gateway-api icon indicating copy to clipboard operation
gateway-api copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

GEP: TLS ALPN Routing

Open dboslee opened this issue 1 year ago • 5 comments

What would you like to be added: A way to configure routing decisions based on the application protocols present in the TLS client hello of a TLS connection.

The TLSRoute is a good candidate for supporting this as it is a similar feature to SNI routing which is already handled by TLSRoute. Both SNI and ALPN are present in the TLS client hello and allow for TLS passthrough.

The initial discussion on this subject is here.

Why this is needed:

This would allow service owners to route to different backends behind a single domain based on the protocol the client supports.

For example if you have http/2 and mqtt clients connecting to example.com:443 you could use the application protocols in the TLS client hello to route these clients to different backends that are able to handle the respective protocol.

dboslee avatar Apr 21 '23 20:04 dboslee