Skip to content

fix: detect dead nodes via HTTP/2 keepalives (Issue #1001) #1025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
loverustfs merged 2 commits into from
Dec 6, 2025
Merged

fix: detect dead nodes via HTTP/2 keepalives (Issue #1001) #1025

loverustfs merged 2 commits into from
Dec 6, 2025
+58 −2

Conversation

@Jitterx69
Copy link
Contributor

@Jitterx69 Jitterx69 commented Dec 6, 2025

Resolution for Issue #1001

This PR resolves the issue where the cluster becomes unresponsive after a node experiences an abrupt power-off.

The Fix

Configures the internal gRPC client (crates/protos/src/lib.rs) to use active Application-Layer Heartbeats:

  • HTTP/2 PING Interval: 5 seconds
  • Timeout: 3 seconds
  • TCP Keepalive: 10 seconds (Backup)

Verification

  • Surviving nodes now detect dead peers in ~8 seconds.
  • cargo check, cargo test, and cargo clippy passed.

@CLAassistant
Copy link

CLAassistant commented Dec 6, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Jitterx69
fix(protos): enable app-layer keepalives (rustfs#1001)
3eca2e3 
Enables HTTP/2 keepalives and TCP keepalives in gRPC client to detect dead nodes (e.g., power loss) in ~8 seconds, preventing cluster hangs.
@Jitterx69 Jitterx69 force-pushed the fix/issue-1001-dead-node-detection branch from ed586d9 to 3eca2e3 Compare December 6, 2025 10:38
@0xdx2 0xdx2 requested a review from Copilot December 6, 2025 11:05
Copilot AI reviewed Dec 6, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR resolves issue #1001 where the cluster becomes unresponsive after a node experiences an abrupt power-off by implementing HTTP/2 keepalive mechanisms for faster dead node detection.

Key Changes:

  • Configured gRPC client with HTTP/2 PING frames (5s interval, 3s timeout) for active health checking
  • Reduced dead node detection time from ~15+ minutes to ~8 seconds
  • Added comprehensive documentation explaining the root cause, solution, and configuration

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
docs/cluster_recovery.md New documentation explaining the power-off recovery issue, technical approach, and implementation details
crates/protos/src/lib.rs Enhanced gRPC endpoint configuration with HTTP/2 keepalive, TCP keepalive, and timeout settings
Cargo.lock Dependency lock file update (unrelated transitive dependency changes)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

docs/cluster_recovery.md
- The system "hung" indefinitely, unlike the immediate recovery observed during a graceful process termination (`kill`).

**Root Cause**:
The standard TCP protocol does not immediately detect a silent peer disappearance (power loss) because no `FIN` or `RST` packets are sent. Without active application-layer heartbeats, the surviving nodes kept connections implementation in an `ESTABLISHED` state, waiting indefinitely for responses that would never arrive.
Copy link

Copilot AI Dec 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spelling error: "implementation" should be "in an". The phrase should read "kept connections in an ESTABLISHED state" rather than "kept connections implementation in an ESTABLISHED state".

Suggested change
The standard TCP protocol does not immediately detect a silent peer disappearance (power loss) because no `FIN` or `RST` packets are sent. Without active application-layer heartbeats, the surviving nodes kept connections implementation in an `ESTABLISHED` state, waiting indefinitely for responses that would never arrive.
The standard TCP protocol does not immediately detect a silent peer disappearance (power loss) because no `FIN` or `RST` packets are sent. Without active application-layer heartbeats, the surviving nodes kept connections in an `ESTABLISHED` state, waiting indefinitely for responses that would never arrive.

Copilot uses AI. Check for mistakes.
@loverustfs loverustfs merged commit b10d80c into rustfs:main Dec 6, 2025
14 checks passed
@weisd
Copy link
Contributor

weisd commented Dec 6, 2025

Uploading and downloading don’t use tonic rpc. Instead, they use HttpReader from crates/rio. Maybe we can work in this direction.

@Jitterx69
Copy link
Contributor Author

Jitterx69 commented Dec 6, 2025

Uploading and downloading don’t use tonic rpc. Instead, they use HttpReader from crates/rio. Maybe we can work in this direction.

Indeed, talk more about this. So that I can help fixing that.

@loverustfs loverustfs mentioned this pull request Dec 7, 2025
Open
This was referenced Dec 7, 2025
Closed
Merged
Copilot AI mentioned this pull request Dec 8, 2025
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Jitterx69 @CLAassistant @weisd @loverustfs