Opened 4 weeks ago

Closed 3 weeks ago

#1887 closed enhancement (wontfix)

Add option to enable passthrough of HTTP/2 ping with grpc_pass

Reported by: jjeising@… Owned by:
Priority: major Milestone:
Component: nginx-module Version: 1.17.x
Keywords: grpc_pass http_v2 http_grpc gRPC Cc:
uname -a: Linux srv-hyperv-centos7 3.10.0-1062.1.2.el7.x86_64 #1 SMP Mon Sep 30 14:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.16.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

Description

gRPC has multiple options for keepalive, which are especially relevant for streaming messages:

https://github.com/grpc/grpc/blob/master/doc/keepalive.md

With these you are able to track disappearing clients and narrow connection latency. gRPC uses HTTP/2 ping messages for keepalives. When proxying through nginx, nginx does not passthrough ping messages to the client.

When using nginx with gRPC you currently have to implement a form of keepalive yourself. Send and receive timeouts from nginx are not helpful, as we use gRPC with long-lived streaming connections.

Possible solutions:

  • Add an option to passthrough HTTP/2 ping messages to the gRPC backend: grpc_ping_passthrough yes/no.
  • Add ability to send keepalive pings from nginx. In this case nginx would need additional options and nginx would have to terminate the connection if there is no response to the ping messages, similar to what gRPC does.

Change History (1)

comment:1 Changed 3 weeks ago by mdounin

  • Resolution set to wontfix
  • Status changed from new to closed

In case of proxying, the same connection to the backend can be used for requests from different clients. Further, in theory (assuming nginx will support multiplexing at some point) it can be used for requests from different clients at the same time. Passing pings to a particular clients somewhat contradicts this.

Also, there is no connection between the client and a backend as long as there is no active request. And if there are more than one active request from the client, there will be more than one client-server connection.

That is, HTTP/2 pings are good to check peer-to-peer connections, but cannot be effectively used to check end-to-end connectivity for proxied connections.

If you want to track disappearing clients with nginx, a better option might be to use TCP keepalives, which are supported for all connections, not just HTTP/2. See so_keepalive= parameter of the listen directive.

Note: See TracTickets for help on using tickets.