|
| 1 | +# GEP-1742: Timeouts |
| 2 | + |
| 3 | +* Issue: [#1742](https://github.com/kubernetes-sigs/gateway-api/issues/1742) |
| 4 | +* Status: Provisional |
| 5 | + |
| 6 | +(See status definitions [here](overview.md#status).) |
| 7 | + |
| 8 | +## TLDR |
| 9 | + |
| 10 | +Create some sort of design so that Gateway API objects can be used to configure |
| 11 | +timeouts for different types of connection. |
| 12 | + |
| 13 | +## Goals |
| 14 | + |
| 15 | +- Create some method to configure some timeouts |
| 16 | +- Timeout config must be applicable to most if not all Gateway API implementations. |
| 17 | + |
| 18 | +## Non-Goals |
| 19 | + |
| 20 | +- TBD |
| 21 | + |
| 22 | +## Introduction |
| 23 | + |
| 24 | +In talking about Gateway API objects, particularly HTTPRoute, we've mentioned |
| 25 | +timeout configuration many times in the past as "too hard" to find the common |
| 26 | +ground necessary to make more generic configuration. This GEP intends firstly |
| 27 | +to make this process less difficult, then to find common timeouts that we can |
| 28 | +build into Gateway API. |
| 29 | + |
| 30 | +For this initial round, we'll focus on Layer 7 HTTP traffic, while acknowledging |
| 31 | +that Layer 4 connections have their own interesting timeouts as well. |
| 32 | + |
| 33 | +The following sections will review all the implementations, then document what |
| 34 | +timeouts are _available_ for the various data planes. |
| 35 | + |
| 36 | +### Background on implementations |
| 37 | + |
| 38 | +Most implementations that handle HTTPRoute objects use a proxy as the data plane |
| 39 | +implementation, that actually forwards flows as directed by Gateway API configuration. |
| 40 | + |
| 41 | +The following table is a review of all the listed implementations of Gateway API |
| 42 | +at the time of writing, with the data plane they use for Layer 7, based on what information |
| 43 | +could be found online. If there are errors here, or if the implementation doesn't |
| 44 | +support layer 7, please feel free to correct them. |
| 45 | + |
| 46 | +| Implementation | Data Plane | |
| 47 | +|----------------|------------| |
| 48 | +| Acnodal EPIC | Envoy | |
| 49 | +| Apache APISIX | Nginx | |
| 50 | +| BIG-IP Kubernetes Gateway| F5 BIG-IP | |
| 51 | +| Cilium | Envoy | |
| 52 | +| Contour | Envoy | |
| 53 | +| Emissary Ingress| Envoy | |
| 54 | +| Envoy Gateway | Envoy | |
| 55 | +| Flomesh Service Mesh | Pipy | |
| 56 | +| Gloo Edge | Envoy | |
| 57 | +| Google Kubernetes Engine (GKE) | Similar to Envoy Timeouts | |
| 58 | +| HAProxy Ingress | HAProxy | |
| 59 | +| Hashicorp Consul | Envoy | |
| 60 | +| Istio | Envoy | |
| 61 | +| Kong | Nginx | |
| 62 | +| Kuma | Envoy | |
| 63 | +| Litespeed | Litespeed WebADC | |
| 64 | +| Nginx Kubernetes Gateway | Nginx | |
| 65 | +| Traefik | Traefik | |
| 66 | + |
| 67 | + |
| 68 | +### Flow diagrams with available timeouts |
| 69 | + |
| 70 | +The following flow diagrams are based off the basic diagram below, with all the |
| 71 | +timeouts I could find included. |
| 72 | + |
| 73 | +In general, timeouts are recorded with the setting name or similar that the data |
| 74 | +plane uses for them, and are correct as far as I've parsed the documentation |
| 75 | +correctly. |
| 76 | + |
| 77 | +Idle timeouts are marked as such. |
| 78 | + |
| 79 | +```mermaid |
| 80 | +sequenceDiagram |
| 81 | + participant C as Client |
| 82 | + participant P as Proxy |
| 83 | + participant U as Upstream |
| 84 | + C->>P: Connection Started |
| 85 | + C->>P: Starts sending Request |
| 86 | + C->>P: Finishes Headers |
| 87 | + C->>P: Finishes request |
| 88 | + P->>U: Connection Started |
| 89 | + P->>U: Starts sending Request |
| 90 | + P->>U: Finishes request |
| 91 | + P->>U: Finishes Headers |
| 92 | + U->>P: Starts Response |
| 93 | + U->>P: Finishes Headers |
| 94 | + U->>P: Finishes Response |
| 95 | + P->>C: Starts Response |
| 96 | + P->>C: Finishes Headers |
| 97 | + P->>C: Finishes Response |
| 98 | + Note right of P: Repeat if connection sharing |
| 99 | + U->>C: Connection ended |
| 100 | +``` |
| 101 | + |
| 102 | +#### Envoy Timeouts |
| 103 | + |
| 104 | +For Envoy, some timeouts are configurable at either the HTTP Connection Manager |
| 105 | +(very, very roughly equivalent to a Listener), the Route (equivalent to a HTTPRoute) |
| 106 | +level, or the Cluster (usually close to the Service) or some combination. These |
| 107 | +are noted in the below diagram with a `CM`, `R`, or `Cluster` prefix respectively. |
| 108 | + |
| 109 | +```mermaid |
| 110 | +sequenceDiagram |
| 111 | + participant C as Client |
| 112 | + participant P as Envoy |
| 113 | + participant U as Upstream |
| 114 | + C->>P: Connection Started |
| 115 | + activate P |
| 116 | + Note left of P: transport_socket_connect_timeout for TLS |
| 117 | + deactivate P |
| 118 | + C->>P: Starts sending Request |
| 119 | + activate C |
| 120 | + activate P |
| 121 | + activate P |
| 122 | + C->>P: Finishes Headers |
| 123 | + note left of P: CM request_headers_timeout |
| 124 | + C->>P: Finishes request |
| 125 | + deactivate P |
| 126 | + activate U |
| 127 | + note left of U: Cluster connect_timeout |
| 128 | + deactivate U |
| 129 | + P->>U: Connection Started |
| 130 | + activate U |
| 131 | + note right of U: CM idle_timeout<br />CM max_connection_duration |
| 132 | + P->>U: Starts sending Request |
| 133 | + P->>U: Finishes Headers |
| 134 | + note left of P: CM request_timeout |
| 135 | + P->>U: Finishes request |
| 136 | + deactivate P |
| 137 | + activate U |
| 138 | + U->>P: Starts Response |
| 139 | + U->>P: Finishes Headers |
| 140 | + note right of U: R timeout<br/>R per_try_timeout<br/>R per_try_idle_timeout |
| 141 | + U->>P: Finishes Response |
| 142 | + deactivate U |
| 143 | + P->>C: Starts Response |
| 144 | + P->>C: Finishes Headers |
| 145 | + P->>C: Finishes Response |
| 146 | + Note left of C: CM stream_idle_timeout<br />R idle_timeout<br />CM,R max_stream_duration<br/>TCP proxy idle_timeout<br />TCP protocol idle_timeout |
| 147 | + deactivate C |
| 148 | + Note right of P: Repeat if connection sharing |
| 149 | + U->>C: Connection ended |
| 150 | + deactivate U |
| 151 | +``` |
| 152 | + |
| 153 | +#### Nginx timeouts |
| 154 | + |
| 155 | +Nginx allows setting of GRPC and general HTTP timeouts separately, although the |
| 156 | +purposes seem to be roughly equivalent. |
| 157 | + |
| 158 | +```mermaid |
| 159 | +sequenceDiagram |
| 160 | + participant C as Client |
| 161 | + participant P as Nginx |
| 162 | + participant U as Upstream |
| 163 | + C->>P: Connection Started |
| 164 | + C->>P: Starts sending Request |
| 165 | + C->>P: Finishes Headers |
| 166 | + C->>P: Finishes request |
| 167 | + P->>U: Connection Started |
| 168 | + Activate U |
| 169 | + Activate U |
| 170 | + P->>U: Starts sending Request |
| 171 | + activate U |
| 172 | + note left of U: proxy_connect_timeout<br/>grpc_connect_timeout |
| 173 | + deactivate U |
| 174 | + P->>U: Finishes Headers |
| 175 | + P->>U: Finishes request |
| 176 | + Note right of U: (between write operations)<br/>proxy_send_timeout<br/>grpc_send_timeout |
| 177 | + deactivate U |
| 178 | + activate U |
| 179 | + U->>P: Starts Response |
| 180 | + U->>P: Finishes Headers |
| 181 | + Note right of U: proxy_read_timeout<br/>grpc_read_timeout |
| 182 | + U->>P: Finishes Response |
| 183 | + deactivate U |
| 184 | + P->>C: Starts Response |
| 185 | + P->>C: Finishes Headers |
| 186 | + P->>C: Finishes Response |
| 187 | + Note right of P: Repeat if connection sharing |
| 188 | + Note Right of U: keepalive_timeout (if keepalive enabled) |
| 189 | + U->>C: Connection ended |
| 190 | + deactivate U |
| 191 | +``` |
| 192 | + |
| 193 | +#### HAProxy timeouts |
| 194 | + |
| 195 | +```mermaid |
| 196 | +sequenceDiagram |
| 197 | + participant C as Client |
| 198 | + participant P as Proxy |
