UDP Load balancing

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

UDP Load balancing

Sékine Coulibaly
Hi,

I'm evaluating Nginx Plus for a UDP Load Balancer but can't make it work. The packets are spoofed correctly on the LB side (as seen with tcpdump, where I can see packets created, the source IP being the one of the client, the destination the one of the selected upstream). However, on the upstream side, I receive nothing.

Could it be the spoofed packets are filtered out somewhere ?

My configuration is as below :

user  root;

worker_processes  auto;
worker_rlimit_nofile 65535;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  20000;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

stream {
  upstream dtls_udp_upstreams {
    hash $remote_addr;
  }

  server {
    listen 5684 udp;
    proxy_bind $remote_addr:$remote_port transparent;
    proxy_pass dtls_udp_upstreams;
    proxy_responses 0;
  }
}

Thank you !

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: UDP Load balancing

Payam Chychi

On Mon, Jan 22, 2018 at 6:02 AM Sékine Coulibaly <[hidden email]> wrote:
Hi,

I'm evaluating Nginx Plus for a UDP Load Balancer but can't make it work. The packets are spoofed correctly on the LB side (as seen with tcpdump, where I can see packets created, the source IP being the one of the client, the destination the one of the selected upstream). However, on the upstream side, I receive nothing.

Could it be the spoofed packets are filtered out somewhere ?

My configuration is as below :

user  root;

worker_processes  auto;
worker_rlimit_nofile 65535;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  20000;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

stream {
  upstream dtls_udp_upstreams {
    hash $remote_addr;
  }

  server {
    listen 5684 udp;
    proxy_bind $remote_addr:$remote_port transparent;
    proxy_pass dtls_udp_upstreams;
    proxy_responses 0;
  }
}

Thank you !
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

What does tcpdump show on the outbound from the LB? And what does tcpdump show on your upstream?

Can you ping the upstream from the Lb? Better yet, can you telnet to upstream udp 5684? Are the LB health checks working?

Are you running any iptables or hardware fw in between? 
--
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx