Tag Archives: udp

Pen 0.34.0 released

Available here:

http://siag.nu/pub/pen/

And also here:

https://sourceforge.net/projects/penloadbalancer/files/Source/

Sander van Burken noticed that it wasn’t possible to specify a listening address
in the configuration file when using UDP: it was created as TCP even if -U was
used on the command line.

Harry G. Coin found that Pen would use the CARP address as local address in
upstream connections. An expected behaviour, but undesirable when CARP is used
with two instances of Pen. A new configuration option allows another source
address to be specified.

Vincent Bernat added support for OpenSSL 1.1.0. OpenSSL 1.0.2 is still supported.

Full list of changes:

161028 Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility.
This fixes issue #28.

161024 Allow setting local address for upstream connections. This fixes issue #31.
New penctl command "source" to set this option.

160914 Fixed issue #30: UDP not working in combination with a configuration file.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Pen 0.33.0 released

Available here:

http://siag.nu/pub/pen/

And also here:

https://sourceforge.net/projects/penloadbalancer/files/Source/

Pen 0.33.0 has been released. UDP streams are now treated as such and not
broken up into individual datagrams.

Issue #22 has been fixed.

Full list of changes from 0.32.0:

160407 Cleaned up code residue surrounded by “#if 0”.
Released 0.33.0.

160407 Added CS_HALFDEAD for UDP streams that haven’t seen traffic in a while.

160321 Bug in pending_and_closing: don’t modify the list we’re looping over.

160318 Updated pen manpage.
Deprecated -Q option (it didn’t do anything since kqueue was already the
default where it was available).
Fixed error handling in epoll support.

160217 Added transparent UDP test case to testsuite.sh.

160128 Contribution from Talik Eichinger: add X-Forwarded-Proto when doing
SSL decryption.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Direct Server Return for UDP

Pen has supported Direct Server Return for TCP for some time. Support for UDP has now been added, suitable for load balancing e.g. DNS.

Here, debian2 is the DNS client and debian uses Pen in DSR mode to load balance between debian3 and debian4 running Bind.

Pen command line:

ulric@debian:~/Git/pen$ sudo ./pen -df -U -O poll -O “dsr_if eth1” -S 2 -r 192.168.100.1:0 192.168.100.3 192.168.100.4
As of 0.28.1 the server table is expanded dynamically,
making the -S option obsolete
2015-08-03 16:24:09: read_cfg((null))
2015-08-03 16:24:09: Before: conns = (nil), connections_max = 0, clients = (nil), clients_max = 0
2015-08-03 16:24:09: expand_conntable(500)
2015-08-03 16:24:09: After: conns = 0x1ac4600, connections_max = 500, clients = 0x7f6428d5c010, clients_max = 2048
2015-08-03 16:24:09: pen 0.29.0 starting
2015-08-03 16:24:09: servers:
2015-08-03 16:24:09: 0 192.168.100.3:0:0:0:0:0
2015-08-03 16:24:09: 1 192.168.100.4:0:0:0:0:0

As far as debian2 can see, the responses are coming from a single DNS server:

dsr-udp-client

But tcpdump on debian3 and debian4 shows requests and replies being load balanced across the hosts:

dsr-udp-server1

dsr-udp-server2

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Load Balancing UDP with Pen 0.25.0 – Replies

The upcoming Pen 0.25.0 release will handle load balancing for UDP protocols where the client expects a reply from the server. An example of this is DNS.

Here we let Pen listen on UDP port 8000 and forward all requests to Google’s public DNS servers 8.8.8.8 and 8.8.4.4.


