Hi, There is a draft[1] at the IETF about connection ID for DTLS . This is a way to identify a "DTLS connection" by an ID instead of the classical Ip address/port tuple. The objective is to reduce the need of DTLS full handshake when client address/port change.
I would like to know if it make sense to make load balancing based on this connection ID. Here is the use case: You have a cluster of servers behind a unique IP address. You do load balancing using IP address. You use UDP/DTLS. Some clients are behind NAT and so theirs IP/port can change. DTLS connection states are store in each server and so are not shared. So if clients use same address/port, there is no issue as traffic will be redirect always on the same server. Server has already a connection for this peer, no need to full-handshake. If address/port change, 2 possibilities: - by chance load balancer, send traffic to the same server and thanks to CID the server can reuse its connection, no-need to full-handshake - bad luck, traffic is redirect on server which does not know this peer, so a new full-handshake is needed. It seems to me that doing load balancing on this connection ID could solve the problem. [2] Does it make sense to you ? Is it a way to extends LVS to support this kind of behavior ? I don't think so as LVS seems to be a 4-layers load balancer, but I'm still interesting to know your opinions as your seems to know better than me in load-balancing. Thx Simon [1]https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00 [2]https://www.ietf.org/mail-archive/web/tls/current/msg24619.html <https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00> _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
