QUIC DataSource server preferred address config (proto)

This extension has the qualified name envoy.quic.server_preferred_address.datasource

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:

extensions.quic.server_preferred_address.v3.DataSourceServerPreferredAddressConfig

[extensions.quic.server_preferred_address.v3.DataSourceServerPreferredAddressConfig proto]

Configuration for DataSourceServerPreferredAddressConfig.

Warning

This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.

{
  "ipv4_config": {...},
  "ipv6_config": {...}
}
ipv4_config

(extensions.quic.server_preferred_address.v3.DataSourceServerPreferredAddressConfig.AddressFamilyConfig) The IPv4 address to advertise to clients for Server Preferred Address.

ipv6_config

(extensions.quic.server_preferred_address.v3.DataSourceServerPreferredAddressConfig.AddressFamilyConfig) The IPv6 address to advertise to clients for Server Preferred Address.

extensions.quic.server_preferred_address.v3.DataSourceServerPreferredAddressConfig.AddressFamilyConfig

[extensions.quic.server_preferred_address.v3.DataSourceServerPreferredAddressConfig.AddressFamilyConfig proto]

Addresses for server preferred address for a single address family (IPv4 or IPv6).

{
  "address": {...},
  "port": {...},
  "dnat_address": {...}
}
address

(config.core.v3.DataSource, REQUIRED) The server preferred address sent to clients. The data must contain an IP address string.

port

(config.core.v3.DataSource) The server preferred address port sent to clients. The data must contain a integer port value.

If this is not specified, the listener’s port is used.

Note: Envoy currently must receive all packets for a QUIC connection on the same port, so unless dnat_address is configured, this must be left unset.

dnat_address

(config.core.v3.DataSource) If there is a DNAT between the client and Envoy, the address that Envoy will observe server preferred address packets being sent to. If this is not specified, it is assumed there is no DNAT and the server preferred address packets will be sent to the address advertised to clients for server preferred address.