Nginx TCP/UDP Load Balancer

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Nginx TCP/UDP Load Balancer

zakirenish
Hi, I have 2 turn server. I would like to use Nginx for load balancer them.
But I have a problem. When I use the AWS ELB it works perfectly. If I try
with Nginx, I got an error.

Remote addr should be client_ip. Nginx, send itself IP address to coturn
server.

There are 2 output from AWS ELB and Nginx

AWS Output:

13: handle_udp_packet: New UDP endpoint: local addr coturn_ip:3478 coturn,
remote addr client_ip:54203

Nginx Output:

96: handle_udp_packet: New UDP endpoint: local addr coturn_ip:3478, remote
addr nginx_ip:59902

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289231,289231#msg-289231

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Nginx TCP/UDP Load Balancer

Francis Daly
On Mon, Aug 31, 2020 at 06:15:00AM -0400, Dr_tux wrote:

Hi there,

> Hi, I have 2 turn server. I would like to use Nginx for load balancer them.
> But I have a problem. When I use the AWS ELB it works perfectly. If I try
> with Nginx, I got an error.
>
> Remote addr should be client_ip. Nginx, send itself IP address to coturn
> server.

I don't know the details of a turn server; but depending on the
overall design of your solution, it is possible that proxy_bind
(http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind)
will be useful.

You will probably want to make sure that you understand how each packet
will flow from original-client to end-server and back.

You apparently have a working system using AWS ELB, so perhaps watching
the traffic there will show you how it needs to be in order to work.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Nginx TCP/UDP Load Balancer

zakirenish
Thank you very much for your answer, but I tried it :) did not work. I would
like to forward client IP address directly to turn servers. But I always see
Nginx Ip on Turn Servers.

Best.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289231,289277#msg-289277

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Nginx TCP/UDP Load Balancer

Francis Daly
On Tue, Sep 01, 2020 at 04:47:55PM -0400, Dr_tux wrote:

Hi there,

> Thank you very much for your answer, but I tried it :) did not work. I would
> like to forward client IP address directly to turn servers. But I always see
> Nginx Ip on Turn Servers.

Fair enough.

If you can show the config that you used, perhaps someone will be able
to reproduce the problem and find a solution.

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Nginx TCP/UDP Load Balancer

zakirenish
When I add the proxy_bind parameter, requests are never forwarded to the
server behind. If I do not add it, the output on the turn server is as
follows.

Output:
96: handle_udp_packet: New UDP endpoint: local addr Turn_Server_IP:3478,
remote addr NGINX_IP:59902

stream {

    upstream stream_backend {
        server Turn_Server_IP:3478;
    }

    server {
    listen        3478 udp;
    proxy_pass    stream_backend;
    proxy_bind $remote_addr transparent;
    }

}

Thanks for help.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289231,289281#msg-289281

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Nginx TCP/UDP Load Balancer

Francis Daly
On Wed, Sep 02, 2020 at 01:08:43AM -0400, Dr_tux wrote:

Hi there,

> When I add the proxy_bind parameter, requests are never forwarded to the
> server behind.

Is there any hint in your nginx logs of what is happening?

For example, on one old system here, when I test the config as root,
I can see:

# sbin/nginx -t
nginx: [emerg] transparent proxying is not supported on this platform, ignored in /usr/local/nginx/conf/nginx.conf:240
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

and when I try to connect to my nginx udp port from a remote machine,
I see no hint of the request being forwarded; but I do see a [crit]
message in the nginx error log, of the form "bind(client ip) failed
(99: Cannot assign requested address) while connecting to upstream"

When I try to connect from the local machine, I do see the request being
forwarded, with the same source address as my original packet used -- the
192.168.x one, or the 127.0.x one. So proxy_bind is being attempted, and
my operating system setup is preventing the "external" address being used.

>     server {
>     listen        3478 udp;
>     proxy_pass    stream_backend;
>     proxy_bind $remote_addr transparent;
>     }

That looks correct; but the IP address that nginx is allowed to set as the
source IP for the packets that it sends, is not only controlled by nginx.

If you have similar logs, you may have a similar problem that may be
fixable by re-configuring the supporting system.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx