pickfirst: Implement Happy Eyeballs

[arjan-bal]

As part of the Dualstack design, the pickfirst policy should implement the happy eyeballs algorithm while connecting to multiple backends.

The timeout for the happy eyeballs connection timer is NOT configurable as that's an optional requirement in the gRFC.

RELEASE NOTES:

• The new experimental pickfirst LB policy (disabled by default) supports Happy Eyeballs to attempt connections to multiple backends concurrently. The experimental pickfirst policy can be enabled by setting the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to true.

[codecov]

Codecov Report

Attention: Patch coverage is 86.81319% with 12 lines in your changes missing coverage. Please review.

Project coverage is 81.93%. Comparing base (18d218d) to head (11fe515).
Report is 4 commits behind head on master.

Files with missing lines	Patch %	Lines
balancer/pickfirst/pickfirstleaf/pickfirstleaf.go	86.36%	9 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7725      +/-   ##
==========================================
- Coverage   82.00%   81.93%   -0.08%     
==========================================
  Files         373      374       +1     
  Lines       37735    37872     +137     
==========================================
+ Hits        30945    31030      +85     
- Misses       5512     5556      +44     
- Partials     1278     1286       +8     

Files with missing lines	Coverage Δ
balancer/pickfirst/internal/internal.go	100.00% <100.00%> (ø)
balancer/pickfirst/pickfirstleaf/pickfirstleaf.go	89.29% <86.36%> (+0.51%)	⬆️

... and 29 files with indirect coverage changes

[easwars]

Should we mention the environment variables in the release note? Or at least in the PR description?

[easwars]

I couldn't complete a full pass, but some comment here to get satrted.

[arjan-bal]

Should we mention the environment variables in the release note? Or at least in the PR description?

Updated the release notes.

[easwars]

LGTM. Some minor nits in the tests.

[easwars]

Old timers should get canceled when subsequent subchannels are created, right? Why do we need to do this?

[arjan-bal]

This is required since pickfirst will stop the timer, but the fake TimeAfterFunc will still keep waiting on the timer channel till the context is cancelled. If there are multiple listeners on the timer channel, they will race to read from the channel.

This could be avoided by introducing an interface for a time.Timer so that the test can intercept calls to Timer.Stop().

[easwars]

I see what you are saying. That seems better to me, unless it is too much work.

[arjan-bal]

Refactored to have the internal.TimeAfterFunc return a cancelFunc() instead of a timer. This allowed the test to stop the timer when pickfirst cancels the timer. I also created a helper function to return a timer function and a function to trigger the timer manually instead of having the tests write on channel.

[easwars]

Do we need this? Won't testutils.AwaitNotState fail the test if the specified state is reached before the context expires?

[arjan-bal]

It's not required because of the way testutils.AwaitNotState works. When I tried to ignore the first cancel function as follows:

shortCtx, _ := context.WithTimeout(ctx, defaultTestShortTimeout)

govet complains about a possible context leak because it can't ensure that the context will be cancelled at compile time. If we re-assign the cancel func later, govet doesn't complain but I still called cancel just to be consistent. Removed the call now.

[easwars]

Why do you say we are skipping server[1] here? IIUC correctly:

• we first started a connection to server[0]
• connection to server[0] failed before the HE timer fired
• so, we started a connection to server[1]
• now, the HE timer has fired
• so, we would start a connection to server[2]

I don't see where we are skipping server[1].

[arjan-bal]

The test doesn't skip the server but it skips waiting for the SubConn to report a success or failure and moves on to the next SubConn. The comment was copied taken from Java's test case. I've improved the wording now.

[dfawley]

Optional: merge these into a default and then just log the state and say it was unexpected and return.

[arjan-bal]

Merged.

[dfawley]

isValid feels a lot like firstPass. And shouldn't b.subConns.Len() always be equal to the addressList's index, so if addressList.isValid then the second case should always be true, too? I'm sensing some duplication here that might be able to be removed & simplified. Or, I'm not understanding something and we need some comments to explain why these checks are here.

[arjan-bal]

isValid feels a lot like firstPass.

For the first pass to be completed, all the SubConns need to report a TF. !isValid() will indicate that SubConn.Connect() has been called on all the SubConns, but it doesn't tell us if TFs have been reported. So the isValid() check is used as an optimization to return early and avoid iterating on the entire SubConns map.

And shouldn't b.subConns.Len() always be equal to the addressList's index, so if addressList.isValid then the second case should always be true, too?

Yes, the check for b.subConns.Len() < b.addressList.size() seems redundant because if !b.addressList.isValid(), then a SubConn would have been created for every address while iterating over the list. Removed the check for b.subConns.Len() < b.addressList.size().

Added some comments explaining the check and what the function does.

[dfawley]

connectionFailed is a bit like lastErr != nil. Do we need both?

[arjan-bal]

lastErr is used to update the picker at the end of the first pass. In the case where the last address in the list hasn't completed it's backoff from a previous attempt, scd.lastErr would store a non-nil error. This is why scd.lastErr is not reset when starting the first pass over a new address list.

scd.connectionFailed indicates if the subchannel has failed with the latest address list from the resolver. It is reset before staring the first pass.

Consider a subchannel is being re-used after getting a resolver update because it's address is present in the new address list. The subchannel has already failed, it has scd.lastErr set and scd.connectionFailed set to true. When the first pass starts, scd.connectionFailed is set to false.

• If the subchannel completes backoff when the iteration over the address list reaches it, the subchannel will be connected since it's state is IDLE. When it fails again, scd.connectionFailed will be set to true and scd.lastErr will be updated.
• If the subchannel is in backoff when the iteration over the address list reaches it, the subchannel will not be re-tried. scd.lastErr will be retained and scd.connectionFailed will be set to true.

The above steps ensure that the subchannel always has a non-nil error to update the picker.

[dfawley]

It feels like either this or the one in the Idle case is redundant.

[arjan-bal]

A subchannel can be CONNECTING from a previous resolver update. We can call still Connect on it, but it will unnecessarily log a debug statement connect called on addrConn in non-idle state (%v); ignoring..

Both these cases are mentioned in A61.

[dfawley]

Are we really supposed to attempt re-connection on every already-idle subchannel at the same instant? And not apply the timer or anything?

[arjan-bal]

Yes, this is mentioned in A61:

If the first pass completes without a successful connection attempt, we will switch to a mode where we keep trying to connect to all addresses at all times, with no regard for the order of the addresses.

[dfawley]

I suspect you didn't want these diffs.

[arjan-bal]

Reverted. I initially added an env var to toggle happy eyeballs, which was later removed it. I made a similar change to the doc comment for new env var based on reviewer feedback.