- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 2 May 2014 11:31:54 -0700
- To: Daniel Sommermann <dcsommer@fb.com>
- Cc: William Chan (ιζΊζ) <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>
On 2 May 2014 10:42, Daniel Sommermann <dcsommer@fb.com> wrote: > Now that Martin has clarified the possibility of receiving multiple GOAWAYs > in the text > (https://github.com/http2/http2-spec/commit/d00b4f82001305a5d01e810a7b45140223cb2d08), > I have submitted https://github.com/http2/http2-spec/pull/475/files to make > the graceful shutdown mechanism explicit in the spec. I'd be happy to get > hear feedback on this proposed change. So that I can discuss this: + There is an inherent race condition when proxying from a HTTP/1.1 client to a HTTP/2 + server and the server goes down for maintenance. Since some in-flight client requests may + be unacknowledged by the server GOAWAY and there is no way to retry these requests, + servers SHOULD implement a two phase shutdown for maintenance. In the first phase, the + server sends a GOAWAY with NO_ERROR and a last stream id equal to 2^31 - 1. After at + least 1/2 RTT elapses, the server sends a second GOAWAY with NO_ERROR and the last stream + id it actually accepted. I think that this is a problem with intermediation in general. And there may even be some clients that are unable to retry for other reasons (intermediaries aren't the only entities that attempt to minimize their state commitment). Half an RTT is definitely not enough. From the server perspective it needs to be >1RTT. Maybe: A client that is unable to retry requests loses all requests that are in flight when a server closes down a connection. This is especially true for intermediaries that might not be serving clients using HTTP/2. If the server is attempting to gracefully shut down a connection, it can send an initial GOAWAY frame with the last frame identifier set to 2<x:sup>31</x:sup>-1 and a <x:ref>NO_ERROR</x:ref> code. This signals to the client that a shutdown is imminent and that no further requests can be initiated. The server can then wait at least a round trip time to allow for requests that the client sent prior to receiving the GOAWAY frame before sending another GOAWAY frame with an updated last stream identifier. This ensures that a connection can be cleanly shut down without losing requests.
Received on Friday, 2 May 2014 18:32:22 UTC