I need to use kTLS feature with drbd-proxy but I can’t find any documentation about it.
On linbit site, it’s clearly indicated that drbd-proxy can use kTLS…but configuration is not documented.
Another point, drbd-proxy v4 is not available on linbit site for RHEL8, folder is present ( …/yum/rhel8.10/drbd-proxy-4/x86_64/ ) but there’s no RPM… perhaps v4 is not compatible with RHEL 8 (due to I/O-uring available in RHEL9) but, in that case, why the folder drbd-proxy-4 exists ?
Hope someone will be able to help me, regards
My environment:
RHEL 8.10 with patches, kernel is 4.18.0-553.89.1.el8_10.x86_64
Since drbd-proxy is configured using drbd resource files, I would guess it’s configured the same way as tKLS for drbd:
i.e. net { tls yes; }
I also note that “DRBD Proxy is available to LINBIT customers with an appropriate contract” - so you’ll probably get a better answer through official support channels.
I’ve receive an answer… for the moment, it’s not recommended to use drbd-proxy (v4) with kTLS: it deactivates compression and it’s not stable. Recommendation is to use a VPN solution like WireGuard.
When you use “net {tls yet; }” drbd-proxy try to use kTLS on '“inside” part and not on the “outside” part (“inside” part is local on one machine and “outside” is between two machines).
Corrections will be done on the Linbit documentation to clarify drbd-proxy with kTLS.