Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

quic: server preferred address #12651

Closed
ggreenway opened this issue Aug 14, 2020 · 4 comments
Closed

quic: server preferred address #12651

ggreenway opened this issue Aug 14, 2020 · 4 comments
Assignees
@ggreenway
Labels
area/quic help wanted Needs help!

Comments

@ggreenway
Copy link
Contributor

The QUIC spec supports the server specifying a different address for the client to communicate with it (https://github.com/quicwg/base-drafts/blob/master/draft-ietf-quic-transport.md#servers-preferred-address-preferred-address):

QUIC allows servers to accept connections on one IP address and attempt to transfer these connections to a more preferred address shortly after the handshake. This is particularly useful when clients initially connect to an address shared by multiple servers but would prefer to use a unicast address to ensure connection stability. This section describes the protocol for migrating a connection to a preferred server address.

This can be used when Envoy is behind an L4 load balancer, so ensure that connections continue to flow to the same node even if the client migrates to a different address. The initial handshake packets would flow through the L4 load balancer, but after that, the client would communicate directly to Envoy on it's preferred address, which would be an address dedicated to that instance (not a shared load balancer address).

Steps needed to implement this in Envoy:

  • QUIC listeners would need to have a socket bound to each preferred address, in addition to the address specified in the listener. Packets sent to any of the addresses need to go through the same filter chain.
  • Egress packets need to go through the original address to start, and can only start flowing through the preferred address after a non-probing packet is received on the new address. From the spec:

"The server MUST send non-probing packets from its original address until it receives a non-probing packet from the client at its preferred address and until the server has validated the new path."
@ggreenway
Copy link
Contributor Author

I think this requires #11184.

@moderation
Copy link
Contributor

Updated link to the relevant sections in the IETF standard is https://datatracker.ietf.org/doc/html/rfc9000#section-9.6

@ggreenway ggreenway self-assigned this Mar 7, 2022
@ggreenway
Copy link
Contributor Author

This is on my TODO list, but has been too low on the priority list for me to make a lot of progress. If anyone else is looking at this, ping me so we can sync up.

@danzh2010 danzh2010 mentioned this issue Feb 4, 2023
Merged
@ggreenway
Copy link
Contributor Author

This is implemented already, with the restriction that the listener must be able to accept packets on both the initial and SPA address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ggreenway ggreenway

Labels
area/quic help wanted Needs help!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moderation @ggreenway