Hello Traefik team,
I'd like to propose adding support for UDP routing based on the content of the initial packets — specifically targeting protocols like SRT (Secure Reliable Transport) which embed routing-relevant metadata (such as streamId) during handshake.
Currently, Traefik supports UDP routing only by matching port numbers. However, in protocols like SRT, the second control packet in the handshake (CONCLUSION) contains a streamId which can be used to route the stream dynamically (e.g., to specific backend services).
Use Case
We operate a single UDP entry point (e.g., :8890) for receiving live SRT streams. Each stream has a unique streamId (stream1, camA, etc.) that identifies the intended destination. We'd like to route traffic based on this value, similar to HTTP rules like:
Host(`example.com`) && Header(`X-Service`, `cameraA`)
What I propose is a new UDP matcher like:
rule: SRTStreamID(`stream1`)
Implementation Notes
I’ve already built a working prototype by modifying the Traefik UDP proxy code:
- When a client connects, the proxy intercepts the initial SRT handshake.
- It sends a fake
INDUCTIONreply to trigger the client’sCONCLUSION. - Once the
streamIdis available, the proxy uses it to determine the appropriate backend. - It then connects to the backend and relays the original
INDUCTIONpacket. - After that, it simply forwards encrypted UDP packets between client and backend.
This technique is safe because:
- Only handshake packets are parsed (not encrypted).
- The actual stream remains encrypted (using SRT passphrase).
- IP spoofing protection is preserved via the
syn-cookie.
Proposal
Would it be possible to introduce:
- A UDP matcher system (like
StreamID()) - Or a protocol-aware plugin interface for UDP stream routing?
I’m happy to contribute code, design, or a PoC plugin. Let me know if this direction aligns with Traefik’s goals — I believe it could benefit many use cases involving real-time media or custom UDP protocols.
Thanks!