nginx udp proxy and load balancing

參考：

https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/

https://www.taohui.pub/2018/04/08/udp%e7%9a%84%e5%8f%8d%e5%90%91%e4%bb%a3%e7%90%86%ef%bc%9anginx/

 

[root@promote sbin]# ./nginx -V

nginx version: nginx/1.14.0

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)

built with OpenSSL 1.0.2k-fips  26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module

 

[root@promote conf]# cat nginx.conf

user root;

worker_processes auto;

error_log   logs/error.log error;

#error_log   logs/error.log info;

pid        logs/nginx.pid;

worker_rlimit_nofile 655350;

 

events

{

    use epoll;

    worker_connections 65535;

    multi_accept on;

    accept_mutex on;

}

stream {

    upstream agent {

        hash $remote_addr consistent;

        server 192.168.30.103:8004 max_fails=5 fail_timeout=30s;

        server 192.168.30.104:8004 max_fails=5 fail_timeout=30s;

        server 192.168.30.105:8004 max_fails=5 fail_timeout=30s;

    }

 

        server {

        listen 8004 udp;

        proxy_timeout 30s;

        proxy_responses 0;

        proxy_buffer_size 4096k;

        proxy_bind $remote_addr:$remote_port transparent;

        #proxy_bind $remote_addr transparent;      #獲取真實源IP？

        proxy_pass agent;

    }

 

    log_format proxy '$remote_addr [$time_local] '

                 '$protocol $status $bytes_sent $bytes_received '

                 '$session_time "$upstream_addr" '

                 '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

 

    access_log /usr/local/nginx/logs/tcp-access.log proxy ;

    open_log_file_cache off;

    #include /usr/local/nginx/conf/servers/*.stream;

    #include /usr/local/nginx/conf/*.conf;

}

 

 

抓包：# tcpdump udp -i eno3 port 8004

 

 

Sets the number of datagrams expected from the proxied server in response to a client datagram if the UDP protocol is used. The number serves as a hint for session termination. By default, the number of datagrams is not limited.

 

若是使用UDP協議，則根據客戶端數據報的響應，設置來自proxied服務器的datagram的數量。這個數字做爲會話終止的提示。默認狀況下，datagram的數量並不受限制。

 

 

測試結果：

用於udp轉發沒法同時兼顧tcp的轉發請求。proxy_responses 設置爲1的時候，測試存在轉發的報文數量存在丟失的狀況。將其設置爲0，同時增長了 proxy_buffer_size ，測試基本正常。