Istio ingress and AWS ALB idle timeout

vadimi · March 19, 2019, 1:29am

Hello,

We run istio 1.0.6 with Ingress configured as NodePort, we also have ALB configured for those ports. After about 24 hours or --conntrack-tcp-timeout-established timeout configured in kube-proxy settings we’re getting 502 errors on the ALB. It happens due to non graceful tcp connection termination by conntrack module that kube-proxy configures. The only option I found on how to fix it is to patch istio pilot to configure idle_timeout of the ingress. Unfortunately istio does not expose it.

Does anyone use istio with ALB? If yes, how do you deal with those timeouts? Is there a configuration I’m missing on how to configure it?

rshriram · March 20, 2019, 10:13pm

There is no configuration as of now. but its relatively easy to add in the mesh config

vadimi · March 21, 2019, 1:39am

I’d be happy to contribute. Something like google.protobuf.Duration ingress_idle_timeout = 37; in MeshConfig of config.proto?

rshriram · March 23, 2019, 12:24am

http_idle_timeout… it would apply globally across all connections (edge and internal)

hzxuzhonghu · March 23, 2019, 9:40am

Would http_idle_timeout apply to http2 connection? If so, i think it’s not user expected.

vadimi · March 25, 2019, 6:47pm

@rshriram I submitted the following PR: https://github.com/istio/api/pull/879

Please note there is a similar one already: https://github.com/istio/api/pull/799

Topic		Replies	Views
Connection hangs and unexpected 15s Idle connection timeout at gateway - Istio 1.6.12 Networking	7	6508	March 10, 2021
Istio-ingressgateway pod downsizing causes 502 responses from loadbalancer (ALB) Networking	1	2629	February 10, 2020
Istio Install Failing	2	1095	May 14, 2021
Using Istio with ALB on AWS EKS	2	5060	January 18, 2021
How increase connectTimeout over 10s in PassThroughCluster or BlackHole OR increase Connection to Istio proxy	0	661	November 10, 2019

Istio ingress and AWS ALB idle timeout

Related Topics