Source File:


Fine tune the settings for connections to an upstream

"maxRequestsPerConnection": int
"connectTimeout": .google.protobuf.Duration
"perConnectionBufferLimitBytes": .google.protobuf.UInt32Value

Field Type Description
maxRequestsPerConnection int Maximum requests for a single upstream connection (unspecified or zero = no limit).
connectTimeout .google.protobuf.Duration The timeout for new network connections to hosts in the cluster.
tcpKeepalive Configure OS-level tcp keepalive checks.
perConnectionBufferLimitBytes .google.protobuf.UInt32Value Soft limit on size of the cluster’s connections read and write buffers. If unspecified, an implementation defined default is applied (1MiB). For more info, see the envoy docs.
commonHttpProtocolOptions Additional options when handling HTTP requests upstream. These options will be applicable to both HTTP1 and HTTP2 requests.


If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. see more info here:

"keepaliveProbes": int
"keepaliveTime": .google.protobuf.Duration
"keepaliveInterval": .google.protobuf.Duration

Field Type Description
keepaliveProbes int Maximum number of keepalive probes to send without response before deciding the connection is dead.
keepaliveTime .google.protobuf.Duration The number of seconds a connection needs to be idle before keep-alive probes start being sent. This is rounded up to the second.
keepaliveInterval .google.protobuf.Duration The number of seconds between keep-alive probes. This is rounded up to the second.


"idleTimeout": .google.protobuf.Duration
"maxHeadersCount": int
"maxStreamDuration": .google.protobuf.Duration

Field Type Description
idleTimeout .google.protobuf.Duration The idle timeout for connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. If the connection is an HTTP/2 downstream connection a drain sequence will occur prior to closing the connection, see :ref:drain_timeout <>. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0. .. warning:: Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP FIN packets, etc.
maxHeadersCount int The maximum number of headers. If unconfigured, the default maximum number of request headers allowed is 100. Requests that exceed this limit will receive a 431 response for HTTP/1.x and cause a stream reset for HTTP/2.
maxStreamDuration .google.protobuf.Duration Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be reset independent of any other timeouts. If not specified, this value is not set.
headersWithUnderscoresAction Action to take when a client request with a header name containing underscore characters is received. If this setting is not specified, the value defaults to ALLOW. Note: upstream responses are not affected by this setting.


Action to take when Envoy receives client request with header names containing underscore characters. Underscore character is allowed in header names by the RFC-7230 and this behavior is implemented as a security measure due to systems that treat ‘_’ and ‘-’ as interchangeable. Envoy by default allows client request headers with underscore characters.

Name Description
ALLOW Allow headers with underscores. This is the default behavior.
REJECT_REQUEST Reject client request. HTTP/1 requests are rejected with the 400 status. HTTP/2 requests end with the stream reset. The “httpN.requests_rejected_with_underscores_in_headers” counter is incremented for each rejected request.
DROP_HEADER Drop the header with name containing underscores. The header is dropped before the filter chain is invoked and as such filters will not see dropped headers. The “httpN.dropped_headers_with_underscores” is incremented for each dropped header.