在空闲时发送 TCP 重置的负载均衡器Load Balancer with TCP Reset on Idle

可以使用标准负载均衡器,通过为给定规则启用“空闲时执行 TCP 重置”,为方案创建可预测度更高的应用程序行为。You can use Standard Load Balancer to create a more predictable application behavior for your scenarios by enabling TCP Reset on Idle for a given rule. 负载均衡器的默认行为是当达到流的空闲超时的情况下,以静默方式删除流。Load Balancer's default behavior is to silently drop flows when the idle timeout of a flow is reached. 启用此功能将导致负载均衡器在空闲超时情况下发送双向 TCP 重置(TCP RST 包)。Enabling this feature will cause Load Balancer to send bidirectional TCP Resets (TCP RST packet) on idle timeout. 这将通知应用程序终结点,连接已超时且不再可用。This will inform your application endpoints that the connection has timed out and is no longer usable. 终结点可以视需要立即建立新连接。Endpoints can immediately establish a new connection if needed.

负载均衡器 TCP 重置

你可以更改此默认行为,并启用根据入站 NAT 规则、负载均衡规则和出站规则在空闲超时情况下发送 TCP 重置。You change this default behavior and enable sending TCP Resets on idle timeout on inbound NAT rules, load balancing rules, and outbound rules. 根据规则启用时,负载均衡器将在所有匹配流的空闲超时情况下向客户端和服务器终结点发送双向 TCP 重置(TCP RST 数据包)。When enabled per rule, Load Balancer will send bidirectional TCP Reset (TCP RST packets) to both client and server endpoints at the time of idle timeout for all matching flows.

接收 TCP RST 数据包的终结点会立即关闭相应的套接字。Endpoints receiving TCP RST packets close the corresponding socket immediately. 这会立即通知终结点该连接已释放,并且同一 TCP 连接上的任何后续通信都将失败。This provides an immediate notification to the endpoints that the release of the connection has occurred and any future communication on the same TCP connection will fail. 应用程序可以在套接字关闭时清除连接,并根据需要重新建立连接,而无需等待 TCP 连接最终超时。Applications can purge connections when the socket closes and reestablish connections as needed without waiting for the TCP connection to eventually time out.

对于许多方案,这样可以减少发送 TCP(或应用层)保持连接以刷新流空闲超时的需要。For many scenarios, this may reduce the need to send TCP (or application layer) keepalives to refresh the idle timeout of a flow.

如果空闲持续时间超过配置所允许的持续时间,或者你的应用程序显示启用了 TCP 重置的不良行为,则可能仍需要使用 TCP 保持连接(或应用层保持连接)来监视 TCP 连接的活跃性。If your idle durations exceed those of allowed by the configuration or your application shows an undesirable behavior with TCP Resets enabled, you may still need to use TCP keepalives (or application layer keepalives) to monitor the liveness of the TCP connections. 此外,当路径中某处的连接已经过代理时,保持连接(特别是应用层保持连接)也仍然有用。Further, keepalives can also remain useful for when the connection is proxied somewhere in the path, particularly application layer keepalives.

请仔细检查整个端到端方案,确定能否从启用 TCP 重置、调整空闲超时中受益,以及是否需要执行其他步骤来确保所需的应用程序行为。Carefully examine the entire end to end scenario to decide whether you benefit from enabling TCP Resets, adjusting the idle timeout, and if additional steps may be required to ensure the desired application behavior.

启用空闲超时情况下的 TCP 重置Enabling TCP Reset on idle timeout

使用 API 版本 2018-07-01,可以在每个规则的基础上启用在空闲超时情况下发送双向 TCP 重置:Using API version 2018-07-01, you can enable sending of bidirectional TCP Resets on idle timeout on a per rule basis:

      "loadBalancingRules": [
        {
          "enableTcpReset": true | false,
        }
      ]
      "inboundNatRules": [
        {
          "enableTcpReset": true | false,
        }
      ]
      "outboundRules": [
        {
          "enableTcpReset": true | false,
        }
      ]

区域可用性Region availability

在所有区域中可用。Available in all regions.

限制Limitations

  • 只有在 TCP 连接的状态为“已建立”时才会发送 TCP RST。TCP RST only sent during TCP connection in ESTABLISHED state.

后续步骤Next steps