UDP load balancing #19
Comments
|
Pen is blind to what happens to udp traffic after it is forwarded. If there is a way to detect that a back-end is nonresponsive (e.g. a dns server that doesn't reply), you can use a script to monitor them. Here's an old example for http which can trivially be updated for other protocols: |
|
Hi, I tried with the blacklist but got partial success. This is what happened
2015-10-14 10:55:18: add_client: received 4 bytes from client The client will not work until the blacklist window will expire and reconnect on port 10001. My expectation was to fail over to a different port since the server 1 was blacklisted. |
|
That would be a reasonable expectation, I think. Let me try to reproduce the problem and see if it is a bug. |
|
The latest version in Git fixes this failover problem. Here's what I get: First prepare three pens proxying dns requests to google (to get something to test against) and verify that they work: ulric@debtest: Then start Pen, same command line as you used above: ulric@debtest:~/Git/pen$ ./pen -fU -a -dd 8080 127.0.0.1:10000 127.0.0.1:10001 127.0.0.1:10002 -C localhost:9000 > log 2>&1 And from another terminal, test failover: ulric@debtest: So that looks good. The log says: 2015-11-02 10:05:30: add_client: received 36 bytes from client |
|
Closing since the fix is in 0.31.1. |
|
Hi - New to Pen and have just started playing around with dns load balancing. Can't seem to get the load balancer to adjust for failures within load balance pool. Am trying to work through your examples from above to get a better handle on health checks and blacklisting. Have done this config based on your examples... ./pen -U 127.0.0.1:10000 10.10.10.1:53 Getting this error on blacklisting: Server is up though: Any ideas? Also, I've only been seeing empty log files so far. Maybe I am looking in the wrong place? Any help is greatly appreciated! Thank you, |
|
Looking at your third command line, I see that you're running Pen as root since it's listening on port 53, but then it will be reluctant to create the listening socket. Look near the top of the log file and you should find a line similar to "Won't open control port running as root; use -u to run as different user". And the error message from penctl simply means the control port isn't listening. |
|
Thank you very much for your help. I am now running pen as non-root using an iptable nat to redirect 53 to 8080 on the listening vip. So now, the penctl channel is working fine. I'm still having some issue with creating my init.d script such that the pen service starts upon boot of the server. Seems I'm running into permissions issues with the pid and log files. Not sure who should own those files, ie, root or non-root user. Also, working out a script for doing the health check on the back end. Have been working on a script which will run dns calls to my target dns servers which I am load balancing against. If those dns calls fail, the script calls penctl to blacklist the failed server. Just wanted to confirm with you that scripts would be required for this type of health checking, ie, pen can not health check downstream directly? Thanks again, |
|
You can get a bunch of hints for the init script here: https://github.com/UlricE/pen/wiki/Pen-and-Systemd It's written for systemd but a lot of the priciples carry over. You are right that Pen doesn't know anything about the back end health. Remember that unlike TCP, where the three-way handshake confirms that a connection has been made, there is no corresponding mechanism in UDP. |
The UDP load balancer algorithm doesn't count for dead servers.
Example:
./pen -fU 8080 127.0.0.1:8001 127.0.0.1:8002
If servers are up on port 8001 and 8002 traffic is forwarded, however if the server is not up on port 8001 pen will not detect it nor will stop forwarding traffic to it ...
Any plans to add this kind of detection ?
thanks!
-silviu
The text was updated successfully, but these errors were encountered: