Bring back Trafficserver DNS configuration to try and improve resilience

Now that Envoy may be a remote server, it's possible it requires DNS lookups to connect. So bring back some of our older configuration to explicitly configure the DNS and keepalive settings, but with hard-coded long timeouts to try and ensure any DNS outages don't affect the Trafficserver to Envoy communication hop.
NREL · Jan 25, 2024 · 5747286 · 5747286
1 parent cd8bed0
commit 5747286
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/src/api-umbrella/utils/generate_runtime_config.lua b/src/api-umbrella/utils/generate_runtime_config.lua
@@ -288,6 +288,7 @@ local function set_computed_config(config)
   end
   if #config["dns_resolver"]["_nameservers_nginx"] > 0 then
     config["dns_resolver"]["_nameservers_nginx"] = table.concat(config["dns_resolver"]["_nameservers_nginx"], " ")
+    config["dns_resolver"]["_nameservers_trafficserver"] = config["dns_resolver"]["_nameservers_nginx"]
   else
     config["dns_resolver"]["_nameservers_nginx"] = nil
   end

diff --git a/templates/etc/trafficserver/records.config.etlua b/templates/etc/trafficserver/records.config.etlua
@@ -171,6 +171,27 @@ CONFIG proxy.config.http.response_server_enabled INT 0
 # that each host gets cached separately.
 CONFIG proxy.config.url_remap.pristine_host_hdr INT 1
 
+# Set the DNS nameservers used to potentially resolve a remote envoy layer.
+CONFIG proxy.config.dns.resolv_conf STRING NULL
+<% if config["dns_resolver"]["_nameservers_trafficserver"] then %>
+CONFIG proxy.config.dns.nameservers STRING <%= config["dns_resolver"]["_nameservers_trafficserver"] %>
+<% end %>
+
+<% if config["dns_resolver"]["allow_ipv6"] then %>
+CONFIG proxy.config.hostdb.ip_resolve STRING ipv4;ipv6;only
+<% else %>
+CONFIG proxy.config.hostdb.ip_resolve STRING ipv4;only
+<% end %>
+
+# Allow old DNS results to be used while new ones are fetched in the
+# background. Since we're only resolving the possible remote envoy host at this
+# layer, this just helps things remain up even if DNS goes down temporarily.
+CONFIG proxy.config.hostdb.serve_stale_for INT 5184000 # 60 days
+
+# For hosts that don't exist, remember the invalid DNS responses, since we
+# assume the Envoy resolution really shouldn't fail.
+CONFIG proxy.config.hostdb.fail.timeout INT 5184000 # 60 days
+
 # Use more standard round-robin for DNS results (rather than sticky).
 CONFIG proxy.config.hostdb.strict_round_robin INT 1
 
@@ -179,6 +200,11 @@ CONFIG proxy.config.hostdb.strict_round_robin INT 1
 CONFIG proxy.config.net.sock_option_flag_in INT 3
 CONFIG proxy.config.net.sock_option_flag_out INT 3
 
+# Keepalive connections to backend Envoy server. Retain some idle connections
+# open to improve performance.
+CONFIG proxy.config.http.keep_alive_no_activity_timeout_out INT <%= config["router"]["api_backends"]["keepalive_idle_timeout"] %>
+CONFIG proxy.config.http.per_server.connection.min INT <%= config["router"]["api_backends"]["keepalive_connections"] %>
+
 <% if config["envoy"]["scheme"] == "https" then %>
 CONFIG proxy.config.ssl.client.verify.server.properties STRING ALL
 CONFIG proxy.config.ssl.client.verify.server.policy STRING ENFORCED