The agent architecture is clever. Crash isolation for WAF/auth means a buggy plugin cant take down the proxy, which has bitten me with nginx modules before.
Appreciate that! That exact failure mode is why I went with out-of-process agents. A bit like Envoy's ext_proc filter. Sentinel treats agents like separate services (timeouts, circuit-break-ish behavior, w/ explicit fail-open/fail-closed choice), so a crash/hang in WAF/auth shouldn’t take the data plane with it.
Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?
The agent architecture is clever. Crash isolation for WAF/auth means a buggy plugin cant take down the proxy, which has bitten me with nginx modules before.
Appreciate that! That exact failure mode is why I went with out-of-process agents. A bit like Envoy's ext_proc filter. Sentinel treats agents like separate services (timeouts, circuit-break-ish behavior, w/ explicit fail-open/fail-closed choice), so a crash/hang in WAF/auth shouldn’t take the data plane with it.
Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?
[dead]