Front Door responds with OriginTimeout after ~4 seconds despite larger timeout setting
Hi!
We have 90 seconds timeout configured as the origin timeout setting. However, from time to time Front Door fails just after 4 seconds with OriginTimeout setting, something like below. It looks like these requests don't even reach the origin. What could be causing the timeout on the FD side?
"timeToFirstByte": "3.997",
"timeTaken": "3.997",
"httpStatusCode": "504",
"httpStatusDetails": "504",
"pop": "CHG",
"cacheStatus": "CONFIG_NOCACHE",
"errorInfo": "OriginTimeout",
"ErrorInfo": "OriginTimeout",
Azure Front Door
-
RevelinoB 2,775 Reputation points
2023-07-17T04:09:15.09+00:00 Hi Sergey,
If Azure Front Door is timing out and giving you a 504 error, it means that it's not able to reach the origin server within the configured timeout period. This could happen due to a few reasons:
- Network connectivity issues: The timeout could be caused by network connectivity problems between Azure Front Door and the origin server. This could be due to network congestion, firewall settings, or routing issues. You can check the network connectivity between Front Door and the origin server to ensure there are no connectivity problems.
- High load on the origin server: If the origin server is under high load or experiencing performance issues, it may not be able to respond to requests within the configured timeout period. This can result in Front Door timing out and returning a 504 error. Monitoring the performance and resource utilization of the origin server can help identify if this is the cause. Origin server configuration: The origin server may be configured with a timeout period that is shorter than the Front Door timeout setting. In this case, even if Front Door is configured with a 90-second timeout, the origin server may respond with a timeout error before that time. Review the configuration of the origin server and ensure it allows sufficient time for processing requests. Firewall or security settings: If the origin server has a firewall or security settings that block or restrict access from Front Door, it could cause timeouts. Ensure that the necessary firewall rules or security settings are in place to allow traffic from Front Door. Front Door configuration: Review the Front Door configuration, specifically the timeout settings, to ensure they are correctly set. Check if any custom rules, policies, or routing configurations are affecting the request flow and causing the timeout.
It's recommended to investigate the logs and monitor the network and server performance to identify the underlying cause of the timeouts.
I hope this helps?
-
GitaraniSharma-MSFT 47,421 Reputation points • Microsoft Employee
2023-07-17T10:34:46.1466667+00:00 Hello @Sergey Stoma ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you've configured 90 seconds timeout as your origin timeout setting. However, from time-to-time Azure Front Door fails just after 4 seconds with HTTP 504 - OriginTimeout error.
I've seen this issue before, but it is mostly a backend issue. This issue requires a deeper investigation, so if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.
In case you need help with a one-time free technical support, I would request you to send an email with subject line "ATTN gishar | Front Door responds with OriginTimeout after ~4 seconds despite larger timeout setting" to AzCommunity[at]Microsoft[dot]com with the following details, I will follow-up with you.
- Reference this Q&A thread
- Your Azure Subscription ID
Note: Do not share any PII data as a public comment.
We will post a summarized answer once the issue is resolved.
Regards,
Gita
-
GitaraniSharma-MSFT 47,421 Reputation points • Microsoft Employee
2023-07-26T10:35:50.4666667+00:00 Hello @Sergey Stoma , Could you please provide an update on this post? Please send us an email as requested above, in case you need help with a one-time free technical support to troubleshoot this issue further.
-
Dylan James 1 Reputation point
2024-03-21T15:59:31.6833333+00:00 Hello @Sergey Stoma you are describing almost exactly the same scenario I am seeing. Did you resolve this somehow? If so could you share the fix?
Thanks!
-
Sergey Stoma 0 Reputation points
2024-03-21T16:43:37.4233333+00:00 Unfortunately we haven't found a fix either. It "kinda" went away after a while, or at least is now below the noise floor that it is not as a much of a concern for now.
A support ticket back then didn't yield much either, essentially only a suggestion that it could have been a bad POP.
-
Dylan James 1 Reputation point
2024-03-21T16:59:46.9966667+00:00 Thanks a ton for the reply. That is unfortunate to hear. I'm going to try going the support ticket route and see if anything comes from it.
-
John Patounas 5 Reputation points
2024-03-22T11:24:40.3033333+00:00 We are facing exactly the same issue.
Randomly page elements timeout within about 4secs while the FD timeout is set to the maximum 240 secs. On FD Audit logs it is either 503 or 504 status codes.
Tried removing compressions, adding rule to ignore Accept-Encoding but the issue persists more than a month now.
Opened a ticket and no solution found yet.PLEASEEEEEE ANYONE NEED ASSISTANCE ON THIS !!!
-
Sergey Stoma 0 Reputation points
2024-03-22T18:07:55.8+00:00 Pulled down the log from today and there was a single instance of timeout with the same symptoms - FD reports timeout, 504, and of course the request never made it to the origin. So this is still happening, though less frequently. At least it failed faster than 4 seconds :D
"timeToFirstByte": "2.832",
"timeTaken": "2.832",
"httpStatusCode": "504",
"httpStatusDetails": "504",
"pop": "MNZ",
"cacheStatus": "N/A",
"errorInfo": "OriginTimeout",
"ErrorInfo": "OriginTimeout",
-
John Patounas 5 Reputation points
2024-03-22T21:15:39.1533333+00:00 The issue is for items that are in the cache as it seems.
I tested the same endpoint on 2 domains, one with caching on FD and the other without. On the one that I had the caching enabled I had the 504 timeouts in the audit log while on the other domain did not.
Also noticed that for every time 504 happens in the log there are 2 entries at the same time. One with sni_s my hostname and another with sni_s == "originshield|parentcache|https|tier2"
Still have ticket with Microsoft and hope to have a solution on this. Will keep you posted.
-
John Patounas 5 Reputation points
2024-03-23T15:31:16.51+00:00 New update. Since last night I have tried different settings on FD. The issue happens only when caching is enabled. Disabled caching and purged cash on the domain and stopped happening. Will continue with the ticket with MS since caching is needed for sure. Once I have any new updates I will comment.
-
John Patounas 5 Reputation points
2024-03-27T16:26:25.9766667+00:00 New Update.
My Setup tested:
Azure Frontdoor --> Fortigate (Policies with Virtual IPs) --> VM on Azure (IIS)
Setup 1) FD Caching enabled --- ERRORS 504
Setup 2) FD Caching disabled ---- NO ERRORS 504
New Setup Tested bypassing Fortigate Firewall:
Azure Frontdoor --> VM on Azure (IIS)
Setup 1) FD Caching enabled --- NO ERRORS 504
Setup 2) FD Caching disabled ---- NO ERRORS 504
-
Sergey Stoma 0 Reputation points
2024-03-27T17:08:15.52+00:00 Interesting! In our case, we didn't have a firewall, it was FD -> LB pool -> VM
Sign in to comment