Description
It would be helpful to add resource monitors to track the number of sockets used for (1) downstream connections, (2) active requests and (3) possibly upstream connections in order to provide better protection against resource attacks against configured fd rlimits. Tracking these counts proxy-wide should be sufficient. The motivations behind this enhancement include a desire for more consistent configuration of resource limits and actions we can take when approaching overload, recently introduced parameters to limit the max number of client connections (globally or per listener) to protect against fd rlimit attacks, and the introduction of more graceful options to handle increases in resource usage, including the introduction of adaptive HTTP request timeouts in #11427.
Possible future enhancements:
- A resource pressure signal based on number of upstream connections would benefit from some additional overload actions specific to upstream connections, including reductions in idle upstream connection timeouts, disabling of keep-alive or adjustments to prefetch logic.
- Being able to configure thresholds and apply overload manager actions to client connections associated with specific listeners in order to prioritize connections to specific listeners. That said, I don't think our deployment scenarios have an immediate need for such a hook.