-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow disabling connection pooling and use 1:1 connection with upstream and downstream #19458
Comments
Can you comment a bit more about how this differs from setting max_requests_per_connection to 1? |
Yes, the difference is we want the downstream/upstream to explicitly control connection handling, not Envoy.
|
ah, totally makes sense. I think this is a dup of #12370 then? |
@alyssawilk I'm not sure if #12370 is already completed and solve this issue.
#12370 is not active for 14 months. Is there any more development plan? |
It's not complete, it just has more explanation and discussion so better to have that tracking the desired feature. |
I'd love to but am not familiar with c++. |
ah fair. yeah generally in Envoy it's not going to get picked up until someone who needs the feature either writes the new code, or pays a company (e.g. tetrate) to do so. But at least you can follow that open issue for updates |
@alyssawilk Can you reopen this? 1 downstream conn with 1 upstream conn pool does not fully resolve the problem. We need to convert some of the upstream failure (e.g. connect failure) into a downstream connection error. This behavior may not make sense for all cluster types, but it align with the original_dst cluster as upstream |
I think we can narrow it down to a specific problem: ORIGINAL_DST (IP-based) HCM should be able to appear transparent at L4, by propagating the connection events downstream. This is because the common usage for ORIGINAL_DST is to avoid any upstream decision making by Envoy so there is no need for Envoy to manage upstream connections. This can be used, for example, to collect pure L7 telemetry for all L4 using inspection and a more "lenient" HCM filter. |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
Would it be possible to instead of having a 1:1 connection for every request, create a new backing connection + retry when a 503 is encountered? That kind of middle option seems like it would have most of the benefit without having a dramatic performance reduction. |
A bug in Emvoy keeps connections open even if the IP behind the target hostname changed, which happens during rolling restarts [1]. This meant that the communication between Gerrit containers using the high- availability plugin was only working in one direction almost all the time. This change adds ServiceEntries for the primary Gerrit pods. This works around the issue. [1] envoyproxy/envoy#19458 Change-Id: I899eca647a7294e0deb877ee51533d6147e1d9d6
A bug in Emvoy keeps connections open even if the IP behind the target hostname changed, which happens during rolling restarts [1]. This meant that the communication between Gerrit containers using the high- availability plugin was only working in one direction almost all the time. This change adds ServiceEntries for the primary Gerrit pods. This works around the issue. [1] envoyproxy/envoy#19458 Change-Id: I899eca647a7294e0deb877ee51533d6147e1d9d6
A bug in Emvoy keeps connections open even if the IP behind the target hostname changed, which happens during rolling restarts [1]. This meant that the communication between Gerrit containers using the high- availability plugin was only working in one direction almost all the time. This change adds ServiceEntries for the primary Gerrit pods. This works around the issue. [1] envoyproxy/envoy#19458 Change-Id: I899eca647a7294e0deb877ee51533d6147e1d9d6
A bug in Envoy keeps connections open even if the IP address the target hostname resolves to changed, which happens during rolling restarts [1]. This meant that the communication between Gerrit containers using the high- availability plugin was only working in one direction almost all the time. This change adds ServiceEntries for the primary Gerrit pods. This works around the issue. [1] envoyproxy/envoy#19458 Change-Id: I899eca647a7294e0deb877ee51533d6147e1d9d6
Title: Allow disabling connection pooling and use 1:1 connection with upstream and downstream
Description:
It would be great to have an option (on cluster?) to allow HTTP proxying to follow connection properties like tcp_proxy. That is:
Example motivating use case: istio/istio#36768
Basically the proxy captures 100% of traffic. We have some known services where we do special routing for, but for the rest we passthrough with an ORIGINAL_DST cluster. The problem is that uses see unexpected behavior because the connection pooling in Envoy. The most common I have seen is when the upstream is doing DNS load balancing. Because Envoy is keeping the downstream connection alive and sending 503s, the user's HTTP client will re-use the connection and not retry DNS, so it will be stuck failing forever getting 503s.
Alternatives considered:
The text was updated successfully, but these errors were encountered: