Oh man this is a big one for us. If I am reading this correctly in design Kong has decided to make the default behavior favorable to most users naturally(but against what NGINX with one upstream block would do by default which is only pool by IP:PORT) to ensure upstream TLS routing so that SNI/Domain for the proxy Service resource for routing is respected for connection pools, so even if sharing the same destination IPs with upstreams we will have separate connections due to their differing SNI/Domains which becomes really important on the initial handshake to ensure in scenarios like a private cloud with a single ingress IP that traffic gets routed to the correct final destinations, (which we addressed in the past with custom NGINX C code drop ins our-self Tibo had us test and try in a much earlier POC):
#upstream_keepalive_pool_size = 60 # Sets the default size of the upstream
# keepalive connection pools.
# Upstream keepalive connection pools
# are segmented by the `dst ip/dst
# port/SNI` attributes of a connection.
# A value of `0` will disable upstream
# keepalive connections by default, forcing
# each upstream request to open a new
Really glad this made it into the flagship version to meet what I would think is a pretty common upstream pattern. Always made me nervous patching in C files manually myself .