Configuring Socket Options

Available in Gloo Edge as of v1.7.0-beta11, v1.6.6 and v1.5.16.

Socket options can have considerable effects. The configurations provided in this guide are not production proven, so please be careful!

Configuring Keep-Alive For Downstream Connections to Envoy

One use case for this, is when an AWS NLB is deployed in front of Gloo Edge. This is a powerful combination that we recommend. However, AWS NLB’s have an idle timeout of 350 seconds that cannot be changed. Therefore, we need to configure TCP keep alive, to keep the socket open during long idle periods.

Some users avoid this issue altogether by using a kubernetes controller for elastic load balancers, instead of an AWS NLB

Without Keep-Alive

Without using socket options to configure keep-alive, the connection between the Gloo Edge proxy and AWS NLB is silently closed after a period less than 350 seconds. The client then makes a request, and a reset packet (RST) is returned by the NLB. Since the client doesn’t know how to handle the reset packet, it closes the socket.

With Keep-Alive

With keep-alive configured, the Gloo Edge proxy will send a TCP_KEEPALIVE packet at a regular interval, ensuring that the socket remains open.

Example Socket Options to Configure Keep-Alive

Here is an example set of socket options to configure keep alive:

- description: "enable keep-alive" # socket level options
  level: 1 # means socket level options
  name: 9 # means the keep-alive parameter
  intValue: 1 # a nonzero value means "yes"
- description: "idle time before first keep-alive probe is sent" # TCP protocol
  level: 6 # IPPROTO_TCP
  name: 4 # TCP_KEEPIDLE parameter - The time (in seconds) the connection needs to remain idle before TCP starts sending keepalive probes
  intValue: 90 # seconds
- description: "keep-alive probes count" # TCP protocol
  level: 6 # IPPROTO_TCP
  name: 6 # the TCP_KEEPCNT parameter - The maximum number of keepalive probes TCP should send before dropping the connection
  intValue: 8 # number of failed probes