Http2 to origin

doc/admin-guide/files/records.yaml.en.rst

@@ -4026,10 +4026,14 @@ Client-Related Configuration
 
    Sets the ALPN string that |TS| will send to the origin in the ClientHello of TLS handshakes.
    Configuring this to an empty string (the default configuration) means that the ALPN extension
-   will not be sent as a part of the TLS ClientHello.
+   will not be sent as a part of the TLS ClientHello, resulting in HTTP/1.x being negotiated for all
+   origin-side connections.
 
    Configuring the ALPN string provides a mechanism to control origin-side HTTP protocol
-   negotiation. Configuring this requires an understanding of the ALPN TLS protocol extension. See
+   negotiation. Including ``h2`` in the ALPN list is required for negotiatnge origin-side HTTP/2
+   connections.
+
+   Configuring this requires an understanding of the ALPN TLS protocol extension. See
    `RFC 7301 <https://www.rfc-editor.org/rfc/rfc7301.html>`_ for details about the ALPN protocol.
    See the official `IANA ALPN protocol registration
    <https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids>`_
@@ -4044,6 +4048,7 @@ Client-Related Configuration
 
     - ``http/1.0``
     - ``http/1.1``
+    - ``h2``
 
    Here are some example configurations and the consequences of each:
 
@@ -4066,6 +4071,9 @@ Client-Related Configuration
                                     is currently not supported by |TS|.)
    ================================ ======================================================================
 
+   Note that this is an overridable configuration, so the ALPN can be configured on a per-origin
+   basis via the :ref:`admin-plugins-conf-remap` plugin.
+
 .. ts:cv:: CONFIG proxy.config.ssl.async.handshake.enabled INT 0
 
    Enables the use of OpenSSL async job during the TLS handshake.  Traffic
@@ -4186,13 +4194,30 @@ HTTP/2 Configuration
    Reloading this value affects only new HTTP/2 connections, not the
    ones already established.
 
+.. ts:cv:: CONFIG proxy.config.http2.max_concurrent_streams_out INT 100
+   :reloadable:
+
+   The maximum number of concurrent streams per outbound connection.
+
+.. note::
+
+   Reloading this value affects only new HTTP/2 connections, not the
+   ones already established.
+
 .. ts:cv:: CONFIG proxy.config.http2.min_concurrent_streams_in INT 10
    :reloadable:
 
    The minimum number of concurrent streams per inbound connection.
    This is used when :ts:cv:`proxy.config.http2.max_active_streams_in` is set
    larger than ``0``.
 
+.. ts:cv:: CONFIG proxy.config.http2.min_concurrent_streams_out INT 10
+   :reloadable:
+
+   The minimum number of concurrent streams per outbound connection.
+   This is used when :ts:cv:`proxy.config.http2.max_active_streams_out` is set
+   larger than ``0``.
+
 .. ts:cv:: CONFIG proxy.config.http2.max_active_streams_in INT 0
    :reloadable:
 
@@ -4202,6 +4227,15 @@ HTTP/2 Configuration
    :ts:cv:`proxy.config.http2.min_concurrent_streams_in`.
    To disable, set to zero (``0``).
 
+.. ts:cv:: CONFIG proxy.config.http2.max_active_streams_out INT 0
+   :reloadable:
+
+   Limits the maximum number of connection wide active streams.
+   When connection wide active streams are larger than this value,
+   SETTINGS_MAX_CONCURRENT_STREAMS will be reduced to
+   :ts:cv:`proxy.config.http2.min_concurrent_streams_out`.
+   To disable, set to zero (``0``).
+
 .. ts:cv:: CONFIG proxy.config.http2.initial_window_size_in INT 65535
    :reloadable:
    :units: bytes
@@ -4212,6 +4246,16 @@ HTTP/2 Configuration
    :ts:cv:`proxy.config.http2.flow_control.policy_in` for how HTTP/2 stream and
    session windows are maintained over the lifetime of HTTP/2 sessions.
 