| 199 | + participant U as Upstream |
| 200 | + |
| 201 | + C->>P: Connection Started |
| 202 | + activate U |
| 203 | + activate C |
| 204 | + activate P |
| 205 | + note left of P: timeout client (idle) |
| 206 | + C->>P: Starts sending Request |
| 207 | + C->>P: Finishes Headers |
| 208 | + C->>P: Finishes request |
| 209 | + note left of C: timeout http-request |
| 210 | + deactivate C |
| 211 | + activate C |
| 212 | + note left of C: timeout client-fin |
| 213 | + deactivate C |
| 214 | + deactivate P |
| 215 | + activate U |
| 216 | + note left of U: timeout queue<br/>(wait for available server) |
| 217 | + deactivate U |
| 218 | + |
| 219 | + P->>U: Connection Started |
| 220 | + activate U |
| 221 | + P->>U: Starts sending Request |
| 222 | + activate U |
| 223 | + P->>U: Finishes Headers |
| 224 | + P->>U: Finishes request |
| 225 | +
|
| 226 | + note right of U: timeout connect |
| 227 | + deactivate U |
| 228 | + note left of U: timeout server<br/>(idle timeout) |
| 229 | + deactivate U |
| 230 | + activate U |
| 231 | + note left of U: timeout server-fin |
| 232 | + deactivate U |
| 233 | + U->>P: Starts Response |
| 234 | + U->>P: Finishes Headers |
| 235 | + U->>P: Finishes Response |
| 236 | + P->>C: Starts Response |
| 237 | + P->>C: Finishes Headers |
| 238 | + P->>C: Finishes Response |
| 239 | + activate C |
| 240 | + note left of C: timeout http-keep-alive |
| 241 | + deactivate C |
| 242 | + Note right of P: Repeat if connection sharing |
| 243 | + Note right of U: timeout tunnel<br/>(for upgraded connections) |
| 244 | + deactivate U |
| 245 | + U->>C: Connection ended |
| 246 | +
|
| 247 | +``` |
| 248 | + |
| 249 | +#### Traefik timeouts |
| 250 | + |
| 251 | +```mermaid |
| 252 | +sequenceDiagram |
| 253 | + participant C as Client |
| 254 | + participant P as Proxy |
| 255 | + participant U as Upstream |
| 256 | + C->>P: Connection Started |
| 257 | + activate U |
| 258 | + C->>P: Starts sending Request |
| 259 | + activate P |
| 260 | + C->>P: Finishes Headers |
| 261 | + Note right of P: respondingTimeouts<br/>readTimeout |
| 262 | + C->>P: Finishes request |
| 263 | + deactivate P |
| 264 | + P->>U: Connection Started |
| 265 | + activate U |
| 266 | + Note right of U: forwardingTimeouts<br/>dialTimeout |
| 267 | + deactivate U |
| 268 | + P->>U: Starts sending Request |
| 269 | + P->>U: Finishes request |
| 270 | + P->>U: Finishes Headers |
| 271 | + U->>P: Starts Response |
| 272 | + activate U |
| 273 | + note right of U: forwardingTimeouts<br/>responseHeaderTimeout |
| 274 | + U->>P: Finishes Headers |
| 275 | + deactivate U |
| 276 | + U->>P: Finishes Response |
| 277 | + P->>C: Starts Response |
| 278 | + activate P |
| 279 | + P->>C: Finishes Headers |
| 280 | + Note right of P: respondingTimeouts<br/>writeTimeout |
| 281 | + P->>C: Finishes Response |
| 282 | + deactivate P |
| 283 | + Note right of P: Repeat if connection sharing |
| 284 | + Note right of U: respondingTimeouts<br/>idleTimeout<br/>Keepalive connections only |
| 285 | + deactivate U |
| 286 | + U->>C: Connection ended |
| 287 | +
|
| 288 | +``` |
| 289 | +#### F5 BIG-IP Timeouts |
| 290 | + |
| 291 | +Could not find any HTTP specific timeouts. PRs welcomed. 😊 |
| 292 | + |
| 293 | +#### Pipy Timeouts |
| 294 | + |
| 295 | +Could not find any HTTP specific timeouts. PRs welcomed. 😊 |
| 296 | + |
| 297 | +#### Litespeed WebADC Timeouts |
| 298 | + |
| 299 | +Could not find any HTTP specific timeouts. PRs welcomed. 😊 |
| 300 | + |
| 301 | + |
| 302 | +## API |
| 303 | + |
| 304 | +TBD. |
| 305 | + |
| 306 | + |
| 307 | +## Alternatives |
| 308 | + |
| 309 | +(List other design alternatives and why we did not go in that |
| 310 | +direction) |
| 311 | + |
| 312 | +## References |
| 313 | + |
| 314 | +(Add any additional document links. Again, we should try to avoid |
| 315 | +too much content not in version control to avoid broken links) |
0 commit comments