Envoy intermittently responds with 503 UC (upstream_reset_before_response_started{connection_termination})

[aqua777]

Title: Envoy intermittently responds with 503 UC (upstream_reset_before_response_started{connection_termination})

Description:

What issue is being seen? Describe what should be happening instead of
the bug, for example: Envoy should not crash, the expected value isn't
returned, etc.

We have a group of Envoy servers running as an Edge Proxy for a number of backend services. We configure these Envoy servers using in-house built xDS GRPC server. See example configuration dump attached to this issue.

We started noticing intermittent responses with error code 503 and response flag "UC" + upstream_reset_before_response_started{connection_termination} appearing in response code details. It seems that these responses are produced by Envoy and not returned by the backend services. We observed this issue while running Envoy versions v1.16 and v1.17.

We looked at some previously reported similar GitHub issues, such as:

• Bug: 503 UC sometimes, upstream_reset_before_response_started #8639
• Envoy issuing 503's intermittently  istio/istio#15285

We tried to change some configuration settings, namely:

• enable TCP Keep-alives
• adjust Idle Timeouts (for ex. use default values, disable idle timeout)

None of the actions mentioned above had any influence on the behavior of our Envoys' fleet.

Repro steps:
We have no repeatable method for reproducing these errors. They are very sporadic, ie. 1-2 per 100000 requests. They are spread across various clusters. Some of these clusters receive large and constant amount of requests so the possibility of the upstream connections to become idle is very unlikely.

Config:
See included in tarball attached to this issue

Logs:
This issue occurs in our Production environment where we do not have debug level logging enabled.

Can you please advise:

• why does the Envoy terminates connections?
• have this problem been reported by other Envoy's users?
• is there a possibility that requests are not distributed evenly across all backend servers which could lead to Envoy resetting upstream connections?
• what can we do on our side to eliminate this problem?

[aqua777]

envoy_503_upstream_reset_before_response_started.tar.gz

[antoniovicente]

cc @alyssawilk

One possible explanation for this class of problems may be that the upstream server closes the connection as the proxy starts sending the request. It may be helpful to know how long the upstream connection was open prior to the first request being sent on it.

[aqua777]

cc @alyssawilk

One possible explanation for this class of problems may be that the upstream server closes the connection as the proxy starts sending the request. It may be helpful to know how long the upstream connection was open prior to the first request being sent on it.

Thanks for possible explanation. We were considering this and there are factors that are against this assumption. Prior to using Envoys our load balancing were based on hardware Load Balancers. With hardware LBs we haven't seen such behavior, ie. connection terminations by backend servers. After switching to Envoys we started seeing behavior described in this issue across multiple clusters, large and small, using different webservers, serving various amount of requests, all kinds of differences.

[yanavlasov]

The error code indicates that it not Envoy that terminated the connection but rather the upstream server (or intervening network infrastructure). Did you look at the counters? For instance any of the upstream_cx_... error counters corresponding to disconnects?

[aqua777]

@yanavlasov thank you for suggestion. In our infrastructure we have some restrictions in how many metrics we can send to Prometheus servers so we had to configure Envoy to use inclusion patterns for metrics. upstream_cx_destroy... metrics are not on that list, we will add them and will provide more details shortly.

[aqua777]

We've managed to capture one of the requests resulting in 503 response code, see the output below:

[2021-02-09 14:23:14.220][24][debug][conn_handler] [source/server/connection_handler_impl.cc:501] [C1876] new connection
[2021-02-09 14:23:14.222][24][debug][http] [source/common/http/conn_manager_impl.cc:254] [C1876] new stream
[2021-02-09 14:23:14.222][24][debug][http] [source/common/http/conn_manager_impl.cc:886] [C1876][S15748738241223205728] request headers complete (end_stream=true):
':authority', '...'
':path', '/...'
':method', 'GET'
'x-jwt', '***'
'accept', 'application/json'
'connection', 'close'

[2021-02-09 14:23:14.222][24][debug][http] [source/common/http/filter_manager.cc:755] [C1876][S15748738241223205728] request end stream
[2021-02-09 14:23:14.222][24][debug][router] [source/common/router/router.cc:425] [C1876][S15748738241223205728] cluster 'some_cluster' match for URL '/...'
[2021-02-09 14:23:14.222][24][debug][router] [source/common/router/router.cc:582] [C1876][S15748738241223205728] router decoding headers:
':authority', '...'
':path', '/...'
':method', 'GET'
':scheme', 'http'
'x-jwt', '***'
'accept', 'application/json'
'x-forwarded-for', 'x.x.x.x'
'x-forwarded-proto', 'https'
'x-envoy-internal', 'true'
'x-request-id', 'f3859bd9-2f6b-4e97-af6a-1ead24aef8a7'
'x-envoy-expected-rq-timeout-ms', '303000'

[2021-02-09 14:23:14.222][24][debug][router] [source/common/router/upstream_request.cc:354] [C1876][S15748738241223205728] pool ready
[2021-02-09 14:23:14.223][24][debug][router] [source/common/router/router.cc:1026] [C1876][S15748738241223205728] upstream reset: reset reason: connection termination, transport failure reason:
[2021-02-09 14:23:14.223][24][debug][http] [source/common/http/filter_manager.cc:839] [C1876][S15748738241223205728] Sending local reply with details upstream_reset_before_response_started{connection termination}
[2021-02-09 14:23:14.223][24][debug][http] [source/common/http/conn_manager_impl.cc:1429] [C1876][S15748738241223205728] closing connection due to connection close header
[2021-02-09 14:23:14.223][24][debug][http] [source/common/http/conn_manager_impl.cc:1484] [C1876][S15748738241223205728] encoding headers via codec (end_stream=false):
':status', '503'
'content-length', '95'
'content-type', 'text/plain'
'date', 'Tue, 09 Feb 2021 14:23:13 GMT'
'server', 'envoy'
'connection', 'close'

