Hi,
now that HAProxy 2.9 from haproxy.debian.net is usabel with QUIC if you
(with limited-quic), I finylly gave it a try. I set extended my http
frontend accordingly like this:
frontend ft_443
bind :::443 ssl crt /ssl/combined.pem
bind quic6@:443 ssl crt /ssl/combined.pem alpn h3
option tcp-smart-accept
http-after-response add-header alt-svc 'h3=":443"; ma=600; persistent=1'
This is on current Debian bookwork with HAProxy 2.9.7 from
haproxy.debian.net and openssl 3.0.11 from Debian.
http3 was working successfully in first tests.
Later on I wanted to test if QUIC connection migration (switching
network conenctions without breaking the established QUIC conncection)
is working properly. This didn't work for me so I stated up tcpdump on
the server. What I saw was explaining why connection migration could not
work. The HAProxy box was receiving initial QUIC packages on port 443
but it was not replying them in any way. From tcpdump's output I could
see that some other hosts had obviously been successfully connected via
QUIC though. The ignored QUIC requests also don't pop up in haproxy's log.
Has anybody seen similar problems? I'm also not sure if this is a
problem related to HAProxy or openssl here? I suspect HAProxy?
Another thing that I wanted to give a try is see if haproxy could be
used as a helper to implement SMB over QUIC. The straght forward idea
would be to set up a tcp frontend with a QUIC listener and a backend
routing the tcp traffic to a Samba server:
frontend ft_quic_test
mode tcp
bind quic6@:443 ssl crt /ssl/combined.pem
use_backend local_smb
this results in this config check error thoug:
[ALERT] (3611777) : config : frontend 'ft_quic_test' : MUX protocol
'quic' is not usable for 'bind quic6@:443' at [/etc/haproxy/haproxy.cfg:73].
So a setup like this is not supported by HAProxy's QUIC implementation
currently, right? Is QUIC in HAProxy HTTP3 only for now?
Cheers
Björn