+.. ts:cv:: CONFIG proxy.config.http2.initial_window_size_out INT 65535
+   :reloadable:
+   :units: bytes
+
+   The initial HTTP/2 stream window size for outbound connections that |TS| as a
+   client advertises to the peer. See IETF RFC 9113 section 5.2 for details
+   concerning HTTP/2 flow control. See
+   :ts:cv:`proxy.config.http2.flow_control.policy_out` for how HTTP/2 stream and
+   session windows are maintained over the lifetime of HTTP/2 sessions.
+
 .. ts:cv:: CONFIG proxy.config.http2.flow_control.policy_in INT 0
    :reloadable:
 
@@ -4241,6 +4285,13 @@ HTTP/2 Configuration
          a way that shares the window equally among all concurrent streams.
    ===== ===========================================================================================
 
+.. ts:cv:: CONFIG proxy.config.http2.flow_control.policy_out INT 0
+   :reloadable:
+
+   Specifies the mechanism |TS| uses to maintian flow control via the HTTP/2
+   stream and session windows for outbound connections. See the corresponding :ts:cv:`proxy.config.http2.flow_control.policy_in`
+   configuration for details concerning how this configuration variable is used.
+
 .. ts:cv:: CONFIG proxy.config.http2.max_frame_size INT 16384
    :reloadable:
    :units: bytes
@@ -4301,6 +4352,13 @@ HTTP/2 Configuration
    misconfigured or misbehaving clients are opening a large number of
    connections without submitting requests.
 
+.. ts:cv:: CONFIG proxy.config.http2.no_activity_timeout_out INT 120
+   :reloadable:
+   :units: seconds
+
+   Specifies how long |TS| keeps connections to origins open if a
+   transaction stalls.
+
 .. ts:cv:: CONFIG proxy.config.http2.zombie_debug_timeout_in INT 0
    :reloadable:
 

doc/admin-guide/monitoring/statistics/core/http-connection.en.rst

@@ -183,6 +183,21 @@ HTTP/2
 
    Represents the current number of HTTP/2 active connections from client to the |TS|.
 
+.. ts:stat:: global proxy.process.http2.total_server_connections integer
+   :type: counter
+
+   Represents the total number of HTTP/2 connections from |TS| to the origin.
+
+.. ts:stat:: global proxy.process.http2.current_server_connections integer
+   :type: gauge
+
+   Represents the current number of HTTP/2 connections from |TS| to the origin.
+
+.. ts:stat:: global proxy.process.http2.current_active_server_connections integer
+   :type: gauge
+
+   Represents the current number of HTTP/2 active connections from |TS| to the origin.
+
 .. ts:stat:: global proxy.process.http2.connection_errors integer
    :type: counter
 

doc/admin-guide/monitoring/statistics/core/http-transaction.en.rst

@@ -165,6 +165,16 @@ HTTP/2
 
    Represents the current number of HTTP/2 streams from client to the |TS|.
 
+.. ts:stat:: global proxy.process.http2.total_server_streams integer
+   :type: counter
+
+   Represents the total number of HTTP/2 streams from |TS| to the origin.
+
+.. ts:stat:: global proxy.process.http2.current_server_streams integer
+   :type: gauge
+
+   Represents the current number of HTTP/2 streams from |TS| to the origin.
+
 .. ts:stat:: global proxy.process.http2.total_transactions_time integer
    :type: counter
    :units: seconds

iocore/eventsystem/I_EThread.h

@@ -48,6 +48,7 @@ class PreWarmQueue;
 
 class Event;
 class Continuation;
+class ConnectingPool;
 
 enum ThreadType {
   REGULAR = 0,
@@ -354,6 +355,7 @@ class EThread : public Thread
 
   ServerSessionPool *server_session_pool = nullptr;
   PreWarmQueue *prewarm_queue            = nullptr;
+  ConnectingPool *connecting_pool        = nullptr;
 
   /** Default handler used until it is overridden.
 

iocore/eventsystem/I_Thread.h

@@ -121,6 +121,7 @@ class Thread
   ProxyAllocator quicNetVCAllocator;
   ProxyAllocator http1ClientSessionAllocator;
   ProxyAllocator http2ClientSessionAllocator;
+  ProxyAllocator http2ServerSessionAllocator;
   ProxyAllocator http2StreamAllocator;
   ProxyAllocator httpSMAllocator;
   ProxyAllocator quicClientSessionAllocator;

iocore/net/UnixNetVConnection.cc

@@ -359,6 +359,7 @@ write_to_net_io(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
 {
   NetState *s       = &vc->write;
   ProxyMutex *mutex = thread->mutex.get();
+  Continuation *c   = vc->write.vio.cont;
 
