You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a storage pod running in our cluster with istio injection enabled and get some intermittent 503 UC errors at client side during upload 300M files.
Our topology is below, we have an ingress gateway to manage all the traffic entering in our mesh.
First, we check the envoy access log in gateway and sidecar, we see the 503 UC response in gateway side, but not see any 503 in sidecar side. So we think the problem maybe occur in the connection between ingress gateway and sidecar.
Then, we tune the evnoy log level to debug and found this: The ingress gateway's connection is terminated by sidecar, the sidecar receive the "Connection reset by peer" msg.
The ip 10.0.0.1 is the gateway's pod ip, the ip 10.0.02 is the application's pod ip, the application open its 9000 port.
Next, we do the tcpdump in the application node, and find something strange. We fount the first RST packet is sidecar send to the ingress gateway and the sidecar envoy didn't know that.
The sidecar think the ingress gateway close the connection and then send FIN/RST to application.
Bug Description
We have a storage pod running in our cluster with istio injection enabled and get some intermittent 503 UC errors at client side during upload 300M files.
Our topology is below, we have an ingress gateway to manage all the traffic entering in our mesh.
![image](https://user-images.githubusercontent.com/22345415/145781983-c30ab55f-85b5-47df-a612-93d50e53c385.png)
First, we check the envoy access log in gateway and sidecar, we see the 503 UC response in gateway side, but not see any 503 in sidecar side. So we think the problem maybe occur in the connection between ingress gateway and sidecar.
Then, we tune the evnoy log level to debug and found this: The ingress gateway's connection is terminated by sidecar, the sidecar receive the "Connection reset by peer" msg.
The ip 10.0.0.1 is the gateway's pod ip, the ip 10.0.02 is the application's pod ip, the application open its 9000 port.
Next, we do the tcpdump in the application node, and find something strange. We fount the first RST packet is sidecar send to the ingress gateway and the sidecar envoy didn't know that.
The sidecar think the ingress gateway close the connection and then send FIN/RST to application.
The frequency of this problem is 2%, we try to minus the sidecar worker num to 1 and disable mTLS, this issue still exist.
Dose this issue occurred before?
Version
Additional Information
No response
Affected product area
Is this the right place to submit this?
The text was updated successfully, but these errors were encountered: