Some questions about " a novel server-id based routing for completely stateless routing" #147
Comments
|
Q1: server_id in the map points to only the L7 host ip (gets updated here) Q2: Katran itself doesn't encrypt or modify the server_id. But applications can apply different schemes to encrypt / rotate the server_ids before inserting the mapping into Katran. Q3: Linkability concern is mentioned in the QUIC's RFC (https://datatracker.ietf.org/doc/html/rfc9000#section-9.5) along with suggestion to use different connection-ids on both endpoints following the migration. Regarding the potential concern with server-id : depending on the use case, a potential workaround could be adding many-to-1 entries for server_id => L7 hosts and rotate the server_ids frequently. If you want more cryptographically secure implementation, this draft has more details : https://tools.ietf.org/id/draft-duke-quic-load-balancers-03.html (which Katran does not yet implement). |
|
Thanks a lot. Another question, when I use lsquic to visit facebook.com with quic-v1, no NEW_CONNECTION_ID_FRAME captured, the reason is ? |
|
Yes, L7s vip's port is the dst port (for the clients). |
|
Got that, thx a lot. |
Dear Sir,
Fortunately, I have read the slides proposed by Udip Pant and Martin Lau and the stateless routing is a clever design. About this idea, I have some questions, will you give me some guides?
Q1. The "server id" maps to the "layer 7 lb ip and port" or only "layer 7 lb ip" ?
Q2. Is the "server id " encrypted or in plaintext ?
Q3. Will the "server id" be used by the observer to link the connection when quic doing migration, as described in "rfc9000, #9.5" ?
I will look forward for the reply, thanks a lot.
Best regards!
lingtao.
The text was updated successfully, but these errors were encountered: