|
Hi,
There is a draft[1] at the IETF about connection ID for DTLS . This
is a way to identify a "DTLS connection" by an ID instead of the
classical Ip address/port tuple. The objective is to reduce the need of
DTLS full handshake when client address/port change.
I would like to know if it make sense to make load balancing based
on this connection ID.
Here is the use case:
You have a cluster of servers behind a unique IP address.
You do load balancing using IP address.
You use UDP/DTLS.
Some clients are behind NAT and so theirs IP/port can change.
DTLS connection states are store in each server and so are not shared.
So if clients use same address/port, there is no issue as traffic
will be redirect always on the same server. Server has already a
connection for this peer, no need to full-handshake.
If address/port change, 2 possibilities:
- by chance load balancer, send traffic to the same server and
thanks to CID the server can reuse its connection, no-need to full-handshake
- bad luck, traffic is redirect on server which does not know this
peer, so a new full-handshake is needed.
It seems to me that doing load balancing on this connection ID could
solve the problem. [2]
Does it make sense to you ? Is it a way to extends LVS to support
this kind of behavior ? I don't think so as LVS seems to be a 4-layers
load balancer, but I'm still interesting to know your opinions as your
seems to know better than me in load-balancing.
Thx
Simon
[1]https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00
[2]https://www.ietf.org/mail-archive/web/tls/current/msg24619.html
<https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
