gateway-api
gateway-api copied to clipboard
GEP: TLS ALPN Routing
What would you like to be added: A way to configure routing decisions based on the application protocols present in the TLS client hello of a TLS connection.
The TLSRoute
is a good candidate for supporting this as it is a similar feature to SNI routing which is already handled by TLSRoute
. Both SNI and ALPN are present in the TLS client hello and allow for TLS passthrough.
The initial discussion on this subject is here.
Why this is needed:
This would allow service owners to route to different backends behind a single domain based on the protocol the client supports.
For example if you have http/2 and mqtt clients connecting to example.com:443
you could use the application protocols in the TLS client hello to route these clients to different backends that are able to handle the respective protocol.