Hello, I’m giving the NetFoundry service a spin to better understand the SaaS offering, as well as OpenZiti capabilities.
For the advanced service creation in NetFoundry, protocols supported are TCP, UDP and there is an option to “End to End Encryption: Encrypt this service”. This box can be checked for the UDP protocol as well, either as a UDP only service, or in protocol combination as a TCP/UDP service. Does this imply the UDP packets are being tunneled through TCP over the fabric from endpoint to endpoint when this option is selected? Just want to confirm that this setting doesn’t get ignored for UDP leaving UDP unencrypted through the underlay.
Are there any other technical caveats worth mentioning regarding UDP proxying through the OpenZiti overlay? Perhaps some limitation based on TCP tunnel encapsulation when the “Encrypt this service” option is selected?
Also, while searching previous threads for UDP info, I saw mention of a possible upcoming feature of fabric dataplane throughput optimization via UDP transmission with out of band error correction. Assuming dataplane routing through the fabric is still currently TCP, how much of a performance improvement might an approach like this make? Is this feature still in the roadmap?