http: global connection manager per-stream idle timeouts.#3879
http: global connection manager per-stream idle timeouts.#3879htuch merged 8 commits intoenvoyproxy:masterfrom
Conversation
This is a followup to envoyproxy#3841, where we introduce HCM-wide stream idle timeouts. This has two effects: 1. We can now timeout immediately after stream creation, potentially before receiving request headers and routing. 2. A default timeout can be configured across all routes. This is overridable on a per-route basis. The default and overriding semantics are explained in the docs. Also added as a bonus some docs about how timeouts interact more generally in Envoy. Fixes envoyproxy#3853. Risk Level: Low. While there is some change to the per-route vs. HCM wide semantics for stream idle timeouts, it's not anticipated this feature is in common use yet (it's only a couple of days since landing), and the caveats in envoyproxy#3841 with the new 5 minute default timeout should already apply. Testing: Unit/integration tests added. Signed-off-by: Harvey Tuch <htuch@google.com>
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
Thanks for this one - it's great to see our HTTP idle timeouts getting better and better!
| google.protobuf.Duration idle_timeout = 11 [(gogoproto.stdduration) = true]; | ||
|
|
||
| // The stream idle timeout for connections managed by the connection manager. | ||
| // If not specified, this defaults to 5 minutes. The default value was select |
| // If not specified, this defaults to 5 minutes. The default value was select | ||
| // so as not to interfere with any smaller configured timeouts that may have | ||
| // existed in configurations prior to the introduction of this feature, while | ||
| // introducing robustness to TCP connections that terminate without FIN. |
| // headers, the :ref:`stream_idle_timeout | ||
| // <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout>` | ||
| // applies. Each time an encode/decode event for headers or data is processed | ||
| // for the stream, the timer will be reset. If the timeout fires, the stream |
There was a problem hiding this comment.
One thing of note - I don't believe there's any encode/decode events between initial receipt of headers and completed headers. While I've not seen giant request headers in prod (due to restricted size limits), I've seen users send 100k+ response headers, so I assume there's folks out there who do large headers on both ends. If headers are broken into many frames and shipped over a small connection, I think the connection could still idle out, which is unfortunate since it is making forward progress. I think documenting this may cause more confusion than it's worth but at least calling it out here.
There was a problem hiding this comment.
I'll add something on the potential mismatch between wire traffic and observed events.
There was a problem hiding this comment.
Yeah good point @alyssawilk. I agree we probably don't need to worry about that now but good to keep in the back of our minds.
| Timeouts | ||
| -------- | ||
|
|
||
| Various configurable timeouts apply to an HTTP connection and its constituent streams: |
| if (idle_timer_ == nullptr) { | ||
| idle_timer_ = connection_manager_.read_callbacks_->connection().dispatcher().createTimer( | ||
| [this]() -> void { onIdleTimeout(); }); | ||
| } |
There was a problem hiding this comment.
Do we have a test for setting a general timeout and overriding with 0? It looks to me like we'd set idle_timeout_ms_ = 0, then resetIdleTimer and arm it for 'immediately'. Maybe resetIdleTimer should do the "no idle timeout set" check?
There was a problem hiding this comment.
Yeah, good catch, we also need to change the documented per-route override semantics for this to make it possible to disable at the route level.
Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
LGTM though if @mattklein123 has time to do a pass today that'd be great.
|
I'm traveling today, will look tonight or tomorrow morning.
…On Wed, Jul 18, 2018, 11:13 AM alyssawilk ***@***.***> wrote:
***@***.**** approved this pull request.
LGTM though if @mattklein123 <https://github.com/mattklein123> has time
to do a pass today that'd be great.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3879 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGA17Aas7IfHsk1RQbInru6vxqCfmdioks5uH3rGgaJpZM4VTnz8>
.
|
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
LGTM, one small comment request, also needs a master merge. Thank you for adding this!
| // headers, the :ref:`stream_idle_timeout | ||
| // <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout>` | ||
| // applies. Each time an encode/decode event for headers or data is processed | ||
| // for the stream, the timer will be reset. If the timeout fires, the stream |
There was a problem hiding this comment.
Yeah good point @alyssawilk. I agree we probably don't need to worry about that now but good to keep in the back of our minds.
| Timeouts | ||
| -------- | ||
|
|
||
| Various configurable timeouts apply to an HTTP connection and its constituent streams: |
| idle_timer_ = connection_manager_.read_callbacks_->connection().dispatcher().createTimer( | ||
| [this]() -> void { onIdleTimeout(); }); | ||
| } | ||
| } else if (idle_timer_ != nullptr) { |
There was a problem hiding this comment.
Do you mind adding a few comments here since this logic block is so important and might not be immediately obvious to the reader? (Basically describing in code that the route told us to disable the idle timeout so we are killing the connection level one if it exists).
Signed-off-by: Harvey Tuch <htuch@google.com>
3 participants
This is a followup to #3841, where we introduce HCM-wide stream idle timeouts. This has two effects:
We can now timeout immediately after stream creation, potentially before receiving request
headers and routing.
A default timeout can be configured across all routes. This is overridable on a per-route basis.
The default and overriding semantics are explained in the docs. Also added as a bonus some docs
about how timeouts interact more generally in Envoy.
Fixes #3853.
Risk Level: Low. While there is some change to the per-route vs. HCM wide semantics for stream idle
timeouts, it's not anticipated this feature is in common use yet (it's only a couple of days since
landing), and the caveats in #3841 with the new 5 minute default timeout should already apply.
Testing: Unit/integration tests added.
Signed-off-by: Harvey Tuch htuch@google.com