the working assumption that we'll almost certainly get this in in some form we can all agree on.

[absurdfarce]

Nice work @jahstreet! I very much like the idea of bringing the subnet management logic into code in this PR; I appreciate the efforts to avoid the introduction of an extra external dependency.

I want to run this through a full set of unit and integration tests but it looks like there's a few steps that need to happen before we can get this to build with Maven. The changes I'm asking for in this PR should get you to a spot where we can build and run tests... well, these changes plus a "mvn com.coveo:fmt-maven-plugin:format" but you get my point. :)

[jahstreet]

Deal, thx for the feedback.
Will address it asap.

UPD: done.

[jahstreet]

Suggested commit message:

"Add SubnetAddressTranslator to translate Cassandra node IPs from private network based on its subnet mask"

[absurdfarce]

Confirmed that the build looks good locally with the recent changes from @jahstreet . Kicking off a DataStax Jenkins run now to confirm that we haven't had any unexpected regressions.

[absurdfarce]

Bah, Jenkins failed with complaints like the following:

[2025-06-10T22:25:35.767Z] [INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ java-driver-core ---
[2025-06-10T22:25:35.767Z] [INFO] Compiling 796 source files to /home/jenkins/workspace/drivers_java_oss_PR-2013/core/target/classes
[2025-06-10T22:25:38.559Z] [INFO] -------------------------------------------------------------
[2025-06-10T22:25:38.559Z] [ERROR] COMPILATION ERROR : 
[2025-06-10T22:25:38.559Z] [INFO] -------------------------------------------------------------
[2025-06-10T22:25:38.559Z] [ERROR] /home/jenkins/workspace/drivers_java_oss_PR-2013/core/src/main/java/com/datastax/oss/driver/internal/core/addresstranslation/Subnet.java:[21,30] package com.google.common.base does not exist
[2025-06-10T22:25:38.559Z] [INFO] 1 error
[2025-06-10T22:25:38.559Z] [INFO] -------------------------------------------------------------

Weird thing was that local builds were just fine. This made absolutely no sense to me; I spent the afternoon trying various combinations of Maven versions and POM settings to see what might account for the difference.

Naturally the answer was pretty much right in front of me the whole time. This PR was branched off from a point in 4.x before this commit went in. And that commit fixes precisely this behaviour. Once I included this change in my local checkout of the PR branch I was able to easily reproduce the failure above in my local build.

@jahstreet can you merge 4.x into your PR branch so that we can get this fix on your branch as well? I think such a merge + the other work you've already done should enable us to run a full build on our Jenkins server.

Thanks!

[absurdfarce]

Oh, almost forgot... the reason the build now fails with that change in place is because you're using the normal Guava packages here (and potentially other places in your PR... I admit I haven't checked yet). This should be changed to use the shaded packages for Guava along the lines of the VisibleForTesting import just above your addition.

[jahstreet]

Sorry to make you spend much time time on it. Rebase is obviously a good thing to have always. On it.

[absurdfarce]

No worries @jahstreet ... I'm just happy we figured it out and have a clear path now to get this in!

[jahstreet]

Did the visual check and corrected guava references. Hope now it is in a good shape 🤞 .

@absurdfarce how (with which maven args) do you build/compile locally? I wasn't able to reproduce the dependency errors with basic mvn clean package -DskipTests

[absurdfarce]

These changes look good @jahstreet , thanks for jumping on this so fast! A local test build seemed to succeed without a problem so I've kicked off a Jenkins build to (a) confirm that we're good and (b) throw all the unit and integration tests at it. I'm cautiously optimistic we've got it this time!

As for what I've been running... most of the time I've been using the same command used by the DataStax Jenkinsfile (mvn -B -V install -DskipTests -Dmaven.javadoc.skip=true) but I've been able to reproduce it with the even simpler mvn clean install -DskipTests=true. Note that I did not see this failure in my local test builds until I manually added the change to make guava-shaded an optional dependency; prior to that change the only place I saw it was on Jenkins. And I'm pretty sure that's because Jenkins was merging the changes in the PR into the current state of 4.x... which meant the commit making the guava-shaded dependency optional was brought into play. That's just a hypothesis but it seems to fit all the facts.

[absurdfarce]

Hey @jahstreet, the Jenkins run is still ongoing but I'm seeing multiple test failures for SubnetTest and SubnetAddressTest. Haven't looked into it too deeply but most (all?) of the failures look to be from an empty string being passed to the Integer.parseInt() call in Subnet.parse(). I was able to repro immediately by running the test locally in my IDE.

[absurdfarce]

Oh, I see... fortunately this one's an easy fix:

diff --git a/core/src/main/java/com/datastax/oss/driver/internal/core/addresstranslation/Subnet.java b/core/src/main/java/com/datastax/oss/driver/internal/core/addresstranslation/Subnet.java
index ec83626c5..7c25e94e2 100644
--- a/core/src/main/java/com/datastax/oss/driver/internal/core/addresstranslation/Subnet.java
+++ b/core/src/main/java/com/datastax/oss/driver/internal/core/addresstranslation/Subnet.java
@@ -45,7 +45,7 @@ class Subnet {
   }
 
   static Subnet parse(String subnetCIDR) throws UnknownHostException {
-    List<String> parts = Splitter.on("/").splitToList("/");
+    List<String> parts = Splitter.on("/").splitToList(subnetCIDR);
     if (parts.size() != 2) {
       throw new IllegalArgumentException("Invalid subnet: " + subnetCIDR);
     }

[jahstreet]

Thx for the hints @absurdfarce 🦅 👁️ . Indeed, the fast refactoring outputted the tiny bug. Thx for checking.
Double checked the tests locally ✅ .
🤞 for another CI run. Will check it in my CEST morning.