UDP Load balancing

Payam Chychi pchychi at gmail.com
Mon Jan 22 18:21:45 UTC 2018 

On Mon, Jan 22, 2018 at 6:02 AM Sékine Coulibaly <scoulibaly at gmail.com>
wrote:

> Hi,
>
> I'm evaluating Nginx Plus for a UDP Load Balancer but can't make it work.
> The packets are spoofed correctly on the LB side (as seen with tcpdump,
> where I can see packets created, the source IP being the one of the client,
> the destination the one of the selected upstream). However, on the upstream
> side, I receive nothing.
>
> Could it be the spoofed packets are filtered out somewhere ?
>
> My configuration is as below :
>
> user  root;
>
> worker_processes  auto;
> worker_rlimit_nofile 65535;
>
> error_log  /var/log/nginx/error.log debug;
> pid        /var/run/nginx.pid;
>
>
> events {
>     worker_connections  20000;
> }
>
>
> http {
>     include       /etc/nginx/mime.types;
>     default_type  application/octet-stream;
>
>     log_format  main  '$remote_addr - $remote_user [$time_local]
> "$request" '
>                       '$status $body_bytes_sent "$http_referer" '
>                       '"$http_user_agent" "$http_x_forwarded_for"';
>
>     access_log  /var/log/nginx/access.log  main;
>
>     sendfile        on;
>     #tcp_nopush     on;
>
>     keepalive_timeout  65;
>
>     #gzip  on;
>
>     include /etc/nginx/conf.d/*.conf;
> }
>
> stream {
>   upstream dtls_udp_upstreams {
>     hash $remote_addr;
>     server preprods.mycorp.com:5684;
>   }
>
>   server {
>     listen 5684 udp;
>     proxy_bind $remote_addr:$remote_port transparent;
>     proxy_pass dtls_udp_upstreams;
>     proxy_responses 0;
>   }
> }
>
> Thank you !
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


What does tcpdump show on the outbound from the LB? And what does tcpdump
show on your upstream?

Can you ping the upstream from the Lb? Better yet, can you telnet to
upstream udp 5684? Are the LB health checks working?

Are you running any iptables or hardware fw in between?

> <http://mailman.nginx.org/mailman/listinfo/nginx>

-- 
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180122/03393ebe/attachment.html>

More information about the nginx mailing list