ztunnel
ztunnel copied to clipboard
istio
Switch tunneling protocol from HTTP/2 to HTTP/3 (QUIC)
Note that OpenSSL won't be able to support this change for a while (see: #149).
HTTP/3 and QUIC may have benefits for TCP proxying, and are required before we can implement https://github.com/istio/ztunnel/issues/148.
The first step is choosing a lib. For now, looking at https://github.com/hyperium/h3. Seems that support in https://github.com/hyperium/hyper is further off.
See this doc for more info.
They are not strictly required for it, since you can proxy UDP over HTTP/2 without dropping any packets.
If we want (probably slow) UDP support first we can tackle it that way. Nate and I thought it might make more sense to attack the http/3 part first for TCP and focus on actually supporting UDP last.
RE: OpenSSL
Nate has done some of the groundwork to support BoringSSL in https://github.com/quinn-rs/quinn
I think it may be useful to start with whatever library is closer - even if it uses OpenSSL or has some limitations - so we have basic H3 support and can start testing and unblock UDP work. With QUIC there is a lot of tunning and config required to get decent performance - and most of the work is not that dependent on the implementation.
As long as we can keep the code clean and separated - later we may as well link a second library, compare the performance, and switch ( or even keep both if they cover different use cases). Envoy supports 4-5 WASM implementations, Istio supports several CA providers - sometimes its not bad to have choices instead of getting stuck with one.