ulric@debian:~/Projekt/pen$ ./pen -dfrU -S 2 8000 8.8.8.8:53 8.8.4.4:53 2>&1 | more
2014-08-01 14:55:33: pen_aton(0.0.0.0, 0x7fff3b0face0)
2014-08-01 14:55:33: family = 2
2014-08-01 14:55:33: socktype = 1
2014-08-01 14:55:33: protocol = 6
2014-08-01 14:55:33: addrlen = 16
2014-08-01 14:55:33: sockaddr = 0x2141250
2014-08-01 14:55:33: canonname = (null)
2014-08-01 14:55:33: local address=[0.0.0.0:8000]
2014-08-01 14:55:33: n = 2, address = 8.8.8.8, pno = 53, maxc1 = 0, hard = 0, weight = 0, prio = 0, proto = udp
2014-08-01 14:55:33: pen_aton(8.8.8.8, 0x21478b8)
2014-08-01 14:55:33: family = 2
2014-08-01 14:55:33: socktype = 1
2014-08-01 14:55:33: protocol = 6
2014-08-01 14:55:33: addrlen = 16
2014-08-01 14:55:33: sockaddr = 0x21412d0
2014-08-01 14:55:33: canonname = (null)
2014-08-01 14:55:33: n = 2, address = 8.8.4.4, pno = 53, maxc1 = 0, hard = 0, weight = 0, prio = 0, proto = udp
2014-08-01 14:55:33: pen_aton(8.8.4.4, 0x2147968)
2014-08-01 14:55:33: family = 2
2014-08-01 14:55:33: socktype = 1
2014-08-01 14:55:33: protocol = 6
2014-08-01 14:55:33: addrlen = 16
2014-08-01 14:55:33: sockaddr = 0x21412d0
2014-08-01 14:55:33: canonname = (null)
2014-08-01 14:55:33: pen 0.25.0 starting
2014-08-01 14:55:33: servers:
2014-08-01 14:55:33: 0 8.8.8.8:53:0:0:0:0
2014-08-01 14:55:33: 1 8.8.4.4:53:0:0:0:0
2014-08-01 14:55:33: read_cfg((null))
2014-08-01 14:55:33: mainloop_select()
2014-08-01 14:55:33: After zero
2014-08-01 14:55:33: After setting fd_sets
2014-08-01 14:55:33: w_read 3 is set

Pen is now waiting for a client.

On another host, we make a DNS query for a resource on the Internet:


ulric@qvp2:~$ dig @192.168.0.174 -p 8000 siag.nu

; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu3 <<>> @192.168.0.174 -p 8000 siag.nu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47910 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;siag.nu. IN A ;; ANSWER SECTION: siag.nu. 299 IN A 194.9.95.65 ;; Query time: 74 msec ;; SERVER: 192.168.0.174#8000(192.168.0.174) ;; WHEN: Fri Aug 01 14:56:13 CEST 2014 ;; MSG SIZE rcvd: 52

The reply looks fine. What do we have in Pen's debug output?


2014-08-01 14:56:13: After select
2014-08-01 14:56:13: w_read 3 is set
2014-08-01 14:56:13: add_client: received 36 bytes from client
2014-08-01 14:56:13: match_acl_ipv4(0, 33685514)
2014-08-01 14:56:13: Trying server 1 at time 1406897773
2014-08-01 14:56:13: match_acl_ipv4(0, 33685514)
2014-08-01 14:56:13: Connecting to 8.8.4.4
2014-08-01 14:56:13: Family: AF_INET
2014-08-01 14:56:13: Port: 53
2014-08-01 14:56:13: Address: 8.8.4.4
2014-08-01 14:56:13: Successful connect to server 1
2014-08-01 14:56:13: Client 10.0.2.2 has index 0 and server 1
2014-08-01 14:56:13: store_conn: conn = 0, upfd = 4, downfd = 3, connections_used = 1
2014-08-01 14:56:13: add_client: wrote 36 bytes to socket 4
2014-08-01 14:56:13: checking sockets from open connections
2014-08-01 14:56:13: checking connection slot 0
2014-08-01 14:56:13: from 10.0.2.2
2014-08-01 14:56:13: to 8.8.4.4
2014-08-01 14:56:13: After zero
2014-08-01 14:56:13: interested in reading data from upstream socket 4 of connection 0
2014-08-01 14:56:13: After setting fd_sets
2014-08-01 14:56:13: w_read 3 is set
2014-08-01 14:56:13: w_read 4 is set
2014-08-01 14:56:13: After select
2014-08-01 14:56:13: w_read 4 is set
2014-08-01 14:56:13: checking sockets from open connections
2014-08-01 14:56:13: checking connection slot 0
2014-08-01 14:56:13: from 10.0.2.2
2014-08-01 14:56:13: to 8.8.4.4
2014-08-01 14:56:13: want to read from upstream socket 4 of connection 0
2014-08-01 14:56:13: copy_down sending 52 bytes to socket 3
2014-08-01 14:56:13: close_conn: Closing connection 0 to server 1; connections_used = 0
2014-08-01 14:56:13: Read 0 from client, wrote 0 to server
2014-08-01 14:56:13: Read 0 from server, wrote 0 to client
2014-08-01 14:56:13: After zero
2014-08-01 14:56:13: After setting fd_sets
2014-08-01 14:56:13: w_read 3 is set

Let's try it again:


ulric@qvp2:~$ dig @192.168.0.174 -p 8000 siag.nu

; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu3 <<>> @192.168.0.174 -p 8000 siag.nu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 863 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;siag.nu. IN A ;; ANSWER SECTION: siag.nu. 210 IN A 194.9.95.65 ;; Query time: 53 msec ;; SERVER: 192.168.0.174#8000(192.168.0.174) ;; WHEN: Fri Aug 01 14:57:42 CEST 2014 ;; MSG SIZE rcvd: 52

Same result. What does Pen have to say about it?


2014-08-01 14:57:42: After select
2014-08-01 14:57:42: w_read 3 is set
2014-08-01 14:57:42: add_client: received 36 bytes from client
2014-08-01 14:57:42: match_acl_ipv4(0, 33685514)
2014-08-01 14:57:42: Trying server 0 at time 1406897862
2014-08-01 14:57:42: match_acl_ipv4(0, 33685514)
2014-08-01 14:57:42: Connecting to 8.8.8.8
2014-08-01 14:57:42: Family: AF_INET
2014-08-01 14:57:42: Port: 53
2014-08-01 14:57:42: Address: 8.8.8.8
2014-08-01 14:57:42: Successful connect to server 0
2014-08-01 14:57:42: Client 10.0.2.2 has index 0 and server 0
2014-08-01 14:57:42: store_conn: conn = 0, upfd = 4, downfd = 3, connections_used = 1
2014-08-01 14:57:42: add_client: wrote 36 bytes to socket 4
2014-08-01 14:57:42: checking sockets from open connections
2014-08-01 14:57:42: checking connection slot 0
2014-08-01 14:57:42: from 10.0.2.2
2014-08-01 14:57:42: to 8.8.8.8
2014-08-01 14:57:42: After zero
2014-08-01 14:57:42: interested in reading data from upstream socket 4 of connection 0
2014-08-01 14:57:42: After setting fd_sets
2014-08-01 14:57:42: w_read 3 is set
2014-08-01 14:57:42: w_read 4 is set
2014-08-01 14:57:42: After select
2014-08-01 14:57:42: w_read 4 is set
2014-08-01 14:57:42: checking sockets from open connections
2014-08-01 14:57:42: checking connection slot 0
2014-08-01 14:57:42: from 10.0.2.2
2014-08-01 14:57:42: to 8.8.8.8
2014-08-01 14:57:42: want to read from upstream socket 4 of connection 0
2014-08-01 14:57:42: copy_down sending 52 bytes to socket 3
2014-08-01 14:57:42: close_conn: Closing connection 0 to server 0; connections_used = 0
2014-08-01 14:57:42: Read 0 from client, wrote 0 to server
2014-08-01 14:57:42: Read 0 from server, wrote 0 to client
2014-08-01 14:57:42: After zero
2014-08-01 14:57:42: After setting fd_sets
2014-08-01 14:57:42: w_read 3 is set

This time we got the reply from the other server. So round-robin load balancing works. If we hadn't used the -r option, Pen would have stayed with 8.8.4.4, because that was what worked the last time.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Pen 0.24.0 released

The UDP code has been simplified, cleaned up and bugfixed. Performance seems better now. Here is a simple test with two hosts over gigabit ethernet:

On host 1:
ulric@qvp2:~/pen-0.24.0$ yes “Ulric was here” | ./penlog 192.168.0.183 10000

On host 2:
ulric@debian:~/Projekt/pen/Zippar/pen-0.24.0$ ./pen -dfU -S 1 10000 192.168.0.102:10000 > out 2>&1

On host 1:
ulric@qvp2:~/pen-0.24.0$ ./penlogd -df 10000 > out 2>&1
ulric@qvp2:~/pen-0.24.0$ grep -c “2014-06-21 16:27:12: bogus web line Ulric was here” out
9297

Penlog and Penlogd are two programs that send and receive Apache logs over UDP. Used here to generate and receive a lot of UDP traffic.

Source available here, as usual:

http://siag.nu/pub/pen/

Facebooktwittergoogle_plusredditpinterestlinkedinmail