TCP Proxying and Protocol Detection

Linkerd is capable of proxying all TCP traffic, including TLS’d connections,WebSockets, and HTTP tunneling.

Linkerd performs protocol detection to determine whether traffic is HTTP orHTTP/2 (including gRPC). If Linkerd detects that a connection is using HTTP orHTTP/2, Linkerd will automatically provide HTTP-level metrics and routingwithout configuration from the user. (SeeHTTP, HTTP/2, and gRPC Proxying for more.)

If Linkerd cannot determine that a connection is using HTTP or HTTP/2, Linkerdwill proxy the connection, but will only be able to provide byte-level metrics.Note that this also applies to TLS’d HTTP connections if the applicationinitiates the TLS, as Linkerd will not be able to observe the HTTP transactionsin this connection.

Configuring Protocol Detection

In some cases Linkerd’s protocol detection requires configuration. Currently,this is required for unencrypted “server-speaks-first” protocols, or protocolswhere the server sends data before the client sends data. In these cases,Linkerd cannot automatically recognize the protocol used on the connection.(Note that TLS-enabled connections work as normal, because TLS itself is aclient-speaks-first protocol.)

The following protocols are known to be server-speaks-first:

  • 25 - SMTP
  • 3306 - MySQL
  • 8086 - InfluxDB
  • 4222 - NATS
  • 27017 - MongoDBIf you’re working with a protocol that can’t be automatically recognized byLinkerd, use the —skip-inbound-ports and —skip-outbound-ports flags whenrunning linkerd inject.

For example, if your application makes requests to a MySQL database running onport 4406, use the command:

  1. linkerd inject deployment.yml --skip-outbound-ports=4406 \
  2.   | kubectl apply -f -

Likewise if your application runs an SMTP server that accepts incoming requestson port 35, use the command:

  1. linkerd inject deployment.yml --skip-inbound-ports=35 \
  2.   | kubectl apply -f -

Plaintext MySQL and SMTP

For MySQL and SMTP, if you are using Linkerd to proxy plaintext connections ontheir default ports (3306 and 25, respectively), then Linkerd will currentlyidentify these protocols based on the port, and will not attempt to performprotocol detection. Thus, no extra configuration is necessary for plaintextMySQL and SMTP connections.