负载均衡器 TCP 重置和空闲超时Load Balancer TCP Reset and Idle Timeout

可以使用标准负载均衡器,通过为给定规则启用“空闲时执行 TCP 重置”,为方案创建可预测度更高的应用程序行为。You can use Standard Load Balancer to create a more predictable application behavior for your scenarios by enabling TCP Reset on Idle for a given rule. 负载均衡器的默认行为是当达到流的空闲超时的情况下,以静默方式删除流。Load Balancer's default behavior is to silently drop flows when the idle timeout of a flow is reached. 启用此功能将导致负载均衡器在空闲超时情况下发送双向 TCP 重置(TCP RST 包)。Enabling this feature will cause Load Balancer to send bidirectional TCP Resets (TCP RST packet) on idle timeout. 这将通知应用程序终结点,连接已超时且不再可用。This will inform your application endpoints that the connection has timed out and is no longer usable. 终结点可以视需要立即建立新连接。Endpoints can immediately establish a new connection if needed.

负载均衡器 TCP 重置

TCP 重置TCP reset

你可以更改此默认行为,并启用根据入站 NAT 规则、负载均衡规则和出站规则在空闲超时情况下发送 TCP 重置。You change this default behavior and enable sending TCP Resets on idle timeout on inbound NAT rules, load balancing rules, and outbound rules. 根据规则启用时,负载均衡器将在所有匹配流的空闲超时情况下向客户端和服务器终结点发送双向 TCP 重置(TCP RST 数据包)。When enabled per rule, Load Balancer will send bidirectional TCP Reset (TCP RST packets) to both client and server endpoints at the time of idle timeout for all matching flows.

接收 TCP RST 数据包的终结点会立即关闭相应的套接字。Endpoints receiving TCP RST packets close the corresponding socket immediately. 这会立即通知终结点该连接已释放,并且同一 TCP 连接上的任何后续通信都将失败。This provides an immediate notification to the endpoints that the release of the connection has occurred and any future communication on the same TCP connection will fail. 应用程序可以在套接字关闭时清除连接,并根据需要重新建立连接,而无需等待 TCP 连接最终超时。Applications can purge connections when the socket closes and reestablish connections as needed without waiting for the TCP connection to eventually time out.

对于许多方案,这样可以减少发送 TCP(或应用层)保持连接以刷新流空闲超时的需要。For many scenarios, this may reduce the need to send TCP (or application layer) keepalives to refresh the idle timeout of a flow.

如果空闲持续时间超过配置所允许的持续时间,或者你的应用程序显示启用了 TCP 重置的不良行为,则可能仍需要使用 TCP 保持连接(或应用层保持连接)来监视 TCP 连接的活跃性。If your idle durations exceed those of allowed by the configuration or your application shows an undesirable behavior with TCP Resets enabled, you may still need to use TCP keepalives (or application layer keepalives) to monitor the liveness of the TCP connections. 此外,当路径中某处的连接已经过代理时,保持连接(特别是应用层保持连接)也仍然有用。Further, keepalives can also remain useful for when the connection is proxied somewhere in the path, particularly application layer keepalives.

请仔细检查整个端到端方案,确定能否从启用 TCP 重置、调整空闲超时中受益,以及是否需要执行其他步骤来确保所需的应用程序行为。Carefully examine the entire end to end scenario to decide whether you benefit from enabling TCP Resets, adjusting the idle timeout, and if additional steps may be required to ensure the desired application behavior.

可配置的 TCP 空闲超时Configurable TCP idle timeout

Azure 负载均衡器的空闲超时范围如下所示:Azure Load Balancer has the following idle timeout range:

  • 出站规则需要 4 分钟到 100 分钟4 minutes to 100 minutes for Outbound Rules
  • 负载均衡器规则和入站 NAT 规则需要 4 到 30 分钟4 minutes to 30 minutes for Load Balancer rules and Inbound NAT rules

默认情况下,它设置为 4 分钟。By default, it is set to 4 minutes. 如果处于非活动状态的时间超过超时值,则不能保证在客户端和云服务之间保持 TCP 或 HTTP 会话。If a period of inactivity is longer than the timeout value, there's no guarantee that the TCP or HTTP session is maintained between the client and your cloud service.

当连接关闭时,客户端应用程序可能会收到以下错误消息:“The underlying connection was closed:A connection that was expected to be kept alive was closed by the server.”(基础连接已关闭: 服务器关闭了应保持连接状态的连接。)When the connection is closed, your client application may receive the following error message: "The underlying connection was closed: A connection that was expected to be kept alive was closed by the server."

常见的做法是使用 TCP 保持连接状态。A common practice is to use a TCP keep-alive. 这种做法可以使连接状态保持更长时间。This practice keeps the connection active for a longer period. 有关详细信息,请参阅 .NET 示例For more information, see these .NET examples. 在启用保持连接状态的情况下,在连接处于非活动状态时发送数据包。With keep-alive enabled, packets are sent during periods of inactivity on the connection. 用于保持连接状态的数据包将确保不会达到空闲超时值,并且连接会维持很长时间。Keep-alive packets ensure the idle timeout value isn't reached and the connection is maintained for a long period.

此设置仅适用于入站连接。The setting works for inbound connections only. 为了避免断开连接,请将 TCP 保持连接的时间间隔配置为小于空闲超时设置,或者提高空闲超时值。To avoid losing the connection, configure the TCP keep-alive with an interval less than the idle timeout setting or increase the idle timeout value. 为了支持这些方案,我们添加了可配置空闲超时支持。To support these scenarios, support for a configurable idle timeout has been added.

TCP 保持连接状态适用于电池续航时间不受限制的情况。TCP keep-alive works for scenarios where battery life isn't a constraint. 不建议将其用于移动应用程序。It isn't recommended for mobile applications. 在移动应用程序中使用 TCP 保持连接状态可能会加快设备电池的耗尽速度。Using a TCP keep-alive in a mobile application can drain the device battery faster.

限制Limitations

  • TCP 重置仅在 TCP 连接处于已建立状态时发送。TCP reset only sent during TCP connection in ESTABLISHED state.
  • TCP 空闲超时不影响 UDP 协议的负载均衡规则。TCP idle timeout does not affect load balancing rules on UDP protocol.

后续步骤Next steps