UDP support

[kyessenov]

Proxy manager should be in charge of routing UDP traffic. There are many pieces needed for this to work:

• Envoy UDP routing support
• IP tables rules to trap UDP traffic
• Code to handle UDP protocol in the Manager services model

[rshriram]

Do we need to handle UDP now? If we only trap tcp traffic, applications can continue to use kube proxy as is for UDP right?

Until we have a solid use case for UDP and UDP routing or mixer related stuff, it seems pointless to bloat envoy codebase with unnecessary complexity.

On Thu, Jan 26, 2017 at 7:18 PM Kuat notifications@github.com wrote:

Proxy manager should be in charge of routing UDP traffic. There are many pieces needed for this to work:

• Envoy UDP routing support
• IP tables rules to trap UDP traffic
• Code to handle UDP protocol in the Manager services model

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/istio/manager/issues/62, or mute the thread https://github.com/notifications/unsubscribe-auth/AH0qd5lqmPJdmxhHlhGXJ4eD239ROHEfks5rWTfSgaJpZM4LvToe .

--

~shriram

[kyessenov]

This is not a high priority item. As of now, we're not handling UDP traffic at all, and don't have a good use case why we should.

On Thu, Jan 26, 2017, 4:41 PM Shriram Rajagopalan notifications@github.com wrote:

Do we need to handle UDP now? If we only trap tcp traffic, applications can continue to use kube proxy as is for UDP right?

Until we have a solid use case for UDP and UDP routing or mixer related stuff, it seems pointless to bloat envoy codebase with unnecessary complexity.

On Thu, Jan 26, 2017 at 7:18 PM Kuat notifications@github.com wrote:

Proxy manager should be in charge of routing UDP traffic. There are many pieces needed for this to work:

• Envoy UDP routing support
• IP tables rules to trap UDP traffic
• Code to handle UDP protocol in the Manager services model

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/istio/manager/issues/62, or mute the thread < https://github.com/notifications/unsubscribe-auth/AH0qd5lqmPJdmxhHlhGXJ4eD239ROHEfks5rWTfSgaJpZM4LvToe

.

--

~shriram

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/istio/manager/issues/62#issuecomment-275558914, or mute the thread https://github.com/notifications/unsubscribe-auth/AJGIxh09sriOe9luRa89y_gbwFyywHcTks5rWT0ggaJpZM4LvToe .

[rshriram]

@moderation you had a use case right?

[moderation]

Yes. We are interested in using Envoy as an external service proxy for a PaaS. Typically this proxy will broker HTTP connections and TCP database connections etc. There are some people accessing Kafka external from the PaaS and the authentication scheme uses Kerberos and therefore requires UDP.

Another potential use case is in the public cloud where creating an encrypted service mesh that can handle things like DNS and NTP.

It looks like Nginx supports UDP load balancing / proxying but like a lot of their functionality it is only available in the commercial Nginx Plus product.

[rshriram]

@moderation, thanks for the use case. Will take a look at adding this support to envoy. On Tue, Feb 7, 2017 at 9:54 AM moderation notifications@github.com wrote:

Yes. We are interested in using Envoy as an external service proxy for a PaaS. Typically this proxy will broker HTTP connections and TCP database connections etc. There are some people accessing Kafka external from the PaaS and the authentication scheme uses Kerberos and therefore requires UDP.

Another potential use case is in the public cloud where creating an encrypted service mesh that can handle things like DNS and NTP.

It looks like Nginx supports UDP load balancing / proxying but like a lot of their functionality it is only available in the commercial Nginx Plus product.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/istio/manager/issues/62#issuecomment-278022929, or mute the thread https://github.com/notifications/unsubscribe-auth/AH0qd54r-5AYbd-2jzmJ_EXQpYaPjfQdks5raIWsgaJpZM4LvToe .

--

~shriram

[drasko]

+1 for UDP, needed for CoAP and LwM2M IoT scenarios.

[shalako]

+1 for UDP support. Needed for IOT use cases; specifically LWM2M and CoAP protocols.

[kyessenov]

Thanks for your interest. This is blocked by Envoy issue https://github.com/lyft/envoy/issues/492

[kyessenov]

Issue moved to istio/istio #1430 via ZenHub