Support explicit local queries to zero-token contact points

[dkropachev]

Problem

scylladb/scylladb has tests that start zero-token Scylla nodes (join_ring: false) and then use the Python driver to perform a direct readiness query against the newly started node.

The relevant test is:

• scylladb/scylladb/test/cluster/test_keyspace_rf.py::test_create_keyspace_with_default_replication_factor
• https://github.com/scylladb/scylladb/blob/master/test/cluster/test_keyspace_rf.py

The test adds zero-token nodes, for example:

await manager.server_add(config=zero_token_cfg, property_file=get_pf("dc1", "rz"))

manager.server_add() waits for the default CQL_QUERIED state. That readiness path creates a driver Cluster with the zero-token node as the explicit contact point and a whitelist policy for that same address, then runs a local query:

Cluster(
    contact_points=[zero_token_node_rpc_address],
    execution_profiles={
        EXEC_PROFILE_DEFAULT: ExecutionProfile(
            load_balancing_policy=WhiteListRoundRobinPolicy([zero_token_node_rpc_address])
        )
    },
)

session.execute("SELECT key FROM system.local where key = 'local'")

That code lives in scylladb/scylladb/test/pylib/scylla_cluster.py::ScyllaServer.get_cql_up_state().

Current behavior

With scylla-driver==3.29.9, the driver can connect to the zero-token node as a contact point/control connection target, but the node is excluded from the usable query host set because system.local.tokens is None.

As a result, the Scylla test harness cannot schedule even the explicitly targeted local readiness query to that contact point, and server_add() times out while adding the zero-token node. The Scylla node itself is already serving CQL.

This shows up in the Scylla test above before the keyspace assertions are reached.

Older behavior

The same Scylla test passed with scylla-driver==3.29.7.

That appears to be because older driver initialization pre-added explicit contact points as Host objects before metadata refresh. The zero-token contact point therefore remained available to the whitelist load-balancing policy for the direct system.local readiness query.

Requested behavior

The driver should provide a supported way to run explicitly targeted/local queries against a zero-token contact point.

Important distinction: this should not make zero-token nodes normal application-routing targets.

Expected behavior:

• zero-token nodes discovered through peers/topology metadata should remain excluded from normal routing and token-aware query plans
• zero-token nodes should not own token ranges
• an explicitly supplied zero-token contact point should still be usable for direct/local queries such as SELECT key FROM system.local WHERE key = 'local'

This is needed by scylladb/scylladb test infrastructure to verify startup/readiness of zero-token nodes without treating them as normal replicas or token-owning query targets.

Reproducer

From scylladb/scylladb, run the specific test with scylla-driver==3.29.9:

python ./test.py \
  --mode dev \
  --tmpdir testlog/driver-zero-token-local-query \
  --jobs 1 \
  --cluster-pool-size 1 \
  --max-failures 1 \
  --timeout 210 \
  --session-timeout 600 \
  --extra-scylla-cmdline-options "--critical-disk-utilization-level 1.0" \
  "cluster/test_keyspace_rf::test_create_keyspace_with_default_replication_factor[False-True]"

The failure occurs while adding the zero-token node and waiting for CQL_QUERIED.

[Lorak-mmk]

zero-token nodes discovered through peers/topology metadata should remain excluded from normal routing and token-aware query plans

Why? If they are able to be used as coordinators, then why not include them in query plans?

[dkropachev]

zero-token nodes discovered through peers/topology metadata should remain excluded from normal routing and token-aware query plans

Why? If they are able to be used as coordinators, then why not include them in query plans?

They don’t have tokens, so what’s the point of including them there?
Also, there may be cases where users configure these proxies as the front layer, meaning all CQL connections are handled by these nodes.
If we make the TokenAware policy handle this case, it may confuse users.
They might expect token awareness to work, even though it won’t, and it would also add unnecessary overhead on the driver side.
In this scenario, it would be better to use *RoundRobin policies, which will distribute the load properly across nodes.
That way, users won’t be left wondering why TokenAware isn’t working.

[roydahan]

zero token nodes should be ignored by the drivers.
It's also mentioned in our docs: https://docs.scylladb.com/manual/stable/architecture/zero-token-nodes.html

[Lorak-mmk]

They don’t have tokens, so what’s the point of including them there?

Because they can act as coordinators. Our load balancing plans do include non-replicas, they are just scheduled after replicas. There is also routing for non-token-aware queries.

zero token nodes should be ignored by the drivers.
It's also mentioned in our docs: https://docs.scylladb.com/manual/stable/architecture/zero-token-nodes.html

Ah, in that case the Python Driver behavior now is correct, and its the Scylla tests that should be adjusted, right?

I just don't see the reason for inconsistency.
Either we allow using zero-token nodes as coordinators, in which case they should be treated as other nodes (they just won't ever show up as replica for any request), or we don't and we should not allow routing requests to them.

[mykaul]

They don’t have tokens, so what’s the point of including them there?

Because they can act as coordinators. Our load balancing plans do include non-replicas, they are just scheduled after replicas. There is also routing for non-token-aware queries.

Why would they act as coordinators? Their whole purpose is for Raft tie breaking, not as coordinators - they may be or most likely be running far from the rest of the nodes.

zero token nodes should be ignored by the drivers.
It's also mentioned in our docs: https://docs.scylladb.com/manual/stable/architecture/zero-token-nodes.html

Ah, in that case the Python Driver behavior now is correct, and its the Scylla tests that should be adjusted, right?

