Remove proxymap entry after closing connection #3190
Conversation
tgraf
added
kind/bug
| // ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
| type ProxyMapKey interface{} | ||
|
|
||
| type ProxyMapValue interface { |
There was a problem hiding this comment.
exported type ProxyMapValue should have comment or be unexported
type name will be used as proxymap.ProxyMapValue by other packages, and that stutters; consider calling this Value
pkg/maps/proxymap/proxymap.go
Outdated
| ) | ||
|
|
||
| // ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
| type ProxyMapKey interface{} |
There was a problem hiding this comment.
type name will be used as proxymap.ProxyMapKey by other packages, and that stutters; consider calling this Key
pkg/maps/proxymap/ipv6.go
Outdated
| @@ -47,6 +47,10 @@ type Proxy6Value struct { | |||
| Lifetime uint32 | |||
| } | |||
|
|
|||
| func (v *Proxy6Value) GetSourceIdentity() uint32 { | |||
There was a problem hiding this comment.
exported method Proxy6Value.GetSourceIdentity should have comment or be unexported
pkg/maps/proxymap/ipv4.go
Outdated
| @@ -50,6 +50,10 @@ type Proxy4Value struct { | |||
| Lifetime uint32 | |||
| } | |||
|
|
|||
| func (v *Proxy4Value) GetSourceIdentity() uint32 { | |||
There was a problem hiding this comment.
exported method Proxy4Value.GetSourceIdentity should have comment or be unexported
| // ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
| type ProxyMapKey interface{} | ||
|
|
||
| type ProxyMapValue interface { |
There was a problem hiding this comment.
exported type ProxyMapValue should have comment or be unexported
type name will be used as proxymap.ProxyMapValue by other packages, and that stutters; consider calling this Value
pkg/maps/proxymap/proxymap.go
Outdated
| ) | ||
|
|
||
| // ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
| type ProxyMapKey interface{} |
There was a problem hiding this comment.
type name will be used as proxymap.ProxyMapKey by other packages, and that stutters; consider calling this Key
tgraf
changed the title
tgraf
force-pushed
the
proxymap-remove-on-close
branch
from
2a7e2f6
to
041ff36
Compare
|
test-me-please |
tgraf
force-pushed
the
proxymap-remove-on-close
branch
from
041ff36
to
9e092d6
Compare
| ) | ||
|
|
||
| // ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
| type ProxyMapKey interface{} |
There was a problem hiding this comment.
type name will be used as proxymap.ProxyMapKey by other packages, and that stutters; consider calling this Key
|
test-me-please |
pkg/proxy/kafka.go
Outdated
| // The proxymap contains an entry with metadata for the receive side of the | ||
| // connection, remove it after the connection has been closed. | ||
| if pair.Rx != nil { | ||
| if err := k.redirect.removeProxyMapEntryOnClose(pair.Rx.conn); err != nil { |
There was a problem hiding this comment.
It can take up to 1 minute for the rx connection to get actually closed, because that’s the delay we set for SO_LINGER. Therefore, we need to wait for at least 1 minute before removing the proxy map entry. Otherwise, the connection may still hang for the client.
There was a problem hiding this comment.
If 1 minute is too long, we can reduce the SO_LINGER delay. But we should always wait for at least that delay before removing the map entry.
Good point. I'm not sure lingering is actually better though. 1 minute is definitely too long just to send out some existing data. I agree that we should wait though.
|
If 1 minute is too long, we can reduce the SO_LINGER delay. But we should always wait for at least that delay before removing the map entry. |
tgraf
force-pushed
the
proxymap-remove-on-close
branch
from
9e092d6
to
3dcf094
Compare
|
test-me-please |
pkg/proxy/kafka.go
Outdated
| // We are running in our own go routine here so we can just | ||
| // block this go routine until after the connection is | ||
| // guaranteed to have been closed | ||
| time.Sleep(proxyConnectionCloseTimeout) |
There was a problem hiding this comment.
I would add a small buffer, to let an eventual RST packet get through. In the worst case, the IP stack will decide to send an RST just around that time. We need to give it a chance to get through. How about adding like 1 second?
time.Sleep(proxyConnectionCloseTimeout + 1 * time.Second)
There was a problem hiding this comment.
Done, can't hurt. It's probably unlikely though that we can transmit an RST if we can't flush out the data and close the connection within the timeout. It's likely a connectivity problem anyway.
Signed-off-by: Thomas Graf <thomas@cilium.io>
When the receive side of the proxied connection is closed, after the SO_LINGER timeout has passed, remove the proxymap entry as we no longer need access to the metadata. This relaxes the garbage collector and pressure on the map capacity. Fixes: #3172 Signed-off-by: Thomas Graf <thomas@cilium.io>
The existing value of 1 minute can put a lot of stress on the proxymap table in an environment with many concurrent, short lived connections. Signed-off-by: Thomas Graf <thomas@cilium.io>
tgraf
force-pushed
the
proxymap-remove-on-close
branch
from
3dcf094
to
3ee259d
Compare
|
test-me-please |
No description provided.