io: add connection backoff #3191
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kabakaev
force-pushed
the
connection-backoff
branch
from
b8ab27b to
995a16d
Compare
kabakaev
commented
Mar 12, 2021
kabakaev
force-pushed
the
connection-backoff
branch
2 times, most recently
from
29b0523 to
f449406
Compare
src/flb_io.c
Outdated
| @@ -63,9 +63,56 @@ | |||
| #include <fluent-bit/flb_coro.h> | |||
| #include <fluent-bit/flb_http_client.h> | |||
|
|
|||
| /* Increase backoff time of an upstream */ | |||
| void flb_io_backoff_upstream(struct flb_upstream *u) | |||
There was a problem hiding this comment.
Maybe declare static instead of adding to header?
| @@ -342,6 +393,10 @@ static FLB_INLINE ssize_t net_io_read_async(struct flb_coro *co, | |||
| int flb_io_net_write(struct flb_upstream_conn *u_conn, const void *data, | |||
There was a problem hiding this comment.
Maybe also handle backoff in flb_io_net_read?
kabakaev
force-pushed
the
connection-backoff
branch
from
f449406 to
4358cea
Compare
edsiper
requested changes
Mar 20, 2021
src/flb_upstream.c
Outdated
| @@ -65,6 +65,18 @@ struct flb_config_map upstream_net[] = { | |||
| "before it is retired." | |||
| }, | |||
|
|
|||
| { | |||
| FLB_CONFIG_MAP_TIME, "net.initial_backoff", "0s", | |||
There was a problem hiding this comment.
- can you rename the property to something like
net.backoff_init?
src/flb_upstream.c
Outdated
| }, | ||
|
|
||
| { | ||
| FLB_CONFIG_MAP_TIME, "net.max_backoff", "0s", |
There was a problem hiding this comment.
same as before: net.backoff_max
include/fluent-bit/flb_upstream.h
Outdated
| @@ -83,6 +83,10 @@ struct flb_upstream { | |||
| #endif | |||
|
|
|||
| struct mk_list _head; | |||
|
|
|||
| /* Backoff state. */ | |||
| time_t next_attempt_time; | |||
There was a problem hiding this comment.
please prefix the variable with backoff_...
include/fluent-bit/flb_upstream.h
Outdated
|
|
||
| /* Backoff state. */ | ||
| time_t next_attempt_time; | ||
| int last_backoff_seconds; |
edsiper
added
the
waiting-for-user
kabakaev
force-pushed
the
connection-backoff
branch
from
4358cea to
4a5e951
Compare
Signed-off-by: Alexander Kabakaev <[email protected]>
kabakaev
force-pushed
the
connection-backoff
branch
from
4a5e951 to
b58cfc0
Compare
@edsiper, thanks for quick review! The suggested changes are implemented. PTAL |
|
@kabakaev can you pls fix the conflicts so we can do final review/merge ? |
|
Hi @kabakaev, can you please review the requested changes? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In normal operation,
fluent-bitreuses TCP connections, hence new messages are flushed without sending a TCP SYN.But if an output connection cannot be established, then each
flb_io_net_write()call will trigger connection setup and will send a series of TCP SYN packets (one per thread?).The actual issue is described in #3103.
We observed this issue when hundreds of
fluent-bitagents tried to send logs viaforwardto a set of receivingfluent-bits, which were all down due to config error. The receiving FLB was hosted behind an openstack load balancer, a Linux stateful firewall and atraefikingress controller.Apart from high load, the flood of SYN packets may exhaust the connection tracking table, impacting the whole network infrastructure.
Fixes #3103.
This PR is inspired by GRPC backoff implementation.
Backoff is disabled by default.
If enabled, backoff will limit the number of TCP SYN packets during an output destination outage (raw data):
This chart shows rate of TCP SYN packets. The data is collected by
tcpdumpas described inHow to testsection below.Testing
Example of backoff configuration is given below.
Valgrind output is uploaded to my gist.
Documentation
Documentation for this feature is submitted as docs PR491.
How to test
Compile this version:
Collect SYN packets without backoff
Simulate connection timeout and run
tcpdumpon a separate console:and start
fluent-bitwithout backoff settings:timeout -s SIGKILL 5m \ bin/fluent-bit -vv \ -i dummy -p 'rate=1000000' \ -o forward://127.0.0.1:24224 -p 'retry_limit=1' \ 2>&1 | tee run5m_backoff0.log # Fluent Bit v1.8.0 # ... # [2021/03/08 18:27:32] [ warn] [engine] failed to flush chunk '869680-1615224452.505695198.flb', retry in 6 seconds: task_id=189, input=dummy.0 > output=forward.0 (out_id=0) # KilledCollect SYN packets with initial backoff of 1 second
Simulate connection timeout and run
tcpdumpon a separate console:and start
fluent-bitwith backoff settings:timeout -s SIGKILL 5m \ bin/fluent-bit -vv \ -i dummy -p 'rate=1000000' \ -o forward://127.0.0.1:24224 -p 'retry_limit=1' -p 'net.backoff_init=1' -p 'net.backoff_max=60' \ 2>&1 | tee run5m_backoff1.log # Fluent Bit v1.8.0 # ... # [2021/03/08 18:27:31] [debug] [upstream] skipping connection to 127.0.0.1:24224 because of connection backoff for another 28 seconds # [2021/03/08 18:27:32] [ warn] [engine] failed to flush chunk '869680-1615224452.505695198.flb', retry in 6 seconds: task_id=189, input=dummy.0 > output=forward.0 (out_id=0) # KilledFluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.
Alexander Kabakaev [email protected], Daimler TSS GmbH, imprint