UDP Load balancing
Payam Chychi
pchychi at gmail.com
Mon Jan 22 18:21:45 UTC 2018
On Mon, Jan 22, 2018 at 6:02 AM Sékine Coulibaly <scoulibaly at gmail.com>
wrote:
> Hi,
>
> I'm evaluating Nginx Plus for a UDP Load Balancer but can't make it work.
> The packets are spoofed correctly on the LB side (as seen with tcpdump,
> where I can see packets created, the source IP being the one of the client,
> the destination the one of the selected upstream). However, on the upstream
> side, I receive nothing.
>
> Could it be the spoofed packets are filtered out somewhere ?
>
> My configuration is as below :
>
> user root;
>
> worker_processes auto;
> worker_rlimit_nofile 65535;
>
> error_log /var/log/nginx/error.log debug;
> pid /var/run/nginx.pid;
>
>
> events {
> worker_connections 20000;
> }
>
>
> http {
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> log_format main '$remote_addr - $remote_user [$time_local]
> "$request" '
> '$status $body_bytes_sent "$http_referer" '
> '"$http_user_agent" "$http_x_forwarded_for"';
>
> access_log /var/log/nginx/access.log main;
>
> sendfile on;
> #tcp_nopush on;
>
> keepalive_timeout 65;
>
> #gzip on;
>
> include /etc/nginx/conf.d/*.conf;
> }
>
> stream {
> upstream dtls_udp_upstreams {
> hash $remote_addr;
> server preprods.mycorp.com:5684;
> }
>
> server {
> listen 5684 udp;
> proxy_bind $remote_addr:$remote_port transparent;
> proxy_pass dtls_udp_upstreams;
> proxy_responses 0;
> }
> }
>
> Thank you !
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
What does tcpdump show on the outbound from the LB? And what does tcpdump
show on your upstream?
Can you ping the upstream from the Lb? Better yet, can you telnet to
upstream udp 5684? Are the LB health checks working?
Are you running any iptables or hardware fw in between?
> <http://mailman.nginx.org/mailman/listinfo/nginx>
--
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180122/03393ebe/attachment.html>
More information about the nginx
mailing list