search

linkerd / linkerd2

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
https://linkerd.io
Apache License 2.0
10.62k stars 1.27k forks source link

Support for UDP, QUIC, HTTP/3 #4023

Closed kellybirr closed 4 years ago

kellybirr commented 4 years ago

Feature Request

HTTP/3 is in late draft (https://tools.ietf.org/html/draft-ietf-quic-http-23) and uses the QUIC protocol which runs over UDP instead of TCP. This is going to become very popular, rather quickly. Linkerd2 should look into options for supporting it.

What problem are you trying to solve?

Keep everything i love with Linkerd2, and be able to use HTTP/3 in the future.

How should the problem be solved?

The best idea I can come up with is to take advantage of the internal CA framework of Linkerd2 and design an easy way for it to offer certs to the HTTP/3 servers that it can man-in-the-middle to support traffic management. It may not actually need to do the mTLS as it does now, as HTTP/3 wants to be encrypted, by default.

What do you want to happen? Add any considered drawbacks.

Open question. I mostly filed the issue to bring this up for future discussion.

grampelberg commented 4 years ago

It sounds like we'll need to figure out how to MITM things before going down the QUIC code route. TIL that QUIC is encrypted by default! #3190 to track the work on figuring out what to do there.

Do you have any feeling for when ingress controllers like nginx will be adopting this? There was a serious lag time with http/2 (still doesn't work everywhere) because of the painfully slow adoption of the cloud load balancers and reverse proxies.

kellybirr commented 4 years ago

That's a very good question on the ingress. I don't have a feel for it. Given that Google has been the champion of QUIC and HTTP/3, I suspect the initial adoption will be in gRPC, used for internal API communication.

seanmonstar commented 4 years ago

Unless things have changed very recently, the main benefit seen with QUIC is with lossy networks, such as mobile devices. In lossless networks, there is actually a loss in performance, since the UDP stacks aren't as hardened as TCP. So, while very amazing technology, I suspect it won't be that useful inside data centers.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.