vscode-copilot-release icon indicating copy to clipboard operation
vscode-copilot-release copied to clipboard
verified publisher icon microsoft

Frequent network requests to `http://169.254.169.254/metadata/instance/compute`

Open database64128 opened this issue 1 year ago • 10 comments

Every few seconds, the copilot extension attempts to query http://169.254.169.254/metadata/instance/compute, and then opens a connection to westus-0.in.applicationinsights.azure.com:443. What are the purposes of these requests? Why do they get more frequent the more VSCode windows you open?

  • Copilot Chat Extension Version: v0.18.2
  • VS Code Version: 1.92.2
  • OS Version: Arch Linux, macOS, Windows
  • Logs:
2024-08-23 20:33:22.007 [info] [fetcher] Using Helix fetcher.
2024-08-23 20:33:22.007 [info] [code-referencing] Public code references are enabled.
2024-08-23 20:58:25.100 [info] [fetcher] Using Helix fetcher.
2024-08-23 20:58:25.100 [info] [code-referencing] Public code references are enabled.
2024-08-23 21:23:25.975 [info] [fetcher] Using Helix fetcher.
2024-08-23 21:23:25.975 [info] [code-referencing] Public code references are enabled.
2024-08-23 21:48:26.910 [info] [fetcher] Using Helix fetcher.
2024-08-23 21:48:26.910 [info] [code-referencing] Public code references are enabled.
2024-08-23 22:13:27.712 [info] [fetcher] Using Helix fetcher.
2024-08-23 22:13:27.712 [info] [code-referencing] Public code references are enabled.
2024-08-23 22:38:28.630 [info] [fetcher] Using Helix fetcher.
2024-08-23 22:38:28.630 [info] [code-referencing] Public code references are enabled.
2024-08-23 23:03:29.813 [info] [fetcher] Using Helix fetcher.
2024-08-23 23:03:29.813 [info] [code-referencing] Public code references are enabled.
2024-08-23 23:28:32.950 [info] [fetcher] Using Helix fetcher.
2024-08-23 23:28:32.950 [info] [code-referencing] Public code references are enabled.
2024-08-23 23:53:34.157 [info] [fetcher] Using Helix fetcher.
2024-08-23 23:53:34.157 [info] [code-referencing] Public code references are enabled.

Steps to Reproduce:

  1. Open one or more VSCode windows.
  2. Monitor outgoing network requests.

database64128 avatar Aug 24 '24 04:08 database64128

image

I am also facing the same issue as shown above. I have manually configured the firewall to drop those requests.

SukkaW avatar Aug 29 '24 15:08 SukkaW

This issue seems to be about Copilot Completions and not Copilot Chat based on the logs. Those issues should be filed at https://github.com/orgs/community/discussions/categories/copilot

But I will try my best to answer, westus-0.in.applicationinsights.azure.com:443 is an Azure telemetry instance. You can try disabling telemetry within VS Code and see if these requests still persist.

lramos15 avatar Aug 29 '24 20:08 lramos15

@lramos15 Then what about 169.254.169.254? From what I learned, those requests should only happen inside a cloud computing instance (Azure, DigitalOcean, etc.): https://github.com/search?q=169.254.169.254%2Fmetadata&type=code

SukkaW avatar Aug 30 '24 00:08 SukkaW

Thanks. Opened https://github.com/orgs/community/discussions/137229.

database64128 avatar Aug 30 '24 06:08 database64128

Not sure what the 169.254.169.254 domain is. I'm trying to analyze the traffic using proxyman and do not see that on my end

Image

lramos15 avatar Aug 30 '24 17:08 lramos15

Did you configure http.proxy in VSCode settings? Does the no_proxy environment variable include 169.254.169.254? Does proxyman's HTTP proxy server support non-CONNECT methods?

I have http.proxy pointing to a local HTTP proxy server, and the server logs are clobbered by requests to 169.254.169.254.

database64128 avatar Aug 30 '24 17:08 database64128

Thanks for the additional information. This is originating from the applicationinsights node module we use for telemetry collection. I will investigate a way to turn off these requests as we are not using whatever info they're gathering.

lramos15 avatar Aug 30 '24 18:08 lramos15

Just to provide update, there is currently no way to turn these requests off, but I have made an upstream request to the team that owns the node module to add such feature.

lramos15 avatar Sep 18 '24 14:09 lramos15

@lramos15 Would mind giving us some updates? Because it is getting ridiculous:

image

As you can see, VSCode sends about 50 requests to http://169.254.169.254/metadata/instance/compute in just 28 seconds. I don't mind any application insight things, but 2 requests per second are definitely abnormal.

SukkaW avatar Sep 24 '24 19:09 SukkaW

@SukkaW No updates to provide at this time, I do not see nearly that level of requests on my end. I wonder if dropping them causes it to retry. This is caused by an upstream package that I do not fully control so I am coordinating with the team that owns it to resolve the issue.

Is this affecting your copilot experience? Or is it just a nuisance in the logs? I wasn't even aware of these requests until they were pointed out.

lramos15 avatar Sep 24 '24 19:09 lramos15

There are WARN messages in surge, a network proxy software:

Surge processed 513 requests in the past one second. There may be an abnormal process. Recent process: Code Helper (Plugin) (199 requests)

Image

Image

Is this affecting your copilot experience? Or is it just a nuisance in the logs?

@lramos15 It may not have affected my Copilot experience since I wasn’t using it at the time, but my network access was cut off due to my company’s internal firewall policy. It seems the firewall detected some kind of SYN flood attack, which led to it blocking my outbound network access for several minutes. What a day.

Image

Shawyeok avatar Oct 18 '24 02:10 Shawyeok

@Shawyeok Looking at your logs there that seems like a different URL. That appears to be the URL where we ingest telemetry. I've been using Proxyman to analyze this traffic and don't see requests going out at nearly that speed. I must be missing something. In surge can you view the request body of a couple of requests and see if they are distinct telemetry events or if this is some sort of retry happening causing the flood.

lramos15 avatar Oct 18 '24 13:10 lramos15

@Shawyeok Looking at your logs there that seems like a different URL. That appears to be the URL where we ingest telemetry. I've been using Proxyman to analyze this traffic and don't see requests going out at nearly that speed. I must be missing something. In surge can you view the request body of a couple of requests and see if they are distinct telemetry events or if this is some sort of retry happening causing the flood.

@lramos15 Thanks, here is what I observed:

  1. All request sizes are 202B, all response sizes are 332B
  2. Request Body tab show No Data, and I’m not sure why that’s happening.
POST /v2.1/track HTTP/1.1
Content-Type: application/x-json-stream
Content-Encoding: gzip
Content-Length: 20
Host: westus-0.in.applicationinsights.azure.com
Connection: close

<Request Body is missing>

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 21 Oct 2024 14:08:41 GMT
Connection: close

{"itemsReceived":0,"itemsAccepted":0,"appId":null,"errors":[]}

Image

Image

Image

Shawyeok avatar Oct 21 '24 14:10 Shawyeok

I'm not sure if those requests are initiated by the Copilot plugin, I've disable half of the plugins installed on my computer, trying to find out the real problematic plugin.

Shawyeok avatar Oct 21 '24 14:10 Shawyeok

This problem caused me to lose my Internet connection https://github.com/docker/for-win/issues/14859

isCopyman avatar Jul 06 '25 11:07 isCopyman