On Sat, Mar 26, 2022 at 08:49:14PM +0100, Lukas Tribus wrote: > Hello Willy, > > On Sat, 26 Mar 2022 at 10:22, Willy Tarreau <w...@1wt.eu> wrote: > > A change discussed around previous announce was made in the H2 mux: the > > "timeout http-keep-alive" and "timeout http-request" are now respected > > and work as documented, so that it will finally be possible to force such > > connections to be closed when no request comes even if they're seeing > > control traffic such as PING frames. This can typically happen in some > > server-to-server communications whereby the client application makes use > > of PING frames to make sure the connection is still alive. I intend to > > backport this after some time, probably to 2.5 and later 2.4, as I've > > got reports about stable versions currently posing this problem. > > While I agree with the change, actually documented is the previous behavior. > > So this is a change in behavior, and documentation will need updating > as well to actually reflect this new behavior (patch incoming). > > I have to say I don't like the idea of backporting such changes. We > have documented and trained users that H2 doesn't respect "timeout > http-keep-alive" and that it uses "timeout client" instead. We even > argued that this is a good thing because we want H2 connections to > stay up longer. I suggest not changing documented behavior in bugfix > releases of stable and stable/LTS releases.
These are interesting points. Actually these previous choices came from technical limitations back then and from some wrong assumptions from me that we would like H2 connections to last longer in order to amortize the TLS setup cost. But nowadays TLS is equally used both for H1 and H2, which makes my assumption wrong. Aside the two lines that your patch reverted from these options, I'm seeing that all the justification in the timeouts essentially speak about HTTP without specific version since this is more about a user behavior in front of a browser than a technical connection behavior. And given that the introduction of H2 post-dates the timeouts and nowadays one can receive H2 traffic without having revisited their docs, I think it's fair to assume that most users who care about these timeouts have likely set them before enabling H2 and do have expectations about their effectiveness that were not met. Thus I tend to think that it can be argued both ways. I'm not seeing an emergency in backporting this, so I'm fine with waiting for more reports of surprises before reconsidering this option. But that's definitely something I don't want to rule out for the reasons above. Thanks! Willy
