Hello Traefik team,
I'd like to propose adding support for UDP routing based on the content of the initial packets — specifically targeting protocols like SRT (Secure Reliable Transport) which embed routing-relevant metadata (such as streamId
) during handshake.
Currently, Traefik supports UDP routing only by matching port numbers. However, in protocols like SRT, the second control packet in the handshake (CONCLUSION
) contains a streamId
which can be used to route the stream dynamically (e.g., to specific backend services).
Use Case
We operate a single UDP entry point (e.g., :8890
) for receiving live SRT streams. Each stream has a unique streamId
(stream1
, camA
, etc.) that identifies the intended destination. We'd like to route traffic based on this value, similar to HTTP rules like:
Host(`example.com`) && Header(`X-Service`, `cameraA`)
What I propose is a new UDP matcher like:
rule: SRTStreamID(`stream1`)
Implementation Notes
I’ve already built a working prototype by modifying the Traefik UDP proxy code:
- When a client connects, the proxy intercepts the initial SRT handshake.
- It sends a fake
INDUCTION
reply to trigger the client’sCONCLUSION
. - Once the
streamId
is available, the proxy uses it to determine the appropriate backend. - It then connects to the backend and relays the original
INDUCTION
packet. - After that, it simply forwards encrypted UDP packets between client and backend.
This technique is safe because:
- Only handshake packets are parsed (not encrypted).
- The actual stream remains encrypted (using SRT passphrase).
- IP spoofing protection is preserved via the
syn-cookie
.
Proposal
Would it be possible to introduce:
- A UDP matcher system (like
StreamID()
) - Or a protocol-aware plugin interface for UDP stream routing?
I’m happy to contribute code, design, or a PoC plugin. Let me know if this direction aligns with Traefik’s goals — I believe it could benefit many use cases involving real-time media or custom UDP protocols.
Thanks!