Istio: UDP support

Created on 3 Nov 2017 · 72Comments · Source: istio/istio

@kyessenov commented on Thu Jan 26 2017

Proxy manager should be in charge of routing UDP traffic. There are many pieces needed for this to work:

Envoy UDP routing support
IP tables rules to trap UDP traffic
Code to handle UDP protocol in the Manager services model

@rshriram commented on Thu Jan 26 2017

Do we need to handle UDP now? If we only trap tcp traffic, applications can
continue to use kube proxy as is for UDP right?

Until we have a solid use case for UDP and UDP routing or mixer related
stuff, it seems pointless to bloat envoy codebase with unnecessary
complexity.

On Thu, Jan 26, 2017 at 7:18 PM Kuat notifications@github.com wrote:

Proxy manager should be in charge of routing UDP traffic. There are many
pieces needed for this to work:

Envoy UDP routing support

IP tables rules to trap UDP traffic

Code to handle UDP protocol in the Manager services model

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/istio/manager/issues/62, or mute the thread
https://github.com/notifications/unsubscribe-auth/AH0qd5lqmPJdmxhHlhGXJ4eD239ROHEfks5rWTfSgaJpZM4LvToe
.

>

~shriram

@kyessenov commented on Thu Jan 26 2017

This is not a high priority item. As of now, we're not handling UDP traffic
at all, and don't have a good use case why we should.

On Thu, Jan 26, 2017, 4:41 PM Shriram Rajagopalan notifications@github.com
wrote:

Do we need to handle UDP now? If we only trap tcp traffic, applications can
continue to use kube proxy as is for UDP right?

Until we have a solid use case for UDP and UDP routing or mixer related
stuff, it seems pointless to bloat envoy codebase with unnecessary
complexity.

On Thu, Jan 26, 2017 at 7:18 PM Kuat notifications@github.com wrote:

Proxy manager should be in charge of routing UDP traffic. There are many
pieces needed for this to work:

Envoy UDP routing support

IP tables rules to trap UDP traffic

Code to handle UDP protocol in the Manager services model

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/istio/manager/issues/62, or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AH0qd5lqmPJdmxhHlhGXJ4eD239ROHEfks5rWTfSgaJpZM4LvToe

.

>

~shriram

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/istio/manager/issues/62#issuecomment-275558914, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AJGIxh09sriOe9luRa89y_gbwFyywHcTks5rWT0ggaJpZM4LvToe
.

@rshriram commented on Mon Feb 06 2017

@moderation you had a use case right?

@moderation commented on Tue Feb 07 2017

Yes. We are interested in using Envoy as an external service proxy for a PaaS. Typically this proxy will broker HTTP connections and TCP database connections etc. There are some people accessing Kafka external from the PaaS and the authentication scheme uses Kerberos and therefore requires UDP.

Another potential use case is in the public cloud where creating an encrypted service mesh that can handle things like DNS and NTP.

It looks like Nginx supports UDP load balancing / proxying but like a lot of their functionality it is only available in the commercial Nginx Plus product.

@rshriram commented on Tue Feb 07 2017

@moderation, thanks for the use case. Will take a look at adding this
support to envoy.
On Tue, Feb 7, 2017 at 9:54 AM moderation notifications@github.com wrote:

Yes. We are interested in using Envoy as an external service proxy for a
PaaS. Typically this proxy will broker HTTP connections and TCP database
connections etc. There are some people accessing Kafka external from the
PaaS and the authentication scheme uses Kerberos and therefore requires UDP.

Another potential use case is in the public cloud where creating an
encrypted service mesh that can handle things like DNS and NTP.

It looks like Nginx supports UDP load balancing / proxying but like a lot
of their functionality it is only available in the commercial Nginx Plus
product.

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/istio/manager/issues/62#issuecomment-278022929, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AH0qd54r-5AYbd-2jzmJ_EXQpYaPjfQdks5raIWsgaJpZM4LvToe
.

>

~shriram

@drasko commented on Thu May 25 2017

+1 for UDP, needed for CoAP and LwM2M IoT scenarios.

