Skip to content

Improve Coder Connect tunnel reconnect handling #563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ethanndickson opened this issue Apr 8, 2025 · 5 comments · Fixed by coder/coder#17598
Closed

Improve Coder Connect tunnel reconnect handling #563

ethanndickson opened this issue Apr 8, 2025 · 5 comments · Fixed by coder/coder#17598
Assignees
@ibetitsmike

Comments

@ethanndickson
Copy link
Member

ethanndickson commented Apr 8, 2025
edited
Loading

The Coder Connect tunnel receives workspace state from the Coder server over a dRPC stream. When first connecting to this stream, the current state of the user's workspaces is received, with subsequent messages being diffs on top of that state.

However, if the client disconnects from this stream, such as when the user's device is suspended, and then reconnects later, no mechanism exists for the tunnel to differentiate that message containing the entire initial state from another diff, and so that state is incorrectly applied as a diff.

In practice:

  • Tunnel connects, receives a workspace update containing all the existing workspaces & agents.
  • Tunnel loses connection, but isn't completely stopped.
  • All the user's workspaces are restarted, producing a new set of agents.
  • Tunnel regains connection, and receives a workspace update containing all the existing workspaces & agents.
  • This initial update is incorrectly applied as a diff, with the Tunnel's state containing both the old & new agents.

On Coder Desktop macOS, we've attempted to mitigate this issue by stopping the tunnel completely when the user device is suspended, and starting it back up when the device wakes. This is annoying for the user, and we don't want to do this long term.
If we fix this issue, we won't need to stop Coder Connect on device sleep anymore.
@ibetitsmike
Copy link

Important caveat to consider was discussed with @ethanndickson - there might be a scenario in which our keep-alive will not allow the workspace to shutdown and update on schedule.

@spikecurtis
Copy link

no mechanism exists for the tunnel to differentiate that message containing the entire initial state from another diff, and so that state is incorrectly applied as a diff.

Can we solve this problem by adding an explicit field or field(s) to the update to tell whether you're getting a snapshot or diff?

@ethanndickson
Copy link
Member Author

ethanndickson commented Apr 15, 2025
edited
Loading

Can we solve this problem by adding an explicit field or field(s) to the update to tell whether you're getting a snapshot or diff?

That makes sense to me, but unless I'm mistaken I think we could also plumb through a isState bool from the tunnelUpdater through to the Tunnel? That way we'd avoid touching the dRPC protocol. I think we could just set it to true each time recvLoop is called.

@deansheather
Copy link
Member

@spikecurtis @ethanndickson

Potential plan:

  1. In the tunnel, set a flag needFreshWorkspaceUpdate (or some other name) immediately after reconnecting to the tailnet protocol endpoint on the server
  2. In the tunnel's workspace update handler, check this flag near the top and if true:
    1. Get a list of workspaces/agents that are in the tunnel's current state but not in the new update
    2. Add these workspaces/agents to the deleted_ fields on the update
    3. Set the flag to false
    4. Process the update as usual, the missing objects should be deleted and the update should be forwarded properly

@spikecurtis
Copy link

Need to be careful of data races:

  • what happens if we reconnect immediately before or after setting this field?
  • what happens if we reconnect during processing of updates?

What about putting the flag into the WorkspaceUpdates struct? The tunnelUpdater is recreated each reconnection, so it can set the flag on the first update and not subsequent ones. That keeps the flag colocated with the data it applies to and makes it less likely that we can have a race.

@sreya sreya self-assigned this Apr 23, 2025
@ibetitsmike ibetitsmike assigned ibetitsmike and unassigned sreya Apr 23, 2025
@ethanndickson ethanndickson mentioned this issue Apr 29, 2025
Open
This was referenced Apr 30, 2025
Merged
Open
ibetitsmike added a commit to coder/coder that referenced this issue May 6, 2025
@ibetitsmike
feat: improve coder connect tunnel handling on reconnect (#17598)
5f516ed 
Closes coder/internal#563

The [Coder Connect
tunnel](https://github.com/coder/coder/blob/main/vpn/tunnel.go) receives
workspace state from the Coder server over a [dRPC
stream.](https://github.com/coder/coder/blob/114ba4593b2a82dfd41cdcb7fd6eb70d866e7b86/tailnet/controllers.go#L1029)
When first connecting to this stream, the current state of the user's
workspaces is received, with subsequent messages being diffs on top of
that state.

However, if the client disconnects from this stream, such as when the
user's device is suspended, and then reconnects later, no mechanism
exists for the tunnel to differentiate that message containing the
entire initial state from another diff, and so that state is incorrectly
applied as a diff.

In practice:
- Tunnel connects, receives a workspace update containing all the
existing workspaces & agents.
- Tunnel loses connection, but isn't completely stopped.
- All the user's workspaces are restarted, producing a new set of
agents.
- Tunnel regains connection, and receives a workspace update containing
all the existing workspaces & agents.
- This initial update is incorrectly applied as a diff, with the
Tunnel's state containing both the old & new agents.

This PR introduces a solution in which tunnelUpdater, when created,
sends a FreshState flag with the WorkspaceUpdate type. This flag is
handled in the vpn tunnel in the following fashion:
- Preserve existing Agents
- Remove current Agents in the tunnel that are not present in the
WorkspaceUpdate
- Remove unreferenced Workspaces
@ethanndickson ethanndickson mentioned this issue May 7, 2025
Merged
ethanndickson added a commit to coder/coder-desktop-macos that referenced this issue May 8, 2025
@ethanndickson
chore: dont stop coder connect on device sleep (#151)
f039526 
Closes #88.

With coder/internal#563 resolved, there's no need to stop the VPN on sleep, as when the device wakes the tunnel will have the correct workspace & agent state.

However, if the Coder deployment doesn't include the patch in coder/coder#17598 (presumably v2.23 or later), the UI state will go out of sync when the device is slept or internet connection is lost. I think this is fine honestly, and I don't think it's worth doing a server version check to determine whether we should stop the VPN on sleep.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ibetitsmike ibetitsmike

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: improve coder connect tunnel handling on reconnect coder/coder
5 participants
@sreya @spikecurtis @deansheather @ethanndickson @ibetitsmike