-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upstream PROXY protocol results in unbound number of connection pools #16682
Comments
I wonder if the original_src filter work I did a while back is susceptible to this as well. I thought that I had implemented some cleanup and reuse logic here (https://github.com/envoyproxy/envoy/blob/57976d142005cda6ce54ec215cafceebe4fc1aef/source/common/upstream/conn_pool_map_impl.h), but it's possible I missed it. I bring this up, because it has similar constraints to the proxy protocol: a given upstream connection can only really carry requests from a given downstream, so we essentially need a connection pool per downstream connection. |
If the circuit breaker for number of pools is set, that will set a bound on the number of http pools. However:
|
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
Not stale; PR in progress. |
Delete connection pools when they have no connections anymore. This fixes unbounded memory use for cases where a new connection pool is needed for each downstream connection, such as when using upstream PROXY protocol. Fixes #16682 Signed-off-by: Greg Greenway <ggreenway@apple.com> Co-authored-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
Delete connection pools when they have no connections anymore. This fixes unbounded memory use for cases where a new connection pool is needed for each downstream connection, such as when using upstream PROXY protocol. Fixes envoyproxy#16682 This reverts commit b7bc539. This reverts PR envoyproxy#17319, by re-adding envoyproxy#17302 and envoyproxy#16948. Signed-off-by: Greg Greenway <ggreenway@apple.com> Co-authored-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
Delete connection pools when they have no connections anymore. This fixes unbounded memory use for cases where a new connection pool is needed for each downstream connection, such as when using upstream PROXY protocol. Fixes envoyproxy#16682 Signed-off-by: Greg Greenway <ggreenway@apple.com> Co-authored-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
When using upstream PROXY protocol with tcp_proxy, a new connection pool is created in the cluster for each unique combination of downstream IP:port and upstream host.
For many typical use cases, where the downstream clients are not from a tightly constrained set of IP addresses, this results in a nearly-infinite number of connection pools, which wastes memory. Even if the clients are from a very small set of IPs, each could typically use 30,000 ephemeral ports, which could still result in a very large number of connection pools. The connection pools are never removed until the cluster is removed (via CDS, or process shutdown).
#13061 would have fixed this, but it was never completed/merged.
The text was updated successfully, but these errors were encountered: