-
Notifications
You must be signed in to change notification settings - Fork 503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some questions about " a novel server-id based routing for completely stateless routing" #147
Comments
Q1: server_id in the map points to only the L7 host ip (gets updated here) Q2: Katran itself doesn't encrypt or modify the server_id. But applications can apply different schemes to encrypt / rotate the server_ids before inserting the mapping into Katran. Q3: Linkability concern is mentioned in the QUIC's RFC (https://datatracker.ietf.org/doc/html/rfc9000#section-9.5) along with suggestion to use different connection-ids on both endpoints following the migration. Regarding the potential concern with server-id : depending on the use case, a potential workaround could be adding many-to-1 entries for server_id => L7 hosts and rotate the server_ids frequently. If you want more cryptographically secure implementation, this draft has more details : https://tools.ietf.org/id/draft-duke-quic-load-balancers-03.html (which Katran does not yet implement). |
Yes, L7s vip's port is the dst port (for the clients). |
Got that, thx a lot. |
Dear Sir,
Fortunately, I have read the slides proposed by Udip Pant and Martin Lau and the stateless routing is a clever design. About this idea, I have some questions, will you give me some guides?
Q1. The "server id" maps to the "layer 7 lb ip and port" or only "layer 7 lb ip" ?
Q2. Is the "server id " encrypted or in plaintext ?
Q3. Will the "server id" be used by the observer to link the connection when quic doing migration, as described in "rfc9000, #9.5" ?
I will look forward for the reply, thanks a lot.
Best regards!
lingtao.
The text was updated successfully, but these errors were encountered: