DC-aware LBP - better support the deprecated parameters

[wprzytula]

Background

The parameters: used_hosts_per_remote_dc, allow_remote_dcs_for_local_cl of the DC-aware LBP have been long deprecated. However, they've been still supported in the cpp-driver, so we should probably support it. At least, we should accept the same set of values as the cpp-driver, which has not been true: values other than 0 would trigger CASS_ERROR_LIB_BAD_PARAMS, and 0 would result in a behaviour different than cpp-driver's: it would be ignored and not restrict remote DC hosts at all.

What's done

More informative warnings/errors

The messages logged when an invalid / not supported / partially supported value is given as a parameter are made more informative.

Made used_hosts_per_remote_dc semantics closer to cpp-driver's

Due to Rust driver API's, it'd be very hard to support it correctly in the case of >0, because of reasons explained in #315. Therefore, the partial support approach is taken:

• case =0 -> employ CassHostFilter, disable DC failover and we're done. Our semantics here are in line with the CPP Driver.
• case >0 -> Treat this as +inf case - don't limit connections nor requests to remote nodes. Emit a warning that the semantics are different than in CPP Driver.

Allowed used_hosts_per_remote_dc > 0 and described its limitations

Any nonzero value is treated as +inf, which means that the datacenter failover is permitted without restrictions. All remote nodes can have opened connections to and be targeted with requests.

Fixed used_hosts_per_remote_dc = 0 semantics and made it fully consistent with cpp-driver's

1. Datacenter failover is disabled, meaning that remote nodes do not appear in query plans.
2. If a DC is remote to all LBPs and those LBPs disallow DC failover, then the driver will not connect to any hosts in that DC. This addresses the need to minimise overhead and costs of needless connecting to remote DCs.

Implemented full support of allow_remote_dcs_for_local_cl

This was as simple as using another filtering logic in the existing FilteringLoadBalancingPolicy.

Testing

Unit tests

Unit tests were introduced for internal abstractions used to configure the CassHostFilter to filter out remote nodes, if those are disallowed by all LBPs. Existing unit tests were adjusted to expect used_hosts_per_remote_dc > 0 as supported.
A unit test was written for the backbone of allow_remote_dcs_for_local_cl, DcLocalConsistencyAllowance.

Integration tests

1. Enabled DCExecutionProfileTest_DCAware test.
2. Enabled DcAwarePolicyTest_UsedHostsRemoteDc test.
3. Written a missing test for the allow_remote_dcs_for_local_cl option: DcAwarePolicyTest_AllowRemoteDcsForLocalCl.

Unresolved questions

Behaviour of both our previous and current implementation of functions taking used_hosts_per_remote_dc parameter differ from one described in cassandra.h. Should we adjust the documentation there to be in line with the implementation?

Fixes: #315

Pre-review checklist

• I have split my patch into logically separate commits.
• All commit messages clearly explain what they change and why.
• PR description sums up the changes and reasons why they should be introduced.
• I have implemented Rust unit tests for the features/changes introduced.
  - [ ] I have enabled appropriate tests in Makefile in {SCYLLA,CASSANDRA}_(NO_VALGRIND_)TEST_FILTER.
• I added appropriate Fixes: annotations to PR description.

[Lorak-mmk]

I understand it is difficult to support connection-opening part of this parameter. We could expose cpp_rust_unstable method to allow that.

What is the problem with exposing LBP part of that? You can wrap LBP, and make an iterator that counts returned nodes per dc, and filters out nodes of DCs that reached the limit.

[Lorak-mmk]

We could also handle the failover-for-local-cl parameter in wrapper.

[wprzytula]

I understand it is difficult to support connection-opening part of this parameter. We could expose cpp_rust_unstable method to allow that.

It's not the matter of the Rust driver's API; it's how its connection pooling works inside.
It's even more about the very cpp-driver's mechanism being flawed. See my findings in #315:

After the initial metadata fetch, connection pools are created only for the non-ignored known nodes.

• NOTE: How I understand the code, connection pool can later be created only for newly added nodes. This means that if all the nodes from a remote DC that we have opened connections to get DOWN, then the driver will not open connections to another node from that DC!

With such flawed semantics AND a large and nontrivial effort that would be needed to do this in the Rust Driver's inner parts, I'm strongly for not supporting <1, +inf) interval in the same way as cpp-driver.

What is the problem with exposing LBP part of that? You can wrap LBP, and make an iterator that counts returned nodes per dc, and filters out nodes of DCs that reached the limit.

