Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UDP LOAD BALANCING - $1000

    Scheduled Pinned Locked Moved Bounties
    10 Posts 5 Posters 10.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      fannet
      last edited by

      We are seeking the following feature:

      UDP DNAT based load balancing which solves the following problem:

      A single external IP address must forward UDP clients to one of many internal UDP servers. Once a UDP "session" (you know what I mean) is established that source must always have it's packets go to the same server. Imagine for example you had a client send a UDP audio stream to the server but the load balancer threw some packets to one server and then another making it impossible for a single server to re-assemble the stream. I believe connection marking could do what we need.

      We are on a tight schedule, and will purchase a commercial solution if no immediate interest is shown.

      1 Reply Last reply Reply Quote 0
      • marcellocM Offline
        marcelloc
        last edited by

        It's for any udp protocol or for sip/rtp?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • F Offline
          fannet
          last edited by

          Any UDP and specifically NOT SIP :)

          1 Reply Last reply Reply Quote 0
          • E Offline
            eri--
            last edited by

            The standard features in 2.0.1 do not suffice you for load balancing?

            1 Reply Last reply Reply Quote 0
            • F Offline
              fannet
              last edited by

              If by standard features you mean Services -> Load Balancer, I don't see how one would solve our problem….which features are you referring to...as you can assume if we thought the features could we would not be posting a $1000 bounty...

              1 Reply Last reply Reply Quote 0
              • D Offline
                dhatz
                last edited by

                It sounds like the OP is asking for a feature similar to pf's "sticky" with configurable timeout of src.track timer (for inbound connections and UDP protocol).

                fannet, is what you are looking for the functionality described in e.g.
                http://daveonsoftware.blogspot.com/2007/08/load-balancer-persistence-sticky.html
                http://support.f5.com/kb/en-us/products/lc_9_x/manuals/product/lc_config_guide_10_1/lc_persist_profiles.html
                ?

                1 Reply Last reply Reply Quote 0
                • F Offline
                  fannet
                  last edited by

                  This appears to be correct @dhatz:

                  It sounds like the OP is asking for a feature similar to pf's "sticky" with configurable timeout of src.track timer (for inbound connections and UDP protocol).

                  This assumptions sounds correct, the setup would look like this with multiples of 'n' :

                  /  UDP Server Service 1 10.10.0.1
                  UDP Client –-> [wan]PFSENSE[lan] –---------<
                                       1.2.3.4          10.10.0.254        \ UDP Server Service 1+n 10.10.0.n

                  The source address of the client must be preserved (DNAT) when it reaches the server service

                  From PF.conf manual:

                  random [sticky-address]
                            The random option selects an address at random within the defined
                            block of addresses.

                  sticky-address can be specified to ensure that multiple connections
                            from the same source are mapped to the same redirection address.
                            Associations are destroyed as soon as there are no longer states
                            which refer to them; in order to make the mappings last beyond the
                            lifetime of the states, increase the global options with set
                            timeout src.track.

                  round-robin [sticky-address]
                            The round-robin option loops through the redirection address(es).
                            sticky-address is as described above.

                  When more than one redirection address is specified, round-robin is
                            the only permitted pool type.

                  source-hash [key]
                            The source-hash option uses a hash of the source address to
                            determine the redirection address, ensuring that the redirection
                            address is always the same for a given source.  An optional key can
                            be specified after this keyword either in hex or as a string; by
                            default pfctl(8) randomly generates a key for source-hash every
                            time the ruleset is reloaded.

                  I see the above options available in "outbound nat" only…

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    eri--
                    last edited by

                    Well this can be implemented for sure in pfSense.
                    I would advice you to contact portal.pfsense.org to get this service completed.

                    This way you give the money to pfSense and help us continue further the improvement.
                    Also you get bonus the feature continuing being present in all up-coming versions of pfSense.

                    If you do not go that route i can give you some modifications to try related to this!

                    Let me know which way is better for you.

                    1 Reply Last reply Reply Quote 0
                    • F Offline
                      fannet
                      last edited by

                      @ermal:

                      If you do not go that route i can give you some modifications to try related to this!
                      Let me know which way is better for you.

                      Whatever is quickest and documented so we can replicate it in the future….

                      1 Reply Last reply Reply Quote 0
                      • Z Offline
                        zevlag
                        last edited by

                        Did this ever happen?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.