Connection resets / timout with Varnish 6.0 and HTTP/2

[Dridi Boukelmoune]

Hello Thomas,

On Wed, Jul 4, 2018 at 10:43 AM, Winkelmann, Thomas (RADIO TELE FFH -
Online) <t.winkelmann at ffh.de> wrote:
> Hello everbody,
>
> finally we got Varnish 6.0 + Vmods + Hitch TLS running on Ubuntu. So far
> everything works fine, also HTTP/2 Support.
>
<snip>
>
> We had some similar problems in the past with HTTPS. We could solve them by
> adding:
>
> net.ipv4.ip_local_port_range = 4096 64999
> net.ipv4.tcp_tw_reuse = 1
>
> to /etc/sysctl.conf But this seems to be not the problem here.

Thanks again for reporting both your problem and solution.

> As soon as we remove alpn-protos = "h2,http/1.1" from hitch.conf everything
> is working normally.
>
> Are there any limitations regarding HTTP/2 within varnish?
>
<snip>
>
> We already searched on the varnish github account for similar problem, but
> did not found anything...

You may have run into a known worker thread leak [1] that could be
caused by either misbehaving browsers or bugs in our h2 stack. Leaking
too many threads may put your varnish in a deadlock [2] situation that
we have yet to fix (but much less likely in the absence of the
aforementioned leak).

Could you please try building from source my 6.0 branch [3] that is
work in progress towards a 6.0.1 release? You may still run into a
crash but I'm waiting for a test case to be written before resuming
the back-porting effort.

You will likely need to rebuild your modules too, because unless I'm
confusing you with someone else I'm pretty sure you were referring
to our varnish-modules [5] collection of VMODs.

Thanks,
Dridi

[1] https://github.com/varnishcache/varnish-cache/issues/2623
[2] https://github.com/varnishcache/varnish-cache/issues/2418
[3] https://github.com/dridi/varnish-cache/tree/6.0
[4] https://github.com/varnishcache/varnish-cache/issues/2572#issuecomment-402075064
[5] https://github.com/varnish/varnish-modules