Page MenuHomePhabricator
Create Task
Maniphest T86650

Add support for setting weight=0 when depooling
Closed, DeclinedPublic
Actions

Description

We currently use the LVS source hash (sh) scheduler for HTTPS traffic, as a way to keep client connected to specific HTTPS terminators and avoid renegotiating their TLS session parameters. However, this means that currently a a penalty is incured for all users whenever a server is depooled (all IPs are reshuffled).

To address this, we need to switch our depooling method from removing the server from the pool entirely, to keeping it in the pool but setting it at weight 0, which is explicitly supported by LVS. Pybal needs to explicitly support this.

Details

SubjectRepoBranchLines +/-
Add no-gravity configuration optionoperations/debs/pybalmaster+98 -26
Customize query in gerrit

Related Objects
Search...

Event Timeline

faidon created this task.Jan 13 2015, 1:45 PM
faidon assigned this task to BBlack.
faidon raised the priority of this task from to High.
faidon updated the task description. (Show Details)
faidon added projects: HTTPS-by-default, ops-core, PyBal.
faidon added subscribers: Aklapper, faidon, mark.
mark added a comment.Jan 13 2015, 1:48 PM

Let's make this a configurable boolean option per LVS service.

gerritbot added a project: Patch-For-Review.Jan 29 2015, 10:23 AM
gerritbot subscribed.

Change 187346 had a related patch set uploaded (by Mark Bergsma):
Add no-gravity configuration option

https://gerrit.wikimedia.org/r/187346

Patch-For-Review

mark added a comment.Jan 29 2015, 10:25 AM

This way of working with server state variables in PyBal is becoming quite unpleasant. It would probably make sense to rewrite this with a decent state machine at some point.

This changes a lot and is likely to break things. We could do a minimal version instead, which doesn't support the current model of removing/readding servers at all, and ONLY does 0 weight.

BBlack added a project: Traffic.Apr 22 2015, 2:40 PM
BBlack set Security to None.
fgiunchedi subscribed.Jun 19 2015, 6:51 PM

FWIW, relevant patch upstream http://archive.linuxvirtualserver.org/html/lvs-devel/2013-06/msg00055.html to support choosing a fallback realserver on weight=0 for sh and optionally hash on client source port

BBlack added a comment.Jun 20 2015, 12:11 AM

Yes, and that patch only exists in kernel v3.11 and higher. Luckily, even on the LVS balancers that are still precise, we upgraded to 3.13 kernels manually some time back, so we should be good here even if we continue to be lazy about upgrading the LVS clusters to jessie.

BBlack added a comment.Jun 20 2015, 12:29 AM

That made me go and review all of this, though, and there is one minor issue: the flag for doing smart things on weight=0 exists in kernels 3.11 or higher, but there has never been a new release of the commandline ipvsadm tools which support setting that flag AFAICS. I checked the source just in case, but it should be obvious from the fact that the kernel patch for these new flags was in 2013, and the last upstream ipvsadm software release was in 2011 :/ I double-checked debian's package in case they had locally patched it in, but nope.

So, in addition to the generic weight=0 support in pybal, we probably need to hack up ipvsadm a bit. The patch should be fairly trivial (new C-level flag defines, new commandline arguments to flip them on in the existing flags field). We can do it as a debian/patches/ in a local build here, and then maybe try to get one of the two levels of upstream to update as well, either debian or the ipvs project (although given they haven't released in over 4 years, so who knows on that front?).

fgiunchedi added a comment.Jun 23 2015, 1:37 AM

looks like the last ipvsadm release is 1.28 from feb 2015 at https://www.kernel.org/pub/linux/utils/kernel/ipvsadm/ not yet packaged in debian tho

BBlack added a comment.Jun 23 2015, 4:34 AM

I didn't even see the 1.28 package hiding out on kernel.org! It does have the appropriate flag in it. Perhaps we can put this through the debian process and then pick it from unstable/testing/backports instead of locally hacking on it.

fgiunchedi added a comment.Jun 23 2015, 5:45 PM

hah I was actually wrong, 1.28 is in debian experimental, https://packages.debian.org/source/experimental/ipvsadm see also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775930 I've asked for unstable upload plans

BBlack removed a project: HTTPS-by-default.Aug 7 2015, 4:56 PM
Restricted Application added a subscriber: Matanya. · View Herald TranscriptAug 7 2015, 4:56 PM
BBlack removed BBlack as the assignee of this task.Aug 7 2015, 5:16 PM
BBlack lowered the priority of this task from High to Low.
BBlack added a comment.Aug 7 2015, 5:18 PM

I think at this point, this has fallen down to the nice-to-have category, but may not be worth the effort. The majority of our sessions are fresh (re-)negotiations even with the ipvs sh algorithm in place and we have tons of CPU headroom, so it just hasn't been a big issue that we spike re-negotiation a bit on depools (which aren't that common anyways). We're likely better off at this point investing our effort into things that make it even less of an issue or even get us back to using wrr (such as RFC5077 support).

fgiunchedi added a comment.Dec 1 2015, 12:09 PM

FWIW ipvsadm 1.28 is in stretch, once all pybal machines are jessie we could backport it to jessie-backports

BBlack moved this task from Backlog to LoadBalancer on the Traffic board.Sep 30 2016, 2:05 PM
ema mentioned this in T171850: Backport ipvsadm.Jul 27 2017, 2:10 PM
ema raised the priority of this task from Low to High.Jul 28 2017, 4:19 PM
BBlack added a parent task: T172103: IPVS issues with UDP services, pybal depooling strategy.Jul 31 2017, 3:17 PM
BBlack added a parent task: T172124: PyBal Feature: progressive depooling strategy for monitored failures.Jul 31 2017, 3:27 PM
gerritbot added a comment.Mar 23 2018, 12:20 PM

Change 187346 abandoned by Mark Bergsma:
Add no-gravity configuration option

Reason:
Pybal is being redesigned around FSMs, and it would make a lot of sense and be much more robust to implement this feature on top of that work instead of the current code.

https://gerrit.wikimedia.org/r/187346

mark moved this task from Backlog to Blocked on the PyBal board.Jul 25 2018, 10:56 AM
ArielGlenn removed a project: Patch-For-Review.Aug 30 2018, 2:42 PM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 7:58 PM
Joe mentioned this in T245594: Many objects in conftool have pooled=yes, weight=0.Feb 19 2020, 10:12 AM
BBlack edited projects, added Traffic-Icebox; removed Traffic.Sep 1 2021, 11:21 PM

The swap of Traffic for Traffic-Icebox in this ticket's set of tags was based on a bulk action for all such tickets that haven't been updated in 6 months or more. This does not imply any human judgement about the validity or importance of the task, and is simply the first step in a larger task cleanup effort. Further manual triage and/or requests for updates will happen this month for all such tickets. For more detail, have a look at the extended explanation on the main page of Traffic-Icebox . Thank you!

BCornwall subscribed.Feb 3 2023, 9:18 PM

This ticket seems contingent on our usage of the sh scheduler. How relevant is it when we eventually switch to the mh scheduler? (T263797)

BCornwall closed this task as Declined.May 2 2023, 8:14 PM

Hello!

PyBal's role at WMF will be replaced with an upcoming project. As such, the traffic team has decided to freeze development of non-trivial changes for stability/predictability. While we would love to service this ticket we do not have the resources to devote to PyBal any more. To keep our work queue organized and prioritized, I will decline this ticket.

(For the unlikely case of PyBal's continued usage here's a common search string to search for re-opening these declined tickets: aiZ6ohm6)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL