Skip to content

Implement primitive flow control for server -> agent direction#4

Closed
danielfoehrKn wants to merge 1 commit into
masterfrom
dfoehr/flow-control
Closed

Implement primitive flow control for server -> agent direction#4
danielfoehrKn wants to merge 1 commit into
masterfrom
dfoehr/flow-control

Conversation

@danielfoehrKn

@danielfoehrKn danielfoehrKn commented Oct 14, 2025
edited
Loading

Copy link
Copy Markdown

This adds a primitive application-layer flow control in the server -> agent direction.

The goal of this implementation is to tell the server to stop sending packets for this specific overlay connection when this per-connection buffer runs full.

Fundamentally, this implementation relies on the guarantees of grpc (http/2 and tcp) with TCP guaranteeing in-order delivery of the application-layer data without any loss or corruption.

  • we don't need to implement packet sequencing etc.

The agent already today implements a kind of receive buffer via a buffered channel the size of the xfr channel size.
Because we get guaranteed packet ordering plus delivery, we can implement a simple per-packet ACK protocol to inform the server about the size of the agent's receive buffer. However, note that a sender does not have to wait for an ACK for packet t, before it can send out packet t+1- but can keep sending while the agents receive buffer is not full.

Flow

  1. Agent tells the server about its receive window size (currently set to the xfr channel size)
  2. Server initiates a semaphore with the size of the agents receive window
  3. Server acquires the semaphore with weight 1 and then sends a packet to the agent
  • if the semaphore is at size == 0, then this blocks until the server has received a DATA_ACK for this connection
  1. Agent sends a DATA_ACK packets back to the agent just before it sends the packet to the endpoint in the tenant
  2. Server receives the DATA_ACK for this connection. Releases the semaphore with weight 1
  • this adds + 1 to the semaphore and could unblock a waiting goroutine

NOTE: there are obvious performance improvements such as batch ACK of packets etc ---> but this is a PoC + but the konnectivity proxy is anyways not designed for high throughput scenarios (more for log streaming, execs, webhook deliveries in K8s).

NOTE 2: on the server side serving the API Server, this implements the flow control for both the HTTPConnect and grpc frontends.

NOTE 3: there are a bunch of comments in the code where we could insert flow control for the opposite direction, but that can be ignored for now.

ChandonPierre
ChandonPierre reviewed Oct 14, 2025
View reviewed changes
Comment thread pkg/agent/client.go Outdated
@danielfoehrKn danielfoehrKn force-pushed the dfoehr/flow-control branch 3 times, most recently from ee7a59c to 97acaa9 Compare October 15, 2025 01:51
@danielfoehrKn

danielfoehrKn commented Oct 15, 2025

Copy link
Copy Markdown
Author

closee in favour of #5

@danielfoehrKn danielfoehrKn deleted the dfoehr/flow-control branch October 15, 2025 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChandonPierre ChandonPierre ChandonPierre left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danielfoehrKn @ChandonPierre