Modify NSM internal GRPC connection parameters (#1322)

ljkiraly · web-flow · commit bc1021c874fd · 2025-07-16T16:51:55.000+02:00
Signed-off-by: Laszlo Kiraly &lt;laszlo.kiraly@est.tech&gt;
diff --git a/README.md b/README.md
@@ -29,6 +29,7 @@ docker build .
 * `NSM_REGISTRY_CLIENT_POLICIES`         - paths to files and directories that contain registry client policies
 * `NSM_LOG_LEVEL`                        - Log level
 * `NSM_DIAL_TIMEOUT`                     - Timeout for the dial the next endpoint
+* `NSM_DIAL_MAX_DELAY`                   - Upper bound on gRPC connection backoff delay
 * `NSM_OPEN_TELEMETRY_ENDPOINT`          - OpenTelemetry Collector Endpoint
 * `NSM_METRICS_EXPORT_INTERVAL`          - interval between mertics exports
 * `NSM_PPROF_ENABLED`                    - is pprof enabled (default: "false")
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -1,9 +1,9 @@
-// Copyright (c) 2025 Nordix and/or its affiliates.
-//
 // Copyright (c) 2020-2025 Cisco and/or its affiliates.
 //
 // Copyright (c) 2021-2025 Doc.ai and/or its affiliates.
 //
+// Copyright (c) 2025 OpenInfra Foundation Europe and/or its affiliates.
+//
 // SPDX-License-Identifier: Apache-2.0
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -44,7 +44,8 @@ type Config struct {
 	MaxTokenLifetime              time.Duration     `default:"10m" desc:"maximum lifetime of tokens" split_words:"true"`
 	RegistryClientPolicies        []string          `default:"etc/nsm/opa/common/.*.rego,etc/nsm/opa/registry/.*.rego,etc/nsm/opa/client/.*.rego" desc:"paths to files and directories that contain registry client policies" split_words:"true"`
 	LogLevel                      string            `default:"INFO" desc:"Log level" split_words:"true"`
-	DialTimeout                   time.Duration     `default:"750ms" desc:"Timeout for the dial the next endpoint" split_words:"true"`
+	DialTimeout                   time.Duration     `default:"15s" desc:"Timeout for the dial the next endpoint" split_words:"true"`
+	DialMaxDelay                  time.Duration     `default:"5s" desc:"Upper bound on gRPC connection backoff delay" split_words:"true"`
 	OpenTelemetryEndpoint         string            `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint" split_words:"true"`
 	MetricsExportInterval         time.Duration     `default:"10s" desc:"interval between mertics exports" split_words:"true"`
 	PprofEnabled                  bool              `default:"false" desc:"is pprof enabled" split_words:"true"`
diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go
diff --git a/internal/xconnectns/server.go b/internal/xconnectns/server.go
@@ -2,6 +2,8 @@
 //
 // Copyright (c) 2022-2024 Cisco and/or its affiliates.
 //
+// Copyright (c) 2025 OpenInfra Foundation Europe and/or its affiliates.
+//
 // SPDX-License-Identifier: Apache-2.0
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -67,7 +69,7 @@ func NewServer(
 		authorizeServer:                  authorize.NewServer(authorize.Any()),
 		authorizeMonitorConnectionServer: authmonitor.NewMonitorConnectionServer(authmonitor.Any()),
 		clientURL:                        &url.URL{Scheme: "unix", Host: "connect.to.socket"},
-		dialTimeout:                      time.Millisecond * 200,
+		dialTimeout:                      time.Second * 15,
 		domain2Device:                    make(map[string]string),
 	}
 	for _, opt := range options {
diff --git a/main.go b/main.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Nordix Foundation.
+// Copyright (c) 2025 OpenInfra Foundation Europe and/or its affiliates.
 //
 // Copyright (c) 2020-2025 Cisco and/or its affiliates.
 //
@@ -40,6 +40,7 @@ import (
 	"github.com/spiffe/go-spiffe/v2/workloadapi"
 	"go.fd.io/govpp/api"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/backoff"
 	"google.golang.org/grpc/credentials"
 
 	"github.com/networkservicemesh/vpphelper"
@@ -78,6 +79,7 @@ import (
 	"github.com/networkservicemesh/cmd-forwarder-vpp/internal/xconnectns"
 )
 
+//gocyclo:ignore
 func main() {
 	// ********************************************************************************
 	// setup context to catch signals
@@ -259,12 +261,22 @@ func main() {
 	tlsServerConfig := tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny())
 	tlsServerConfig.MinVersion = tls.VersionTLS12
 
+	// Set faster reconnect if nsmgr or registry has been unavailable. Otherwise gRPC might
+	// wait up to 2 minutes to attempt reconnect due to the default backoff algorithm.
+	grpcBackoffCfg := backoff.DefaultConfig
+	if grpcBackoffCfg.MaxDelay != cfg.DialMaxDelay {
+		grpcBackoffCfg.MaxDelay = cfg.DialMaxDelay
+	}
+
 	dialOptions := append(
 		tracing.WithTracingDial(),
 		grpc.WithBlock(),
 		grpc.WithDefaultCallOptions(
 			grpc.WaitForReady(true),
 			grpc.PerRPCCredentials(token.NewPerRPCCredentials(spiffejwt.TokenGeneratorFunc(source, cfg.MaxTokenLifetime)))),
+		grpc.WithConnectParams(grpc.ConnectParams{
+			Backoff: grpcBackoffCfg,
+		}),
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(tlsClientConfig))),
