A common design which avoids this is to use TCP at the client edge and UDP inside the network core. This is one of the reasons why TCP is not optimal for use inside the core.
That makes sense, but is unfortunately not an option for me due to strict security requirements. I need to use TLS on the whole path.
Another option I explored was to have the edge proxies not always use the same TCP connection for sending to the registrar. If I could find a way to load balance across a number of TCP connections, that would probably work for me. Perhaps there is a way the DISPATHCER module can be configured to accomplish this. Maybe the dispatcher configuration can list multiple copies of the same destination, but each having a different send socket address, and then can load balance across those. Does that make any sense?