Description
Introduction
This proposal suggests adding support for HTTP/2 Ping functionality in Istio's DestinationRule configuration under the http connection pool settings. This feature will be based on Envoy’s connection_keepalive configuration, allowing for more refined control over the behavior of HTTP/2 connections by enabling periodic PING frames to maintain connection health and detect broken or idle connections.
Motivation
HTTP/2 offers significant benefits, including multiplexing and reduced latency, but long-lived connections may face issues like idle timeouts, broken connections, or network disruptions. By introducing HTTP/2 Ping options in Istio's DestinationRule connection pool settings, users will be able to configure PING frames to:
- Keep connections alive: Periodic PING frames ensure that connections are not prematurely closed by intermediate proxies or network devices.
- Detect unresponsive peers: By setting timeouts on PING responses, unresponsive connections can be terminated early.
- Increase resilience in unreliable networks: PING frames help maintain persistent HTTP/2 connections in cloud and distributed environments with unstable or intermittent network conditions.
Proposed Change
The following syntax illustrates the proposed addition of HTTP/2 Ping settings within the DestinationRule:
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: my-service-destination-rule
spec:
host: my-service
trafficPolicy:
connectionPool:
http:
http2ProtocolOptions:
connectionKeepalive:
# Interval (in seconds) between keepalive pings to prevent idle timeouts
interval: 15s
# Timeout (in seconds) to wait for a PING response before marking the connection unhealthy
timeout: 5sMapping to Envoy Configuration: Internally, these options will map to Envoy’s connection_keepalive as follows:
interval: Maps to Http2ProtocolOptions.connection_keepalive.interval, which defines how frequently PING frames are sent to keep the connection alive.timeout: Maps to Http2ProtocolOptions.connection_keepalive.timeout, which defines how long to wait for a response to the PING before considering the connection to be unhealthy.
Example Envoy configuration:
{
"http2_protocol_options": {
"connection_keepalive": {
"interval": "15s",
"timeout": "5s",
}
}
}Alternatives Considered
- TCP Keep-Alive: While TCP-level keep-alive can also be used, it operates at the transport layer and lacks the flexibility that HTTP/2’s PING frames offer, which provide application-layer visibility into connection health.
- Application-Specific PINGs: Applications could implement their own mechanisms to send PINGs, but this adds unnecessary complexity and overhead when HTTP/2 already supports native PING capabilities.
Affected product area (please put an X in all that apply)
[ ] Ambient
[ ] Docs
[ ] Dual Stack
[ ] Installation
[x] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
Additional context