Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Allow configuring idle_timeout Envoy parameter on HTTP Connection Manager #2155
Please describe your use case / problem.
The issue is present because when the firewall chose to remove idle tcp sessions from its session table, it would not send a FIN or RST to the CDN. On the next request, the CDN thinks that it still has a tcp connection open and attempts to re-use the now-closed TCP connection, resulting in the request getting 'black-holed', and leads to an HTTP 503.
Because Envoy doesn't ever attempt to close idle tcp connections by default, we're left with Envoy thinking that sessions are open, but our firewall has closed them after a 30 minute timeout (without notifying the CDN that the connection is closed), and the CDN still thinks that the connection is open.
Our "options" for remediating this scenario were:
Describe the solution you'd like
Describe alternatives you've considered
I originally opened #2126 for this, but because of Github shenanigans the PR got closed when I was updating my fork. Created this issue for tracking, then will link PR's to this when I have one ready.