   MUTEX_TRY_LOCK(lock, s->vio.mutex, thread);
 
@@ -443,6 +444,9 @@ write_to_net_io(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
   if (towrite != ntodo && !buf.writer()->high_water()) {
     if (write_signal_and_update(VC_EVENT_WRITE_READY, vc) != EVENT_CONT) {
       return;
+    } else if (c != s->vio.cont) { /* The write vio was updated in the handler */
+      write_reschedule(nh, vc);
+      return;
     }
 
     ntodo = s->vio.ntodo();

proxy/PoolableSession.h

@@ -85,6 +85,7 @@ class PoolableSession : public ProxySession
   bool is_private() const;
 
   virtual void set_netvc(NetVConnection *newvc);
+  virtual bool is_multiplexing() const;
 
   // Keep track of connection limiting and a pointer to the
   // singleton that keeps track of the connection counts.
@@ -237,3 +238,9 @@ PoolableSession::attach_hostname(const char *hostname)
     CryptoContext().hash_immediate(hostname_hash, (unsigned char *)hostname, strlen(hostname));
   }
 }
+
+inline bool
+PoolableSession::is_multiplexing() const
+{
+  return false;
+}

proxy/ProxyTransaction.cc

@@ -235,6 +235,34 @@ ProxyTransaction::get_version(HTTPHdr &hdr) const
   return hdr.version_get();
 }
 
+bool
+ProxyTransaction::is_read_closed() const
+{
+  return false;
+}
+
+bool
+ProxyTransaction::expect_send_trailer() const
+{
+  return false;
+}
+
+void
+ProxyTransaction::set_expect_send_trailer()
+{
+}
+
+bool
+ProxyTransaction::expect_receive_trailer() const
+{
+  return false;
+}
+
+void
+ProxyTransaction::set_expect_receive_trailer()
+{
+}
+
 bool
 ProxyTransaction::allow_half_open() const
 {

proxy/ProxyTransaction.h

@@ -50,6 +50,11 @@ class ProxyTransaction : public VConnection
   virtual void set_default_inactivity_timeout(ink_hrtime timeout_in);
   virtual void cancel_inactivity_timeout();
   virtual void cancel_active_timeout();
+  virtual bool is_read_closed() const;
+  virtual bool expect_send_trailer() const;
+  virtual void set_expect_send_trailer();
+  virtual bool expect_receive_trailer() const;
+  virtual void set_expect_receive_trailer();
 
   // Implement VConnection interface.
   VIO *do_io_read(Continuation *c, int64_t nbytes = INT64_MAX, MIOBuffer *buf = nullptr) override;
@@ -119,6 +124,7 @@ class ProxyTransaction : public VConnection
   const IpAllow::ACL &get_acl() const;
 
   ProxySession *get_proxy_ssn();
+  ProxySession const *get_proxy_ssn() const;
   PoolableSession *get_server_session() const;
   HttpSM *get_sm() const;
 
@@ -203,6 +209,12 @@ ProxyTransaction::get_proxy_ssn()
   return _proxy_ssn;
 }
 
+inline ProxySession const *
+ProxyTransaction::get_proxy_ssn() const
+{
+  return _proxy_ssn;
+}
+
 inline PoolableSession *
 ProxyTransaction::get_server_session() const
 {

proxy/hdrs/HdrToken.cc

@@ -230,6 +230,9 @@ static HdrTokenFieldInfo _hdrtoken_strs_field_initializers[] = {
   {"Strict-Transport-Security", MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                (HTIF_MULTVALS)                              },
   {"Subject",                   MIME_SLOTID_NONE,                MIME_PRESENCE_SUBJECT,             HTIF_NONE                                    },
   {"Summary",                   MIME_SLOTID_NONE,                MIME_PRESENCE_SUMMARY,             HTIF_NONE                                    },
+ // TODO: In the past we have observed issues with having hop-by-hop in here
+  // for gRPC. We plan to work on gRPC in a future. We should experiment with
+  // this and verify that it works as expected.
   {"TE",                        MIME_SLOTID_TE,                  MIME_PRESENCE_TE,                  (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
   {"Transfer-Encoding",         MIME_SLOTID_TRANSFER_ENCODING,   MIME_PRESENCE_TRANSFER_ENCODING,
    (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)                                                                                                 },