Envoy has long supported HTTP CONNECT, a mechanism that allows tunneling the data stream inside TCP over an HTTP stream. Recently, support was added (#23564) for CONNECT-UDP (RFC 9298), a similar mechanism that allows tunneling UDP (and subsequently QUIC and HTTP/3 connections) inside an HTTP stream.
We propose and plan to contribute similar Envoy support for CONNECT-IP. RFC 9484, Proxying IP in HTTP, colloquially and here referred to as “CONNECT-IP”, is a similar newly IETF-standardized protocol for tunneling IP packets over an HTTP stream. This functionality is generally useful to tunnel multi-transport data such as is needed to implement VPN connections.
ericorth
commented
1 week ago
Title:
Add support in Envoy for CONNECT-IP (RFC 9484)
Description:
Envoy has long supported HTTP CONNECT, a mechanism that allows tunneling the data stream inside TCP over an HTTP stream. Recently, support was added (#23564) for CONNECT-UDP (RFC 9298), a similar mechanism that allows tunneling UDP (and subsequently QUIC and HTTP/3 connections) inside an HTTP stream.
We propose and plan to contribute similar Envoy support for CONNECT-IP. RFC 9484, Proxying IP in HTTP, colloquially and here referred to as “CONNECT-IP”, is a similar newly IETF-standardized protocol for tunneling IP packets over an HTTP stream. This functionality is generally useful to tunnel multi-transport data such as is needed to implement VPN connections.
See this Design Document for our detailed plan.