feat: auto-detect proxy and translate peer addresses to contact point

[fruch]

Summary

• Adds ProxyAddressTranslator that redirects all peer connections to the original contact point, enabling connections through proxies/load balancers (AWS NLB, PrivateLink, etc.)
• Automatically installed on every connection — no user configuration needed
• Includes 5 unit tests and 3 integration tests (including a socat-based proxy simulation)

Problem

When connecting through a proxy, the driver discovers internal node IPs from system.peers that are unreachable from the client, causing Connection error: No connections in the pool.

Solution

The scylla-rust-driver's AddressTranslator trait translates peer addresses discovered from system.peers. Since known_node addresses (the contact point) are never translated, we can safely always install a translator that redirects all peer addresses to the contact point.

Equivalent to scylladb/python-driver#833 (DynamicWhiteListRoundRobinPolicy) but using the rust driver's native AddressTranslator mechanism.

Testing

• cargo test --lib proxy_address_translator — 5 unit tests
• Integration tests with socat TCP proxy
• Manually verified against proxy endpoint 18.208.144.200

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.10%. Comparing base (83dde53) to head (76bf605).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #153      +/-   ##
==========================================
+ Coverage   55.93%   56.10%   +0.16%     
==========================================
  Files          21       22       +1     
  Lines        4834     4852      +18     
==========================================
+ Hits         2704     2722      +18     
  Misses       2130     2130              

Flag	Coverage Δ
integration-cassandra-4.1	18.86% <100.00%> (+0.09%)	⬆️
integration-cassandra-5.0	18.86% <100.00%> (+0.09%)	⬆️
integration-scylladb-2025.1	21.25% <100.00%> (+0.08%)	⬆️
integration-scylladb-2026.1	21.25% <100.00%> (+0.08%)	⬆️
unittests	43.65% <9.09%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

CI Summary

Status: ✅ All jobs passed

✅ Rustfmt — passed

No issues.

✅ Clippy — passed

No issues.

✅ Tests — passed

No issues.

✅ Build — passed

No issues.

---

🤖 Generated by CI Summary • Full logs

[fruch]

@dkropachev @Lorak-mmk is the right way to use the rust driver ? equivalent to scylladb/python-driver#833

[Lorak-mmk]

I'm not sure if this achieves what you want. I assume the proxy address leads to one specific node.
Let's say you have 5 nodes in the cluster, each with 32 shards. With your changes, the driver will still see all 5 nodes in system.peers/local, try to open connection pools to all 5 nodes. The address translation will cause all connections to be opened to the same node (driver won't even know about it), so you'll get 160 connections to this node.
You could use PoolSize::PerNode(1) (which is a good idea in cqlsh regardless of all other changes) to get this down to 5.
Then the connection amount problem is not that bad, but you are still in a very weird state where driver thinks it opened pools to all nodes, but they are really all to one node. Will this work correctly? It may, I'm not completely sure.
TBH I don't know how to solve that will existing APIs. There isn't really a way to implement a HostFilter that would filter out other nodes, because HostFilter accepts Peer, which has an address fetched from system.peers or system.local - so you can't really say for sure if its the same peer as the contact point.

What would be nice here is a simplified session, with a separate builder, where driver only opens a single connection to the given address, and uses it both as CC and to execute user requests. This would also work for the maintenance socket. cc @wprzytula - let's discuss this when we meet, there are some not obvious decisions when implementing such session.

[fruch]

Agreed on the connection count concern. Added PoolSize::PerHost(1) — cqlsh is a single-user interactive tool so one connection per node is plenty. This brings it down to N connections (one per discovered node) all going through the proxy.

Re: the simplified single-connection session — that would be ideal. For now this is a pragmatic workaround. Happy to migrate when that API exists.

[Lorak-mmk]

Makes sense. This is a weird state for the driver to be in, but I think it should work. @wprzytula will be available tomorrow if you want him to also take a look (maybe I am missing some potential problem).

[Lorak-mmk]

Have you considered using our CachingSession instead of implementing cache yourself?

[fruch]

first time I'm hearing about CachingSession, I don't think python have the equivalent, we'll check it out

[fruch]

Opened #164 to track this. The current CqlDriver trait separates prepare/execute-by-id, so it's not a trivial swap — but worth doing as a follow-up refactor.