From aa8daed33570b6b9b647121b28b41180c5c4d3e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 23 May 2022 11:38:58 +0200 Subject: [PATCH] DOC: quic: Update documentation for QUIC Retry Add some information for "quic-force-retry" and "tune.quic.retry-force" settings. --- doc/configuration.txt | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index 6343f9f13e..ac5f866bd9 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1119,6 +1119,7 @@ The following keywords are supported in the "global" section : - tune.pool-high-fd-ratio - tune.pool-low-fd-ratio - tune.quic.conn-buf-limit + - tune.quic.retry-threshold - tune.rcvbuf.client - tune.rcvbuf.server - tune.recv_enough @@ -2938,6 +2939,23 @@ tune.quic.conn-buf-limit and memory consumption and can be adjusted according to an estimated round time-trip. +tune.quic.retry-threshold + Warning: QUIC support in HAProxy is currently experimental. Configuration may + change without deprecation in the future. + + Dynamically enables the Retry feature for all the configured QUIC listeners + as soon as this number of opening connections is reached. By opening connection + we mean a connection the handshake of which has not already successfully + completed or failed. To be functional this setting needs a cluster secret to + be set, if not it will be silently ignored (see "cluster-secret" setting). + This setting will be also silenty ignored if the use of QUIC Retry was forced + (see "quic-force-retry"). + + The default value is 100. + + See https://www.rfc-editor.org/rfc/rfc9000.html#section-8.1.2 for more + information about QUIC retry. + tune.rcvbuf.client tune.rcvbuf.server Forces the kernel socket receive buffer size on the client or the server side @@ -14343,6 +14361,24 @@ proto instance, it is possible to force the http/2 on clear TCP by specifying "proto h2" on the bind line. +quic-force-retry + Warning: QUIC support in HAProxy is currently experimental. Configuration may + change without deprecation in the future. + + This is a QUIC specific setting which forces the use of the QUIC Retry feature + for all the connection attempts to the configured QUIC listeners. It consists + in veryfying the peers are able to receive packets at the transport address + they used to initiate a new connection, sending them a Retry packet which + contains a token. This token must be sent back to the Retry packet sender, + this latter being the only one to be able to validate the token. Note that QUIC + Retry will always be used even if a Retry threshold was set (see + "tune.quic.retry-threshold" setting). To be functional this setting needs a + cluster secret to be set, if not it will be silently ignored (see "cluster-secret" + setting). + + See https://www.rfc-editor.org/rfc/rfc9000.html#section-8.1.2 for more + information about QUIC retry. + shards | by-thread In multi-threaded mode, on operating systems supporting multiple listeners on the same IP:port, this will automatically create this number of multiple