Yes, we could do that. But what would be the benefit of this? I see none. The important part is not to open unnecessary connections. With connections already opened, I don't see any benefit from omitting a strict subset of remote targets from the query plan.

If you see any benefit, please share it. But not seeing it, I'm not going to implement this.

[Lorak-mmk]

With such flawed semantics

Oh I'm not suggesting to follow such weird behaviors. The important part is limiting the connections to N per remote DC - if we have exact semantics more that are more reasonable than cpp-driver, even better.

Ofc there is no need to do this in this PR.

[Copilot]

Pull Request Overview

This PR improves the DC-aware load balancing policy by updating the semantics of the deprecated parameters so that nonzero used_hosts_per_remote_dc values are now treated as permitting DC failover and by fully supporting the allow_remote_dcs_for_local_cl option. Key changes include:

• Updating integration tests to use the new behavior (switching from 0 to 1 in parameters and adjusting assertions).
• Modifying the filtering and load balancing policy logic to incorporate DcRestriction and DcLocalConsistencyAllowance.
• Adjusting API functions in the cluster and exec_profile modules to reflect the updated parameter semantics.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/src/integration/tests/test_exec_profile.cpp	Updated test profiles with revised LBP parameters and assertions.
tests/src/integration/tests/test_dc_aware_policy.cpp	Added tests for allow_remote_dcs_for_local_cl and adjusted validation of execution profiles.
scylla-rust-wrapper/src/load_balancing.rs	Introduced new enums and logic for handling remote DC allowance in LBP, with additional logging.
scylla-rust-wrapper/src/exec_profile.rs	Modified exec profile configuration to align with new DC-aware policy behavior.
scylla-rust-wrapper/src/cluster.rs	Updated cluster configuration and related tests to support the revised parameter semantics.
Makefile	Updated test filters to reflect changes in DC-aware policy tests.

Comments suppressed due to low confidence (1)

tests/src/integration/tests/test_dc_aware_policy.cpp:88

• [nitpick] If the commented-out assertions represent expected behavior under certain conditions, consider clarifying the intent or adding a note explaining the rationale. If they are no longer necessary, consider removing them to improve code clarity.

        // are down and removed them from the host list.

[Copilot]

[nitpick] The log message here contains a double negative that may be confusing. Consider rephrasing it to something like "DROP it because neither host nor DC is allowed" to improve clarity.

Suggested change

	(false, false) => "DROP it because neither host nor DC are not allowed",
	(false, false) => "DROP it because neither host nor DC is allowed",

[wprzytula]

The Scylla ITs (5.4.8) check is failing. The logs are the following:

 ccm> ccm node1 stop --not-gently
ccm> ccm node2 stop --not-gently
ccm> ccm node1 start --wait-other-notice --wait-for-binary-proto
unknown file: Failure
C++ exception with description "Traceback (most recent call last):
  File "/home/runner/.local/bin/ccm", line 74, in <module>
    cmd.run()
  File "/home/runner/.local/lib/python3.11/site-packages/ccmlib/cmds/node_cmds.py", line 196, in run
    self.node.start(not self.options.no_join_ring,
  File "/home/runner/.local/lib/python3.11/site-packages/ccmlib/scylla_node.py", line 762, in start
    scylla_process = self._start_scylla(args=args, marks=marks, update_pid=update_pid,
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/runner/.local/lib/python3.11/site-packages/ccmlib/scylla_node.py", line 413, in _start_scylla
    node.watch_log_for_alive(self, from_mark=mark, timeout=t)
  File "/home/runner/.local/lib/python3.11/site-packages/ccmlib/node.py", line 535, in watch_log_for_alive
    self.watch_log_for(tofind, from_mark=from_mark, timeout=timeout, filename=filename)
  File "/home/runner/.local/lib/python3.11/site-packages/ccmlib/node.py", line 499, in watch_log_for
    raise TimeoutError(time.strftime("%d %b %Y %H:%M:%S", time.gmtime()) + " [" + self.name + "] Missing: " + str(
ccmlib.node.TimeoutError: 17 Jun 2025 13:10:28 [node3] Missing: ['127.0.0.1.* now UP']:
INFO  2025-06-17 13:08:04,593 [shard 0:main] raft_.....
See system.log for remainder
" thrown in TearDown().
[  FAILED  ] DcAwarePolicyTest.Integration_Cassandra_UsedHostsRemoteDc (165376 ms)

It looks like ccm encounters an error trying to start a node that was killed. Interestingly, the problem does not appear with the newer Scyllas. @Lorak-mmk any ideas?

My observations: the test that fails is one that I've newly added.

EDIT: we decided that we can remove that old Scylla version from the CI.