I have an concordia-production-web app with a request that can take over 60 seconds. Is it possible to increase the timeout to 120 sec
@nickolay.loshkarev Is this request impossible to make into a streaming request, like a websocket, server sent event or even just a streamed response (you can send the headers first and then body later).
We canât really increase the timeout directly, but Iâm happy to help you figure out a way to start sending a response within a few seconds so Fly knows youâre going to accept the connection, and then you can take much longer than 60 seconds as long as youâre streaming data out.
If you can share you tech stack and some info about your particular use case Iâm happy to help get it working.
We can make this change for customers on our Enterprise plan, though, so if weâre not able to make it work that is still an option. But most HTTP frameworks support some level of streaming, so thatâs unlikely to be necessary.
Wait: Whatâs an âenterpriseâ plan? Doesnât kurt despise cloudflare much for their âenterprise-plan onlyâ shenanigans⌠
Also, do the 120s timeout (are they read or connection timeouts?) apply to even raw tcp conns OR just the http ones fly proxies and the tls ones fly terminates?
Whatâs the timeout for udp nat?
We have an internal setting for controlling the timeout for customers with specific needs.
We do not like enterprise features like that, but we do need to protect our resources. Open file descriptors can be exhausted if a lot of connections are left open on the same hosts.
Bandwidth is a different game. We have fairly large pipes on all our hosts, we should be able to handle bandwidth requirements for most apps, the pricing is pretty clear on that 
The âenterpriseâ plan weâre thinking up concerns supports (via email, including a way to reach us faster during emergencies) and more relaxed limits for app instances (such as the timeout weâre talking about here, but also things like connection backlogs, concurrent TLS handshakes, etc.). Basically, dedicated resources for the proxy, as opposed to the current multitenant-only model.
These plans arenât ready yet! Just thinking about them.
Itâs 60 seconds.
Applies to both HTTP and raw TCP. Theyâre âidleâ timeouts. If no data is read or written within 60s, the connection is forcefully closed. It applies for both edge connections and connections we make to your app instances.
UDP is connection-less and doesnât require timeouts.
1 Like
Thanks for the detailed answer. I was only taking a dig. Sure, AWS-esque Enterprise support makes sense. All top paying customers even had direct access to engs on our team (at AWS) who were free to spend weeks addressing just that one customerâs need.
Re: UDP: Apologies. I should have been clearer what I meant by timeout for UDP NAT.
When the data sent by the client is fragmented over multiple UDP packets (as with large DNS responses, or even WireGuard for that matter), itâs not ideal to have those fragments routed to different servers. Take QUIC (rfc9000), for instance: Http requests/responses are likely to be fragmented over multiple UDP packets, where the state of the http connection, as it were, is maintained by the application.
The recommended timeout to keep a map of UDP flows around is 5mins (rfc4787 req5) though most routers only keep them for 30s, some for 2mins. My query was, whatâs the timeout at flyâs load balancer (fly-lb)? Or, am I gravely mistaken and fly-lb doesnât need to track UDP flows?
We donât track UDP flows, exactly. We just send UDP packets to the nearest VM. The expectation is that youâll do UDP load balancing from there.
If your VM dies, or you deploy a new app, you can âbreakâ a stateless connection implemented over UDP.
1 Like
Thanks. IIUC, if there are 3 VMs, say, in the same region, any of those 3 could get sent UDP packets, even if sent by the same client ip-port?
If so, that might break things unless the VMs are careful handling such traffic. Does fly intend to sticky route UDP packets anytime in the near future?
If there are 3 VMs alive, each of our edge servers gets a âpinnedâ VM and sends every UDP packet it receives to the same app VM. Itâs dumber than youâd think, it literally just sends the packet to the first VM it sees in a sorted list.
Most people run one VM per region for UDP work. So far we havenât had anyone need to scale out to support giant amounts of UDP traffic, even using the one VM to do protocol / app specific balancing has been enough.
1 Like
Between DNS, WireGuard, and http/3 our workloads are overwhelmingly UDP. But our scale isnât earth shattering to matter much.
Pinning traffic to VMs does help. I just hope all edge servers donât send traffic to the same VM. It would be cool for edge to distribute the load as in a consistent-hashing / maglev-hashing scheme. Some dayâŚ
-
Still: We could impl such a router in our VMs to steer traffic as we please via flyâs 6pn, hashing on clientâs ip-port, say. But: Is the assumption that edge servers preserve client ip-port when forwarding packets, true?
-
Do gossip over 6pn within the same region count towards egress bandwidth?
Hi @sudhir.j weâre migrating a larger old rails app from AWS, some actions will take time for us to rewrite like generating pdfs.
Weâre using rails and the wicked_pdf gem and our pdfs use the built in pdf format renderer:
format.pdf do
render :pdf => "#{@ledger.actor.name}_ledger",
:encoding => 'utf8'
end
Changing this to stream would require a fair amount of work on the upstream library, in the interim if we could change the concordia account apps to a 120s timeout that would really help us go live sooner.
Not a ruby expert, but I believe from what @jerome wrote above, sending keep-alives should leave the connection intact⌠Sending TCP keepalives in Ruby - makandra dev If not, youâd then need an explicit timeout increase specific for your app / account.
The render :pdf complicates things a bit. Rails does support streaming, so sending the headers first should tell the both the proxy and the browser that something is coming. There probably is a way to do this by doing streaming or hijacking the connection directly, but I donât have enough context to suggest one just yet.
I wonder what the timeout is in browsers, though â it seems like theyâd give up long before Fly, but Iâm not sure what value is set on each of them.
Think itâs around 5 mins in chrome for the browser timeout.
We have another app weâre migrating for a client that also might need a timeout bump, but this time iâm not sure we could stream it if we wanted to due to the time is takes to calculate the data, perhaps we could stream something, while we wait for the actual data.
Yeah, thereâs also some options depending on what kind of request it is.
A file or report download could stream CSVs as you go, a if youâre making a zip file out of smaller files youâre especially in luck, the zip format is very stream-y and I actually managed to make a streamer for zips GitHub - sudhirj/zippo: Get a zip full of a list of file URLs provided.
PDFs are difficult, I donât think itâs possible to send anything out until the PDF is done.
HTML can be streamed by sending the headers first, Rails has a streaming system. Elixir/Phoenix etc can handle this really easily as well.
SSEs and web sockets are of course the easiest, can open the connection and send a ping once every few seconds until the data is ready.
If you have a job system, you can send in a loading indicator HTML page with a ârefreshâ meta tag on it so it keeps reloading every N seconds, and you can check the job status each time and render the result when itâs ready.
Lots of ways to handle this, but yeah, if this is human facing Iâd be pretty surprised if people sit quietly for that long and nothing happens in between. API calls will tend to have a timeout on the client anyway. So either way Iâd be quite surprised at a long term solution that just kept a client waiting for so long with no indicators.