1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DOC: quic: Documentation update for QUIC

Browse Source 
Add minimalistic information about QUIC new protocol supported by QUIC.
This commit is contained in:
Frédéric Lécaille 2022-05-25 15:42:15 +02:00 committed by Amaury Denoyelle
parent eb79145f01
commit f717a4bc7c
2 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
doc/configuration.txt
View File

@ -188,12 +188,18 @@ correctly support pipelining since there is no way to associate a response with
the corresponding request in HTTP. For this reason, it is mandatory for the the corresponding request in HTTP. For this reason, it is mandatory for the
server to reply in the exact same order as the requests were received. server to reply in the exact same order as the requests were received.
The next improvement is the multiplexed mode, as implemented in HTTP/2. This The next improvement is the multiplexed mode, as implemented in HTTP/2 and HTTP/3.
time, each transaction is assigned a single stream identifier, and all streams This time, each transaction is assigned a single stream identifier, and all
are multiplexed over an existing connection. Many requests can be sent in streams are multiplexed over an existing connection. Many requests can be sent in
parallel by the client, and responses can arrive in any order since they also parallel by the client, and responses can arrive in any order since they also
carry the stream identifier. carry the stream identifier.
HTTP/3 is implemented over QUIC, itself implemented over UDP. QUIC solves the
head of line blocking at transport level by means of independantly treated
streams. Indeed, when experiencing loss, an impacted stream does not affect the
other streams.
By default HAProxy operates in keep-alive mode with regards to persistent By default HAProxy operates in keep-alive mode with regards to persistent
connections: for each connection it processes each request and response, and connections: for each connection it processes each request and response, and
leaves the connection idle on both sides between the end of a response and the leaves the connection idle on both sides between the end of a response and the
@ -2971,8 +2977,8 @@ tune.quic.retry-threshold <number>
change without deprecation in the future. change without deprecation in the future.
Dynamically enables the Retry feature for all the configured QUIC listeners Dynamically enables the Retry feature for all the configured QUIC listeners
as soon as this number of opening connections is reached. By opening connection as soon as this number of half open connections is reached. A half open
we mean a connection the handshake of which has not already successfully connection is a connection whose handshake has not already successfully
completed or failed. To be functional this setting needs a cluster secret to completed or failed. To be functional this setting needs a cluster secret to
be set, if not it will be silently ignored (see "cluster-secret" setting). be set, if not it will be silently ignored (see "cluster-secret" setting).
This setting will be also silenty ignored if the use of QUIC Retry was forced This setting will be also silenty ignored if the use of QUIC Retry was forced
@ -4402,7 +4408,11 @@ bind /<path> [, ...] [param*]
address, or '*'. It designates the address the frontend will address, or '*'. It designates the address the frontend will
listen on. If unset, all IPv4 addresses of the system will be listen on. If unset, all IPv4 addresses of the system will be
listened on. The same will apply for '*' or the system's listened on. The same will apply for '*' or the system's
special address "0.0.0.0". The IPv6 equivalent is '::'. special address "0.0.0.0". The IPv6 equivalent is '::'. Note
that if you bind a frontend to multiple UDP addresses you have
no guarantee about the address which will be used to respond.
This is why "0.0.0.0" addresses and lists of comma-separated
IP addresses have been forbidden to bind QUIC addresses.
Optionally, an address family prefix may be used before the Optionally, an address family prefix may be used before the
address to force the family regardless of the address format, address to force the family regardless of the address format,
which can be useful to specify a path to a unix socket with which can be useful to specify a path to a unix socket with
@ -4427,6 +4437,11 @@ bind /<path> [, ...] [param*]
connected unix socket or of a socketpair. The bind waits connected unix socket or of a socketpair. The bind waits
to receive a FD over the unix socket and uses it as if it to receive a FD over the unix socket and uses it as if it
was the FD of an accept(). Should be used carefully. was the FD of an accept(). Should be used carefully.
- 'quicv4@' -> address is resolved as IPv4 and protocol
UDP is used.
- 'quicv6@' -> address is resolved as IPv6 and protocol
UDP is used.
You may want to reference some environment variables in the You may want to reference some environment variables in the
address parameter, see section 2.3 about environment address parameter, see section 2.3 about environment
variables. variables.
@ -4489,6 +4504,9 @@ bind /<path> [, ...] [param*]
listen external_bind_app1 listen external_bind_app1
bind "fd@${FD_APP1}" bind "fd@${FD_APP1}"
listen h3_quic_proxy
bind quic@10.0.0.1:8888 ssl crt /etc/mycrt alpn h3
Note: regarding Linux's abstract namespace sockets, HAProxy uses the whole Note: regarding Linux's abstract namespace sockets, HAProxy uses the whole
sun_path length is used for the address length. Some other programs sun_path length is used for the address length. Some other programs
such as socat use the string length only by default. Pass the option such as socat use the string length only by default. Pass the option
@ -13893,6 +13911,9 @@ alpn <protocols>
bind :443 ssl crt pub.pem alpn h2,http/1.1 bind :443 ssl crt pub.pem alpn h2,http/1.1
QUIC supports only h3 and hq-interop as ALPN. h3 is for HTTP/3 and hq-interop
is used for http/0.9 and QUIC interop runner (see https://interop.seemann.io).
backlog <backlog> backlog <backlog>
Sets the socket's backlog to this value. If unspecified or 0, the frontend's Sets the socket's backlog to this value. If unspecified or 0, the frontend's
backlog is used instead, which generally defaults to the maxconn value. backlog is used instead, which generally defaults to the maxconn value.

4
doc/management.txt
View File

@ -418,7 +418,7 @@ list of options is :
is a list of pids to signal (one per argument). The list ends on any is a list of pids to signal (one per argument). The list ends on any
option starting with a "-". It is not a problem if the list of pids is option starting with a "-". It is not a problem if the list of pids is
empty, so that it can be built on the fly based on the result of a command empty, so that it can be built on the fly based on the result of a command
like "pidof" or "pgrep". like "pidof" or "pgrep". QUIC connections will be aborted.
-st <pid>* : send the "terminate" signal (SIGTERM) to older processes after -st <pid>* : send the "terminate" signal (SIGTERM) to older processes after
boot completion to terminate them immediately without finishing what they boot completion to terminate them immediately without finishing what they
@ -654,6 +654,8 @@ don't have enough load to trigger the race conditions. And for most high traffic
users, the failure rate is still fairly within the noise margin provided that at users, the failure rate is still fairly within the noise margin provided that at
least SO_REUSEPORT is properly supported on their systems. least SO_REUSEPORT is properly supported on their systems.
QUIC limitations: soft-stop is not supported. In case of reload, QUIC connections
will not be preserved.
5. File-descriptor limitations 5. File-descriptor limitations
------------------------------ ------------------------------