Rethink Route Idle Timeout Autoconfig

[guydc]

Description:

Background

Currently, Envoy Gateway will auto-configure idle_timeout only if the route's timeout is configured.

• The default value is 1hr
• If the route's timeout is disabled, idle_timeout is disabled
• if the route's timeout is greater than 1hr, the idle_timeout is increased to timeout.

gateway/internal/xds/translator/route.go

Lines 384 to 401 in ed5e7e4

	func idleTimeout(httpRoute *ir.HTTPRoute) *durationpb.Duration {
	rt := getEffectiveRequestTimeout(httpRoute)
	timeout := time.Hour // Default to 1 hour
	if rt != nil {
	// Ensure is not less than the request timeout
	if timeout < rt.Duration {
	timeout = rt.Duration
	}
	// Disable idle timeout when request timeout is disabled
	if rt.Duration == 0 {
	timeout = 0
	}
	return durationpb.New(timeout)
	}
	return nil
	}

This seems to contradict recommendations from the Envoy proxy project to use stream_idle_timeout/route.idle_timeout when route.timeout is disabled.

A route timeout is the amount of time that Envoy will wait for the upstream to respond with a complete response. This timeout does not start until the entire downstream request stream has been received.

Attention

This timeout defaults to 15 seconds, however, it is not compatible with streaming responses (responses that never end), and will need to be disabled. Stream idle timeouts should be used in the case of streaming APIs as described elsewhere on this page.

Recommendation appears to be: use stream_idle_time instead of timeout when streaming: instead of timing out if request/response take too long, time out when the stream become inactive.

The route's idle_timeout overrides stream_idle_timeout:

The route idle_timeout allows overriding of the HTTP connection manager stream_idle_timeout and does the same thing.

This logic was added in #2708 to improve conformance with GW-API, which doesn't distinguish between these two different timeouts.

Envoy Gateway also support the stream_idle_timeout option in ClientTrafficPolicy. However, since idle_timeout overrides stream_idle_timeout, route timeouts can have an unexpected side-effect of canceling the explicitly-configured stream_idle_timeout.

Users may want, for security and resource management reasons, to disable route timeout in long-running streaming connections, but enforce some sort of stream_idle_timeout/idle_timeout.

Options

1. when CTP stream_idle_timeout is configured, avoid auto-configuration the route's idle_timeout, and allow the HCM-level value to win.
2. Make idle_timeout configurable through BTP

Relevant Links:

https://www.envoyproxy.io/docs/envoy/latest/faq/configuration/timeouts

[Aditya7880900936]

Hi @guydc

I’m interested in picking up this issue if it’s still unassigned.
I’ve gone through the description and relevant code paths and am ready to start working on it.

Could you please let me know if it’s okay for me to take this up?
Thanks!

[guydc]

Hi @Aditya7880900936 !
Thanks for volunteering.

I think that we need to reach a decision on which direction should be taken here. This issue deals with a conflict between core GW-API semantics and EG extended capabilities, so we should probably reach a consensus here first.

[Aditya7880900936]

Thanks for the clarification @guydc.

That makes sense — I see how this touches both core Gateway API semantics and Envoy Gateway–specific extensions.

I’m happy to help on the decision side as well. I’ll take a deeper look at:

• how idle timeout is defined in core GW API today
• what Envoy supports at the route vs connection level
• possible options for exposing this in EG without conflicting with upstream semantics

I can share a short summary or proposal here to help drive consensus before any implementation.

[arkodg]

this feels like a bug, +1 for option 1

[Aditya7880900936]

Thanks for the context @guydc and @arkodg — agreed this needs a clear direction first given the overlap between core Gateway API semantics and Envoy Gateway extensions.

Based on the discussion, I’m leaning toward option 1 as well, treating this as a bug where route.idle_timeout should not be auto-inferred from timeout when the latter is explicitly disabled.

I’m currently digging into:

how timeout vs stream_idle_timeout is defined in core Gateway API

how Envoy Gateway maps these today at route vs HCM level

what changes would keep us aligned with GW semantics while avoiding unexpected behavior for streaming use cases

I can put together a short proposal summarizing findings and a suggested direction for consensus.
If that sounds reasonable, I’m happy to continue and follow up with a draft PR once the direction is agreed.

[arkodg]

@Aditya7880900936 thanks for jumping in here, recommend wrapping up other pending issues before picking this one up and allowing other contributors to pick this one up

[Aditya7880900936]

Thanks for the guidance @arkodg — that makes sense.

I’ll hold off on pushing further here until the pending issues are wrapped up. In the meantime, I’ll continue following the discussion and refining my understanding of the timeout semantics so I’m ready to help once this is unblocked.

Happy to jump back in when it makes sense

[zhaohuabing]

when CTP stream_idle_timeout is configured, avoid auto-configuration the route's idle_timeout, and allow the HCM-level value to win.

If route.timeout is configured and it's greater than the default or CTP stream_idle_timeout, would the problem that has been fixed in #2708 happen again?

It seems very likely to happen since the default HCM level stream_idel_timeout in Envoy is 5 minutes.

IMO, it makes sense to add a stream_idle_timeout at the Gateway API layer in the HTTPRoute besides the request timeout, since it doesn't exist today,should we :

• Allow route-level stream_idle_timeout configuration in BTP for streaming HTTP.
• When a route-level stream_idle_timeout is configured, ignore the route-level HTTP timeout (or explicitly fail route validation if a request timeout is also set).

[guydc]

Yes, this is a conflict between GW-API semantics and Envoy/EG best practices and config options, best solved by implementing a dedicated timeout in the GW-API layer.

If route.timeout is configured and it's greater than the default or CTP stream_idle_timeout, would the problem that has been fixed in #2708 happen again?

I meant that in this case, HCM-level value would be the one configured by the end user in CTP. So, the 5 minute default would be replaced by an explicit value determined by the user in stream_idle_timeout, instead of being derived from GW-API route timeout. This would allow users to allow long-running streaming responses, but also timeout if the response stream becomes inactive after a predetermined amount of time.

I think that we don't need another stream_idle_timeout in BTP for that, unless we want to allow further granularity, in which case, we can translate stream_idle_timeout explicitly to the route's idle_timeout instead of auto-configuring it.