The agent architecture is clever. Crash isolation for WAF/auth means a buggy plugin cant take down the proxy, which has bitten me with nginx modules before.
Appreciate that! That exact failure mode is why I went with out-of-process agents. A bit like Envoy's ext_proc filter. Sentinel treats agents like separate services (timeouts, circuit-break-ish behavior, w/ explicit fail-open/fail-closed choice), so a crash/hang in WAF/auth shouldn’t take the data plane with it.
Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?
Memory leaks mostly. Ran ModSecurity and memory would creep up over days until we hit OOM. Ended up with scheduled restarts as a band-aid which felt wrong.
The agent architecture is clever. Crash isolation for WAF/auth means a buggy plugin cant take down the proxy, which has bitten me with nginx modules before.
Appreciate that! That exact failure mode is why I went with out-of-process agents. A bit like Envoy's ext_proc filter. Sentinel treats agents like separate services (timeouts, circuit-break-ish behavior, w/ explicit fail-open/fail-closed choice), so a crash/hang in WAF/auth shouldn’t take the data plane with it.
Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?
Memory leaks mostly. Ran ModSecurity and memory would creep up over days until we hit OOM. Ended up with scheduled restarts as a band-aid which felt wrong.
[dead]
[dead]