Istio ingress and AWS ALB idle timeout

vadimi · March 19, 2019, 1:29am

Hello,

We run istio 1.0.6 with Ingress configured as NodePort, we also have ALB configured for those ports. After about 24 hours or --conntrack-tcp-timeout-established timeout configured in kube-proxy settings we’re getting 502 errors on the ALB. It happens due to non graceful tcp connection termination by conntrack module that kube-proxy configures. The only option I found on how to fix it is to patch istio pilot to configure idle_timeout of the ingress. Unfortunately istio does not expose it.

Does anyone use istio with ALB? If yes, how do you deal with those timeouts? Is there a configuration I’m missing on how to configure it?

rshriram · March 20, 2019, 10:13pm

There is no configuration as of now. but its relatively easy to add in the mesh config

vadimi · March 21, 2019, 1:39am

I’d be happy to contribute. Something like google.protobuf.Duration ingress_idle_timeout = 37; in MeshConfig of config.proto?

rshriram · March 23, 2019, 12:24am

http_idle_timeout… it would apply globally across all connections (edge and internal)

hzxuzhonghu · March 23, 2019, 9:40am

Would http_idle_timeout apply to http2 connection? If so, i think it’s not user expected.

vadimi · March 25, 2019, 6:47pm

@rshriram I submitted the following PR: https://github.com/istio/api/pull/879

Please note there is a similar one already: https://github.com/istio/api/pull/799

Topic		Replies	Views
Upgrading from 1.14.x to 1.15.x Breaks Connectivity with AWS ELB	3	588	January 25, 2023
Connection hangs and unexpected 15s Idle connection timeout at gateway - Istio 1.6.12 Networking	7	7438	March 10, 2021
Repeated termination of a series of Websocket connection Upgrade request and then succeeds eventually	0	1679	July 24, 2020
Istio-ingressgateway pod downsizing causes 502 responses from loadbalancer (ALB) Networking	1	3082	February 10, 2020
Istio: Application/Service timing out Networking	0	344	September 9, 2020

Istio ingress and AWS ALB idle timeout

Related topics