From a9663b37c42fcfad6a8680d19ee71d4f23cdc6f3 Mon Sep 17 00:00:00 2001 From: "data-plane-api(Azure Pipelines)" Date: Thu, 11 Feb 2021 04:44:50 +0000 Subject: [PATCH] http2: Change accounting of WINDOW_UPDATE frames (#14924) Signed-off-by: Yan Avlasov Mirrored from https://github.com/envoyproxy/envoy @ 5bdcdd63b348829b5e0ea1612c97168c8ce41750 --- envoy/config/core/v3/protocol.proto | 18 ++++++++++++------ envoy/config/core/v4alpha/protocol.proto | 18 ++++++++++++------ 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/envoy/config/core/v3/protocol.proto b/envoy/config/core/v3/protocol.proto index 7108fba3..069028d2 100644 --- a/envoy/config/core/v3/protocol.proto +++ b/envoy/config/core/v3/protocol.proto @@ -301,9 +301,12 @@ message Http2ProtocolOptions { // of PRIORITY frames received over the lifetime of connection exceeds the value calculated // using this formula:: // - // max_inbound_priority_frames_per_stream * (1 + inbound_streams) + // max_inbound_priority_frames_per_stream * (1 + opened_streams) // - // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks + // the connection is terminated. For downstream connections the `opened_streams` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connection the + // `opened_streams` is incremented when Envoy send the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks // the number of connections terminated due to flood mitigation. The default limit is 100. // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the // `envoy.reloadable_features.upstream_http2_flood_checks` flag. @@ -313,11 +316,14 @@ message Http2ProtocolOptions { // of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated // using this formula:: // - // 1 + 2 * (inbound_streams + - // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) + // 5 + 2 * (opened_streams + + // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) // - // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks - // the number of connections terminated due to flood mitigation. The default limit is 10. + // the connection is terminated. For downstream connections the `opened_streams` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connections the + // `opened_streams` is incremented when Envoy sends the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks the number of connections terminated due to + // flood mitigation. The default max_inbound_window_update_frames_per_data_frame_sent value is 10. // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, // but more complex implementations that try to estimate available bandwidth require at least 2. // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the diff --git a/envoy/config/core/v4alpha/protocol.proto b/envoy/config/core/v4alpha/protocol.proto index 86bec0ec..4f6347c9 100644 --- a/envoy/config/core/v4alpha/protocol.proto +++ b/envoy/config/core/v4alpha/protocol.proto @@ -308,9 +308,12 @@ message Http2ProtocolOptions { // of PRIORITY frames received over the lifetime of connection exceeds the value calculated // using this formula:: // - // max_inbound_priority_frames_per_stream * (1 + inbound_streams) + // max_inbound_priority_frames_per_stream * (1 + opened_streams) // - // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks + // the connection is terminated. For downstream connections the `opened_streams` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connection the + // `opened_streams` is incremented when Envoy send the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks // the number of connections terminated due to flood mitigation. The default limit is 100. // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the // `envoy.reloadable_features.upstream_http2_flood_checks` flag. @@ -320,11 +323,14 @@ message Http2ProtocolOptions { // of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated // using this formula:: // - // 1 + 2 * (inbound_streams + - // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) + // 5 + 2 * (opened_streams + + // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) // - // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks - // the number of connections terminated due to flood mitigation. The default limit is 10. + // the connection is terminated. For downstream connections the `opened_streams` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connections the + // `opened_streams` is incremented when Envoy sends the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks the number of connections terminated due to + // flood mitigation. The default max_inbound_window_update_frames_per_data_frame_sent value is 10. // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, // but more complex implementations that try to estimate available bandwidth require at least 2. // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the