[2021-02-09 14:23:14.223][24][debug][connection] [source/common/network/connection_impl.cc:132] [C1876] closing data_to_write=248 type=2
[2021-02-09 14:23:14.223][24][debug][connection] [source/common/network/connection_impl_base.cc:47] [C1876] setting delayed close timer with timeout 1000 ms
[2021-02-09 14:23:14.223][24][debug][connection] [source/common/network/connection_impl.cc:696] [C1876] write flush complete

[alyssawilk]

So offhand this still looks like an upstream disconnect. Any chance you can capture a package trace to see if that's what is happening? Are you using HTTP/1.1 by any chance? There's a known race where if upstream sends response1 and closes the connection _without_ sending normal connection close headers, that Enovy will read the response and can reassign the connection to a new stream before picking up the tcp FIN, resulting in near immediate reset.

…

On Tue, Feb 9, 2021 at 10:50 AM aqua777 ***@***.***> wrote: We've managed to capture one of the requests resulting in 503 response code, see the output below: [2021-02-09 14:23:14.220][24][debug][conn_handler] [source/server/connection_handler_impl.cc:501] [C1876] new connection [2021-02-09 14:23:14.222][24][debug][http] [source/common/http/conn_manager_impl.cc:254] [C1876] new stream [2021-02-09 14:23:14.222][24][debug][http] [source/common/http/conn_manager_impl.cc:886] [C1876][S15748738241223205728] request headers complete (end_stream=true): ':authority', '...' ':path', '/...' ':method', 'GET' 'x-jwt', '***' 'accept', 'application/json' 'connection', 'close' [2021-02-09 14:23:14.222][24][debug][http] [source/common/http/filter_manager.cc:755] [C1876][S15748738241223205728] request end stream [2021-02-09 14:23:14.222][24][debug][router] [source/common/router/router.cc:425] [C1876][S15748738241223205728] cluster 'some_cluster' match for URL '/...' [2021-02-09 14:23:14.222][24][debug][router] [source/common/router/router.cc:582] [C1876][S15748738241223205728] router decoding headers: ':authority', '...' ':path', '/...' ':method', 'GET' ':scheme', 'http' 'x-jwt', '***' 'accept', 'application/json' 'x-forwarded-for', '10.64.x.x' 'x-forwarded-proto', 'https' 'x-envoy-internal', 'true' 'x-request-id', 'f3859bd9-2f6b-4e97-af6a-1ead24aef8a7' 'x-envoy-expected-rq-timeout-ms', '303000' [2021-02-09 14:23:14.222][24][debug][router] [source/common/router/upstream_request.cc:354] [C1876][S15748738241223205728] pool ready [2021-02-09 14:23:14.223][24][debug][router] [source/common/router/router.cc:1026] [C1876][S15748738241223205728] upstream reset: reset reason: connection termination, transport failure reason: [2021-02-09 14:23:14.223][24][debug][http] [source/common/http/filter_manager.cc:839] [C1876][S15748738241223205728] Sending local reply with details upstream_reset_before_response_started{connection termination} [2021-02-09 14:23:14.223][24][debug][http] [source/common/http/conn_manager_impl.cc:1429] [C1876][S15748738241223205728] closing connection due to connection close header [2021-02-09 14:23:14.223][24][debug][http] [source/common/http/conn_manager_impl.cc:1484] [C1876][S15748738241223205728] encoding headers via codec (end_stream=false): ':status', '503' 'content-length', '95' 'content-type', 'text/plain' 'date', 'Tue, 09 Feb 2021 14:23:13 GMT' 'server', 'envoy' 'connection', 'close' [2021-02-09 14:23:14.223][24][debug][connection] [source/common/network/connection_impl.cc:132] [C1876] closing data_to_write=248 type=2 [2021-02-09 14:23:14.223][24][debug][connection] [source/common/network/connection_impl_base.cc:47] [C1876] setting delayed close timer with timeout 1000 ms [2021-02-09 14:23:14.223][24][debug][connection] [source/common/network/connection_impl.cc:696] [C1876] write flush complete — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#14981 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AELALPKR3CDHEKREUCQBYM3S6FKVDANCNFSM4XJJRKNA> .

[aqua777]

@alyssawilk AFAIK, these requests are using HTTP/1.1 indeed. By upstream disconnect do you mean that in your interpretation the connection is being reset by the upstream side?

What would you recommend to capture package trace? Something like tcpdump or do you have other tools in mind?

[alyssawilk]

Yeah, so if I had to bet I'd guess your upstream is sending a response without a connection close header, then closing the connection. a TCP dump will tell you if this is indeed what's happening (if upstream is sending that TCP FIN), and confirm or deny you're hitting the race I mentioned. Unfortunately there's not a ton Envoy can do here today - generally we encourage folks to make sure if the upstream is closing HTTP/1.1 connections it use the connection: close header (which will cause Envoy to not reuse the connection, and avoid the race entirely).

…

On Tue, Feb 9, 2021 at 12:28 PM aqua777 ***@***.***> wrote: @alyssawilk <https://github.com/alyssawilk> AFAIK, these requests are using HTTP/1.1 indeed. By upstream disconnect do you mean that in your interpretation the connection is being reset by the upstream side? What would you recommend to capture package trace? Something like tcpdump or do you have other tools in mind? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#14981 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AELALPNLD44Z47K4BAPV3RLS6FWDVANCNFSM4XJJRKNA> .