@shalako commented on Tue Oct 31 2017

+1 for UDP support. Needed for IOT use cases; specifically LWM2M and CoAP protocols.

@kyessenov commented on Fri Aug 04 2017

Thanks for your interest. This is blocked by Envoy issue https://github.com/lyft/envoy/issues/492

arenetworking kinenhancement lifecyclstaleproof

Source

kyessenov

👍27 👀4 🚀2 ❤1

Most helpful comment

Thanks everyone for the feedback. The Envoy community has recently landed basic UDP listener support in Envoy. Next the community will be focussing on the actual proxying work within the Q1 timeframe in 2019.

cmluciano on 6 Dec 2018

🎉8 👍6

All 72 comments

/assign

cmluciano on 7 Nov 2017

+1 for UDP, there is a strong use in telecommunication, all data is transferred with UDP in 3G PS, 4G both FDD and TDD, also in future 5G. I think we should start the support for UDP immediateley.

lixiaobing1 on 17 Jan 2018

👍9

I'll plus one the Telecom usecase here and broaden it to IOT/m2m devices. A huge array of existing IOT and m2m protocols are using UDP. We've been writing our new IOT platform and unfortunately will not be able to utilize a service mesh because of this.

mattouille on 30 Jun 2018

👍1

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 2 weeks unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

stale[bot] on 31 Jul 2018

@cmluciano Are you working on this actively?

shalako on 31 Jul 2018

+1 for UDP support in istio . UDP is the transport layer protocol used for communication between various entities in EPC( Evolved Packet Core ) in telecom.

varnaik on 31 Jul 2018

@shalako Just confirmed some timelines on the Envoy community call today. I halted progress for a while awaiting some Envoy refactorings & Istio 1.0 priorities. I will be continuing progress on this for an alpha implementation targeted for late Q3/early Q4.

cmluciano on 31 Jul 2018

👍5

Another use case for UDP support: https://www.eclipse.org/hono/

shalako on 15 Aug 2018

👍1

+1 for UDP support. Use case is DNS, NTP, Syslog and SNMP Traps.

joseba4242 on 11 Oct 2018

+1 for UDP

dstockton on 15 Oct 2018

+1 for UDP support. Use case is RADIUS.

MightyDjinn on 17 Oct 2018

+1 for UDP

unnicris on 30 Oct 2018

+1 for UDP, TFTP and syslog are required for our use-case.

howels on 1 Nov 2018

lvjing2 on 14 Nov 2018

+1 for UDP

akpsgit on 29 Nov 2018

Aug-G on 3 Dec 2018

arunvg on 3 Dec 2018

+1 for UDP

Lax77 on 4 Dec 2018

AWKIF on 5 Dec 2018

+1 for UDP .... would like to use dynamic routing for establishing VPN connections.

dcberg on 6 Dec 2018

cmluciano on 6 Dec 2018

🎉8 👍6

@cmluciano thanks for taking the time to update this thread 👍

dstockton on 7 Dec 2018

👍1

+1 RTP media & SIP proxing

ekoome on 18 Dec 2018

+1 for UDP routing
a great use case is handling DNS communication, for reasons such as telecommunication apps and security/policy based DNS routing.

skinnycheetah on 8 Jan 2019

+1 for UDP routing
Network device management apps required UDP support, services like Syslog, SNMP traps, and TFTP

asudhakarreddy on 20 Feb 2019

+1 for UDP routing. Hashicorp Consul needs UDP routing for WAN.

hxalid on 20 Feb 2019

👍7

Envoy appears to have UDP support. Is the integration of UDP into Istio being tracked anywhere?

https://github.com/envoyproxy/envoy/pull/5108

howels on 17 Apr 2019

👍6

Would also like to see UDP for sending custom application metrics to StatsD.

stephenmuss on 15 May 2019

We also need UDP forwarding for P2P protocols or blockchain systems. Would appreciate it if it's integrated.

kigawas on 20 May 2019

👍2

+1 udp heavily used in game backend developments

Kiddinglife on 28 Jun 2019

❤6

i am from games to. we consider if could virtualize games, could help a lot.

dzmitry-lahoda on 28 Jun 2019

+1 We would like to get some updates now that UDP is supported in envoy.

asitaru on 6 Jul 2019

/cc @louiscryan @rshriram @costinm @howardjohn Is there a plan for this?

hzxuzhonghu on 16 Jul 2019

@hzxuzhonghu see https://github.com/istio/istio/issues/15057#issuecomment-506561935.

howardjohn on 16 Jul 2019

@howardjohn Envoy now has support for UDP.

asitaru on 16 Jul 2019

My understanding is the second part is equally as important to Envoy's support, which @rlenglet is working on.

