Using client-hello for intelligent routing and firewalling in multipath secure access systems

What is claimed is: 1. A method comprising: receiving, at one or more routing devices of a networked computing environment and from a client device, a first control packet; generating a communication session identifier associated with the client device, the communication session identifier including one or more first bits indicating a workload associated with the client device and one or more second bits indicating a first routing device of the one or more routing devices; sending, from the first routing device and to the client device, a request to authenticate the client device for access to the workload; receiving a second control packet including the communication session identifier and authentication credentials configured to authenticate the client device for access to the workload; establishing a first control plane session between the first routing device and the client device; sending, via the first control plane session, a second control packet including an indication of the communication session identifier; receiving, at the first routing device, a first data packet including the communication session identifier; and establishing a first data plane session between the first routing device and the client device based at least in part on the authentication credentials. 2. The method of claim 1 , wherein the one or more first bits of the communication session identifier represent an anycast internet protocol (IP) address associated with the workload. 3. The method of claim 1 , further comprising: determining that the first data plane session has been disrupted; receiving, at the first routing device, one or more second data packets including the communication session identifier; and reestablishing the first data plane session between the client device and the first routing device based at least in part on the communication session identifier. 4. The method of claim 1 , wherein the communication session identifier is configured as one of: a datagram transport layer security (DTLS) client hello session ID; a quick user datagram protocol (UDP) internet connections (QUIC) destination connection ID (DCID); or an internet protocol security (IPsec) encapsulating security payload (ESP) header security parameter index (SPI) attribute. 5. The method of claim 1 , further comprising: receiving, at the first routing device, one or more second data packets including the communication session identifier; and establishing one or more second data plane sessions between the client device and the first routing device based at least in part on the communication session identifier. 6. The method of claim 1 , further comprising: determining that a first usage associated with a second routing device of the one or more routing devices exceeds a threshold usage; and determining that a second usage associated with the first routing device of the one or more routing devices is below the threshold usage; wherein generating the communication session identifier is based at least in part on determining that the first usage exceeds the threshold usage and that the second usage is below the threshold usage. 7. The method of claim 1 , wherein the one or more routing devices are configured as at least one of: a virtual private network (VPN) gateway; or a zero trust network access (ZTNA) gateway. 8. A system comprising: one or more processors; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: receiving, at one or more routing devices of a networked computing environment and from a client device, a first control packet; determining that a first usage associated with a second target routing device of the one or more routing devices exceeds a threshold usage; determining that a second usage associated with the first target routing device of the one or more routing devices is below the threshold usage; generating, based at least in part on determining that the first usage exceeds the threshold usage and that the second usage is below the threshold usage, a communication session identifier associated with the client device, the communication session identifier including one or more first bits indicating a workload and one or more second bits indicating a first target routing device of the one or more routing devices; establishing a first communication session between the first target routing device and the client device; sending, via the first communication session, a second control packet including an indication of the communication session identifier; receiving, at the first target routing device, one or more first data packets including the communication session identifier; and establishing one or more second communication sessions between the first target routing device and the client device. 9. The system of claim 8 , wherein the communication session identifier is configured as one of: a datagram transport layer security (DTLS) client hello session ID; a quick user datagram protocol (UDP) internet connections (QUIC) destination connection ID (DCID); or an internet protocol security (IPsec) encapsulating security payload (ESP) header security parameter index (SPI) attribute. 10. The system of claim 8 , the operations further comprising: determining that a third communication session of the one or more second communication sessions has been disrupted; receiving, at the first target routing device, one or more second data packet including the communication session identifier; and reestablishing the third communication session based at least in part on the communication session identifier. 11. The system of claim 8 , wherein the one or more routing devices are configured as at least one of: a virtual private network (VPN) gateway associated with the networked computing environment; or a zero trust network access (ZTNA) gateway associated with the networked computing environment. 12. The system of claim 8 , wherein the first communication session is a control plane session and the one or more second communication sessions are data plane sessions. 13. The system of claim 8 , the operations further comprising: sending, from the first target routing device and to the client device, a request to authenticate the client device for access to the workload; and receiving a second control packet including the communication session identifier and authentication credentials configured to authenticate the client device for access to the workload; wherein establishing the one or more second communication sessions between the client device and the first target routing device is based at least in part on the authentication credentials. 14. A method comprising: establishing a first communication session between a client device and one or more routing devices of a networked computing environment, the first communication session comprising a control plane session and a data plane session; sending a quick user datagram protocol (UDP) internet connections (QUIC) destination connection identifier (DCID) to the client device, the QUIC DCID including one or more first bits indicating the first communication session and one or more second bits indicating a first routing device of the one or more routing devices; determining that the data plane session of the first communication session has been disrupted; receiving, at the first routing device of the networked computing environment, a data packet including the QUIC DCID; and reestablishing, by the first routing device, the f