I'm trying to implement a QUIC-LB routing policy that deals with Initial Packets, which aimed to offer affinity between clients and servers by encoding a client identifier into somewhere either in Source CID or in Destination CID of the Initial Packet.
However encoding it into SourceCID comes with the security concern of link-ability, since the CidGenerator has no idea about whether a connection is established yet, such kind of CIDs will be generated and used within the whole lifetime of a connection.
On the other hand, it's better to encode it into Destination CID of a Initial Packet, as long as it satisfy the requirements in Section 7.2 of the RFC9000. Since it won't be used anymore once the CID negotiation is done, and then the server will provide a Routable CID (defined in https://datatracker.ietf.org/doc/draft-ietf-quic-load-balancers/) so that the load balancer could later route packets based on it.
I'm trying to implement a QUIC-LB routing policy that deals with Initial Packets, which aimed to offer affinity between clients and servers by encoding a client identifier into somewhere either in Source CID or in Destination CID of the Initial Packet.
However encoding it into SourceCID comes with the security concern of link-ability, since the
CidGenerator
has no idea about whether a connection is established yet, such kind of CIDs will be generated and used within the whole lifetime of a connection.On the other hand, it's better to encode it into Destination CID of a Initial Packet, as long as it satisfy the requirements in Section 7.2 of the RFC9000. Since it won't be used anymore once the CID negotiation is done, and then the server will provide a Routable CID (defined in https://datatracker.ietf.org/doc/draft-ietf-quic-load-balancers/) so that the load balancer could later route packets based on it.