You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 49 Next »

Table of contents

Goal

Implement IETF QUIC into ATS Core.

Design Doc

The UDP core and QUIC (It explain how the UDP core works and how the UDPPacket enters the QUIC stack.)

Data Flow (draft-05 : Second Implementation)


QUIC Connection/Stream - ATS Client Session/Transaction mapping

ToDo

https://github.com/apache/trafficserver/projects/8

Please label issues and pull-requests with "QUIC".

Branching Rules

Branches

  • quic-latest : latest branch
  • master: draft-23 (currently)

Development Rules

Pull-Requests

Please send Pull-Requests to "quic-latest" branch until it merged into master branch

TDD

Use Catch as Unit Test Framework. The header file is under tests/include.

How to build

Build an SSL library

ATS now supports 4 variation of SSL libraries. Pick one from below and build it. 

BoringSSL

BoringSSL works without patches.

https://boringssl.googlesource.com/boringssl

This commit below works, and recent commits would probably work too.

cbae965ca03825d517efe98cf7b8812584cab4a0

OpenSSL (akamai/master-quic-support)

This is the branch used for https://github.com/openssl/openssl/pull/8797 .

https://github.com/akamai/openssl/tree/master-quic-support

$ git clone --depth 1 --branch master-quic-support https://github.com/akamai/openssl
$ cd openssl
$ ./config --prefix=/PATH/TO/THE/OPENSSL
$ make
$ make install

OpenSSL (tatsuhiro-t/OpenSSL_1_1_1d-quic-draft-25) [RECOMMENDED]

This is ngtcp2 developer's customized version.

https://github.com/tatsuhiro-t/openssl/tree/OpenSSL_1_1_1d-quic-draft-25

OpenSSL (tatsuhiro-t/quic-draft-22) [OBSOLETE]

This is ngtcp2 developer's customized version too but with different APIs.

https://github.com/tatsuhiro-t/openssl/tree/openssl-quic-draft-22

Build ATS (quic-latest branch)

The requirements are the same as master branch : Installing From Source Code

$ git clone --depth 1 --branch quic-latest https://github.com/apache/trafficserver
$ cd trafficserver
$ ./configure --prefix=/PATH/TO/ATS --with-openssl=/PATH/TO/SSL_LIBRARY --enable-debug
$ make
$ make install

Configuration

Configuration files are located in the /PATH/TO/THE/ATS/etc/trafficserver/.

  • records.config
# run 1 UDP thread at least
CONFIG proxy.config.udp.threads INT 1
 
# open server port for quic
CONFIG proxy.config.http.server_ports STRING 4433:quic
  
# enable debug log if you want
CONFIG proxy.config.diags.debug.enabled INT 1
CONFIG proxy.config.diags.debug.tags STRING quic
> CONFIG proxy.config.udp.threads INT 1
23c24
< CONFIG proxy.config.http.server_ports STRING 8080 8080:ipv6
---
> CONFIG proxy.config.http.server_ports STRING 4433:quic
175,176c176,177
< CONFIG proxy.config.diags.debug.enabled INT 0
< CONFIG proxy.config.diags.debug.tags STRING http|dns
---
> CONFIG proxy.config.diags.debug.enabled INT 1
> CONFIG proxy.config.diags.debug.tags STRING quic


  • ssl_multicert.config
    •  Please use absolute path to the cert and private key until Issue #2358 is fixed.
dest_ip=* ssl_cert_name=/PATH/TO/THE/CERT ssl_key_name=/PATH/TO/THE/PRIVATE/KEY/OF/CERT
  • remap.config
    • Remap request to origin server.
map / http://127.0.0.1:8000/

Run ATS

/PATH/TO/THE/ATS/bin/traffic_server

Patches

quic.ogre.com has additional patch to make debug logs readable.

QUIC specific configurations

Following docs will be moved to docs.trafficserver.apache.org.

Please note that current name of configurations and default values might be changed before merged in to master branch.

records.config

CONFIG proxy.config.quic.no_activity_timeout_in INT 30

   Specifies how long Traffic Server keeps QUIC connections to clients open if a transaction stalls.

traffic_quic

The quic-latest branch has client implementation called "traffic_quic" for test.

// draft-17

$ traffic_quic -h
Usage: traffic_quic [--SWITCH [ARG]]
  switch__________________type__default___description
  -a, --addr              str   127.0.0.1 Address
  -o, --output            str             Write to FILE instead of stdout
  -p, --port              str   4433      Port
  -P, --path              str   /         Path
  -T, --debug             str   quic|vv.. Vertical-bar-separated Debug Tags
  -c, --close             on    false     Enable connection close excercise
  -h, --help                              Print usage information
  -V, --version                           Print version string
      --run-root                          using TS_RUNROOT as sandbox

client specific configurations

traffic_quic loads records.config which is used by traffic_server.

records.config

# Enable Version Negotiation Exercise
CONFIG proxy.config.quic.client.vn_exercise_enabled INT 1

# Enable Connection Migration Exercise
CONFIG proxy.config.quic.client.cm_exercise_enabled INT 1

# Enable TLS session resumption
CONFIG proxy.config.quic.client.session_file STRING session.bin 

These configurations can be overridden by a corresponding environment variable like other configurations in records.config.

e.g. Access quic.ogre.com with version negotiation exercise

$ PROXY_CONFIG_QUIC_CLIENT_VN_EXERCISE_ENABLED=1 traffic_quic -a quic.ogre.com -p 4433 -P /en/latest/



  • No labels