UDP proxy

    • This filter should be configured with the name envoy.filters.udp_listener.udp_proxy

    The UDP proxy listener filter allows Envoy to operate as a non-transparent proxy between a UDP client and server. The lack of transparency means that the upstream server will see the source IP and port of the Envoy instance versus the client. All datagrams flow from the client, to Envoy, to the upstream server, back to Envoy, and back to the client.

    Because UDP is not a connection oriented protocol, Envoy must keep track of a client’s session such that the response datagrams from an upstream server can be routed back to the correct client. Each session is index by the 4-tuple consisting of source IP/port and local IP/port that the datagram is received on. Sessions last until the idle timeout is reached.

    The UDP proxy listener filter also can operate as a transparent proxy if the field is set. But please keep in mind that it does not forward the port to upstreams. It forwards only the IP address to upstreams.

    Envoy will fully utilize the configured load balancer for the configured upstream cluster when load balancing UDP datagrams. When a new session is created, Envoy will associate the session with an upstream host selected using the configured load balancer. All future datagrams that belong to the session will be routed to the same upstream host.

    When an upstream host becomes unhealthy (due to active health checking), Envoy will attempt to create a new session to a healthy host when the next datagram is received.

    The number of sessions that can be created per upstream cluster is limited by the cluster’s . By default this is 1024.

    The following example configuration will cause Envoy to listen on UDP port 1234 and proxy to a UDP server listening on port 1235, allowing 9000 byte packets in both directions (i.e., either jumbo frames or fragmented IP packets).

    The UDP proxy filter emits both its own downstream statistics as well as many of the cluster upstream statistics where applicable. The downstream statistics are rooted at udp.<stat_prefix>. with the following statistics:

    The following standard are used by the UDP proxy:

    The UDP proxy filter also emits custom upstream cluster stats prefixed with cluster.<cluster_name>.udp.: