more granular 5xx retry policy

[ikruglov]

(cross-posting from envoy-users for tracking an issue)

What do you guys think about having more granular retry policy rather than just 5xx?

The motivation behind this post is that:

1. we use nginx + uwsgi at $work.
2. setting 5xx as default retry policy is not safe due to possible non-idempotent requests: did data arrive on the server? did server process them?
3. however, in our setup, 502 errors are common: nginx failed to talk to uwsgi for whatever reason. Retry is safe, no data hit uwsgi. Same for 503 btw.

Basically, what I'm trying to achieve is to provide safe default retry policy for my users which would be: "connect-failure" + 502 + 503.

I see that envoy's code base has:

static bool isGatewayError(uint64_t code) { return code >= 502 && code < 505; }

which made me think about having retry policy: "gateway_error". This policy would cover my needs but as a downside includes 504 which is redundant.

Alternatively, maybe explicitly enumerating HTTP response codes? retry_on=connect_failure,502,503

[ggreenway]

I think configurable policy makes sense. It's also worth considering whether the request is idempotent or not, and allowing configuration based on that.

[mattklein123]

I think configurable policy makes sense. It's also worth considering whether the request is idempotent or not, and allowing configuration based on that.

Note the policy is already configurable, we just need to add additional configuration options. It's quite easy to add new retry policy types so I marked this issue help wanted/beginner.

[JonathanO]

I think including the 504 in the retry policy would not only be redundant, but potentially unsafe in similar use-cases to yours, as it could retry non-idempotent requests without knowing whether or not the origin actually started processing them before the timeout.

[dio]

Hi, if it is OK, I want to take this one.

Is adding something like

+  if (retry_on_ & RetryPolicy::RETRY_ON_GATEWAY_ERROR) {
+    if (Http::CodeUtility::isGatewayError(Http::Utility::getResponseStatus(*response_headers))) {
+      return true;
+    }
+  }
+

inside 9cf18ca#diff-d58c0249f29ef1a16cc0661e2c56c5d9R171 something that we're looking for?

[mattklein123]

@dio yes, that is roughly correct. This will need doc updates and a new configuration option to turn this on also. I would do the data-plane-api PR for that and we can discuss there. Thank you!