How eBPF Socket Steering Keeps HTTP/3 Sessions Alive Across IP Changes
QUIC's connection migration feature allows sessions to survive IP address changes by using a Connection ID instead of a fixed 4-tuple, but standard Linux SO_REUSEPORT load balancing breaks this by re-hashing on the new IP and routing packets to the wrong worker. When a client's IP changes mid-session, the receiving worker holds no TLS keys for that client and must drop the packet, effectively nullifying QUIC's core advantage. eBPF-based socket steering solves this by intercepting packets at the kernel layer and routing them based on the QUIC Connection ID rather than the 4-tuple, before they reach any userspace process. Production deployments, including approaches used by Cloudflare, must also handle proxy restarts carefully, since old and new socket generations can coexist in the same reuseport group and naive CID routing can misdirect in-flight connections. Tools like udpgrm address this by tracking socket generations to ensure packets belonging to existing sessions reach the correct worker instance.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in