I just don't see the reason for inconsistency. Either we allow using zero-token nodes as coordinators, in which case they should be treated as other nodes (they just won't ever show up as replica for any request), or we don't and we should not allow routing requests to them.

Yes.

[dkropachev]

They don’t have tokens, so what’s the point of including them there?

Because they can act as coordinators. Our load balancing plans do include non-replicas, they are just scheduled after replicas. There is also routing for non-token-aware queries.

Why would they act as coordinators? Their whole purpose is for Raft tie breaking, not as coordinators - they may be or most likely be running far from the rest of the nodes.

At some point one case surfaced when they could be used as coordinators as a target nodes for a load balancer, kind of replacement of SNI-proxy setup.

[dkropachev]

They don’t have tokens, so what’s the point of including them there?

Because they can act as coordinators. Our load balancing plans do include non-replicas, they are just scheduled after replicas. There is also routing for non-token-aware queries.

zero token nodes should be ignored by the drivers.
It's also mentioned in our docs: https://docs.scylladb.com/manual/stable/architecture/zero-token-nodes.html

Ah, in that case the Python Driver behavior now is correct, and its the Scylla tests that should be adjusted, right?

You can't adjust them they need to run query on a zero token node to test that it actually can forward a query.

[mykaul]

They don’t have tokens, so what’s the point of including them there?

Because they can act as coordinators. Our load balancing plans do include non-replicas, they are just scheduled after replicas. There is also routing for non-token-aware queries.

Why would they act as coordinators? Their whole purpose is for Raft tie breaking, not as coordinators - they may be or most likely be running far from the rest of the nodes.

At some point one case surfaced when they could be used as coordinators as a target nodes for a load balancer, kind of replacement of SNI-proxy setup.

I remember raising this idea - but we never followed up with it.

[Lorak-mmk]

sooooo which should it be? Should the driver allow routing to zer-token-nodes or not? I see conflicting opinions here.

[dkropachev]

After discussion we have decided that there is no good reason to let zero-token nodes in.

I have located failed test on the code: cluster.test_keyspace_rf::test_create_keyspace_with_default_replication_factor
This is single test failing on 3.29.9, rest of the test failing due to the weak cleanup logic.

There is good workaround for driver behavior, I have created PR to use workaround, instead of making driver work for zero-token nodes - scylladb/scylladb#29779

[avikivity]

They don’t have tokens, so what’s the point of including them there?

Because they can act as coordinators. Our load balancing plans do include non-replicas, they are just scheduled after replicas. There is also routing for non-token-aware queries.

Why would they act as coordinators? Their whole purpose is for Raft tie breaking, not as coordinators - they may be or most likely be running far from the rest of the nodes.

In Cassandra they can be used as a middle tier of stateless nodes. We don't do that.

zero token nodes should be ignored by the drivers.
It's also mentioned in our docs: https://docs.scylladb.com/manual/stable/architecture/zero-token-nodes.html

Ah, in that case the Python Driver behavior now is correct, and its the Scylla tests that should be adjusted, right?
I just don't see the reason for inconsistency. Either we allow using zero-token nodes as coordinators, in which case they should be treated as other nodes (they just won't ever show up as replica for any request), or we don't and we should not allow routing requests to them.

Yes.

Why not? Can't one login to a zero-token node to administer it?

[dkropachev]

They don’t have tokens, so what’s the point of including them there?

Because they can act as coordinators. Our load balancing plans do include non-replicas, they are just scheduled after replicas. There is also routing for non-token-aware queries.

Why would they act as coordinators? Their whole purpose is for Raft tie breaking, not as coordinators - they may be or most likely be running far from the rest of the nodes.

In Cassandra they can be used as a middle tier of stateless nodes. We don't do that.

zero token nodes should be ignored by the drivers.
It's also mentioned in our docs: https://docs.scylladb.com/manual/stable/architecture/zero-token-nodes.html

Ah, in that case the Python Driver behavior now is correct, and its the Scylla tests that should be adjusted, right?
I just don't see the reason for inconsistency. Either we allow using zero-token nodes as coordinators, in which case they should be treated as other nodes (they just won't ever show up as replica for any request), or we don't and we should not allow routing requests to them.

Yes.

Why not? Can't one login to a zero-token node to administer it?

Just for clarification: you can still connect to a zero-token node. For example, your contact endpoint can be a zero-token node and the driver will work fine. What the driver currently cannot do is schedule queries to zero-token nodes — it intentionally avoids them.

So the only broken case today is when the driver has access exclusively to zero-token nodes, either because of the network design or due to configuration.

We agree that this is a valid use case and could be supported in the future. However, it would require additional work on the driver side to ensure that zero-token nodes are handled properly. Most importantly, for this particular driver, we would also need to handle Host.tokens mutability correctly, which is a nightmare. The driver already has multiple issues caused by Host mutability, and we do not want to introduce another layer of complexity on top of that.

To sum up:

1. We agree that there are legitimate use cases for scheduling queries on zero-token nodes.
2. Supporting this will require work across all drivers, and for this driver specifically it is not feasible until Host becomes immutable.
3. The required configuration, implementation complexity, and development effort depend on which specific scenarios we decide to support.
4. Since there is currently no strong justification for the required effort, we are reserving this feature for the future.