h3 config examples #15987
h3 config examples #15987
Conversation
Signed-off-by: Alyssa Wilk <[email protected]>
|
Hey Dan, one weird thing, if I run bazel-bin/source/exe/envoy-static --config-path configs/envoyproxy_io_proxy_http3_downstream.template.yaml --concurrency 1 Is this due to something wrong with my example config, or like @moderation posited is there something going wrong with QUIC with concurrency > 1 ? |
|
Actually I'm going to file a tracking issue either way - either we have a bug with concurrency or we have a bug with config validation (given it lets me run but doesn't work) |
|
Cross reference - #15845 |
| downstream_socket_config: | ||
| prefer_gro: true | ||
| filter_chains: | ||
| transport_socket: |
There was a problem hiding this comment.
i think a hyphen is missing here? i.e.
- transport_socket:
There was a problem hiding this comment.
the example configs test passed (locally for me - CI failed catastrophically for unrelated reasons) so I assume it works either way?
There was a problem hiding this comment.
It works with or without a hyphen (which is a bit surprising to me) ¯_(ツ)_/¯
|
Ah, I do have to fix config examples to not choke on H3 configs though. |
| - name: listener_0 | ||
| address: | ||
| socket_address: | ||
| protocol: TCP |
There was a problem hiding this comment.
I think the idea here is a standard TCP listener that makes a h3 upstream call to h3 enabled www.google.com
There was a problem hiding this comment.
Oh, my bad, thinking it was downstream.
There was a problem hiding this comment.
oh I hoped the naming would be enough - let me add a comment at the top of the configs too!
It not obvious to me what's going wrong here. The config looks reasonable. I'll try it out locally. |
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Gokul Nair <[email protected]>
|
@alyssawilk Is there an example h3 config for a quic listener that handles multiple certificates? Because quic listener does not support tls inspector filter so I'm not sure idiomatic way of routing multiple domains with one quic listener. For tcp listener, I would use tls inspector filter and filter chain matches on the sni to route requests to different http connection managers. |
You can config multiple filter chains with different cert chains in transport socket. And you can config how filter chains are matched on connection properties. |
@danzh2010 It seems for QUIC that you cannot do filter chain match on server_name because TLS inspector listener filter is not supported for QUIC. So it seems only option is to use one HttpConnectionManager for all QUIC connections and put all cert chains in one transport socket for QUIC |
|
@danzh2010 Ah so I tested with QUIC filter chain using server name and it seems that we don't need TLS inspector for server_name filter name match to work? |
server_name is provided by QUICHE stack, no need for TLS inspector. |
Risk Level: n/a
Testing: examples config test, manual testing
Docs Changes: n/a
Release Notes: n/a
Part of #12923
Co-authored-by: Michael Payne [email protected]