How to limit incoming http2 connection number in ingress gateway

Hi all,
I want to limit the incoming HTTP2 connection in ingress gateway. but I don’t find the method to limit the incoming http2 connection number in both istio and envoy proxy doc, did I miss anything.

I can use DestinationRule->tcp->maxConnections to limit incoming TCP connection for TCP protocol (not for HTTP) because it is 1:1 from incoming to outgoing to upstream host for tcp connection.

But for HTTP2, the tcp maxConnections in DestinationRule is useless for the HTTP2 connection is limited by envoyproxy worker thread number. and this is not 1:1 between incoming and outgoing connection.

Thanks for any hint.

For http2, the closest you can use is https://github.com/istio/api/blob/edd38d54b252a1bc310966d8e14af9b920a0a86e/networking/v1alpha3/destination_rule.proto#L610 - max_connections also applies for Http1 but not for http2.
If you want http2 to behave similar Http1 you need to set “max_requests_per_connection” to 1. Istio does not support this by default, but you can do that by writing custom Envoy filter

See https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking.html?highlight=circuit%20breaker%20settings#circuit-breaking

@ramaraochavali thanks for your information.
max_requests_per_connection can be configured by using DestinationRule in param "maxRequestsPerConnection” , and it is for envoyproxy cluster configuration, set it to 1 which mean the max stream id in the http/2 connection towards upstream is 1, and after 1 request, the http2 connection need to re-connect, I don’ think it is recommended method to use http/2. And I also don’t think it can limit the incoming http/2 connection number, because the upstream http/2 connection pool is separated from incoming http2 connection.

Seems envoy proxy (1.14) start to support limit connection number as below, but seems it can not be configured by using istio envoyfilter API.

• Listener connection limits.
• Global downstream connection limits.