BackendTraffic policy maxConnectionDuration continues

[cccsss01]

Description:
I'm not entirely confident i'm implementing this correctly but the behavior i'm seeking is to set a limit to how long a session is established and forcing it to end

when implementing a backend traffic policy to an httproute and setting maxConnectionDuration, I expect the route to close, and the application ti not accept requests, however, this doesn't seem to be the case

Repro steps:

Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
name: example-app
namespace: example
spec:
targetRefs:

• group: gateway.networking.k8s.io
  kind: HTTPRoute
  name: example-app
  timeout:
  http:
  maxConnectionDuration: 60s

Note: If there are privacy concerns, sanitize the data prior to
sharing.

Environment:

Include the environment like gateway version, envoy version and so on.

currently running 1.2.4, w/ distroless envoyproxy 1.32.1

Logs:

Include the access logs and the Envoy logs.

[guydc]

Hi @cccsss01,

This parameter determines how long a TCP connection from Envoy to your Backend would exist before being closed. Envoy may create multiple connections, depending on the amount of traffic that the gateway receives and the existing idle connections in the connection pool. If there is no available connection (because existing connections are either used or were all closed after maxConnectionDuration), Envoy would establish a new connection to serve incoming requests.

In other words, this setting would not stop traffic from reaching your backend. It would only shorten the lifespan of the connections that are used for forwarding traffic.

On a per-connection level, please note that the this timeout would not disrupt existing request/response sequences in flight. Requests are allowed to finish before the connection is gracefully terminated.

max_connection_duration
(Duration) The maximum duration of a connection. The duration is defined as a period since a connection was established. If not set, there is no max duration. When max_connection_duration is reached, the drain sequence will kick-in. The connection will be closed after the drain timeout period if there are no active streams.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#config-core-v3-httpprotocoloptions

Can you describe in more detail what you're trying to achieve?

[cccsss01]

I'm trying to require a timelimit on the session, i.e. can't last more than 1 hour. This, I think is the same functunality as sessionPersistence:
absoluteTimeout: w/in gatewayapi

I'd like something like a sesson Maxage, implementable at the proxy.

[guydc]

Envoy Gateway implements cookie-based session persistence with the ability to determine the Max Age through the BackendTrafficPolicy: https://gateway.envoyproxy.io/v1.2/tasks/traffic/load-balancing/#cookie. But, please note that this is merely for affinity purposes.

The term session is overloaded. Are you referring to an applicative session that is being managed by your backend?

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days.