This requires using the iptables TPROXY mode. Using TPROXY requires running the Envoy sidecar proxy with CAP_NET_ADMIN, which is not acceptable for many users if running in the same pod. So to make UDP redirection viable, we'll have to run Envoy sidecar proxies outside of the application pod, which is something we plan to do as part of Istio CNI, but we've just started that work.

howardjohn on 16 Jul 2019

+1 for VPN UDP use case
+1 for any updates on availability

jgilgamesh on 30 Jul 2019

👍2

+1 for SIP

lamplet on 19 Aug 2019

👍2

Required for P2P auto discovery In Blockchain systems like Ethereum.

MitchK on 25 Aug 2019

👍2 ❤1

+1 for SIP
+1 for UDP

Joong on 27 Aug 2019

Any update on UDP support? Last update was planned for Q1 2019 and it's now Q3 2019

prestonvanloon on 2 Sep 2019

👍6

+1 for SIP
+1 for RTP

bpulito on 5 Sep 2019

+1 for UDP

blockspacer on 20 Sep 2019

+1 for UDP (RTP media / SIP)

SofianeSadi on 23 Sep 2019

+1 for UDP (Telco applications using SIP)

readverish on 26 Sep 2019

👍1

UDP +1

vanloswang on 30 Sep 2019

What is causing UDP support to lag behind? Is it a lack of contributors? A lack of support? A lack of time? This would be a very advantageous feature as we make ample of use of the UDP protocol. If the maintainers are looking for help, let us know, and we'll try to contribute.

DevAndrewGeorge on 1 Oct 2019

👍8

Following up on this. It's officially Q4 (last update due Q1). Can we get any update on this?

prestonvanloon on 2 Oct 2019

+1 UDP multicast for Infinispan to run out of the box with discovery, currently using weavenet for this.

kucerarichard on 2 Oct 2019

+1 UDP, any update?

lgillstrom on 29 Oct 2019

Please follow this https://github.com/envoyproxy/envoy/issues/492 for UDP support in Envoy

ramaraochavali on 31 Oct 2019

👍4

Apparently there is UDP proxy support now in envoy: https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/udp_filters/udp_proxy

devkid on 14 Dec 2019

👍3

UDP +1, use case is VPN; and we discovered that ingress-nginx is too slow for this. Now that envoy supports UDP, it would be nice to have this functionality.

xabinapal on 19 Dec 2019

👍2

UDP +1

mischka on 15 Jan 2020

UDP +1.
Would like to use it for DNS.

fscz on 18 Feb 2020

DNS, VPN and of course QUIC, please add support for UDP

lsgrep on 16 Mar 2020

UDP +1
Some 3GPP CR is considering about supporting HTTP3/QUIC which is based on UDP in 5G spec,

hobbytp on 19 Mar 2020

Even previously cellular versions rely on UDP. For example, for carrier certification to operate on a network for NB-IoT (release 14,) you must be able to demonstrate you can bootstrap a device with LwM2M, which is based on UDP/CoAP.

beriberikix on 19 Mar 2020

I think we all have our use-cases and figured out the importance of UDP support.
Can we concentrate on removing the stale tag and setting it to a milestone?
Would be awesome - as it apparently landed in envoy. :unicorn:

fentas on 24 Mar 2020

👍3 😄1

UDP +1
For video streaming service

qingkunl on 15 Apr 2020

UDP +1 for DNS observability

So to make UDP redirection viable, we'll have to run Envoy sidecar proxies outside of the application pod, which is something we plan to do as part of Istio CNI, but we've just started that work.

@howardjohn @rlenglet that's interesting, is there any ticket or doc to follow along with that work?