Configuring TCP/UDP load balancers

You configure this section at the network-policy load-balancing tcp-udp level.

To create a TCP/UDP load balancer, use the following command:

Admin@nodename# create network-policy load-balancing tcp-udp <position> upl-rule

TCP/UDP load balancing rules have the following parameters:

Parameter

Description

PASS

OK

Action to create a rule using UPL.

name

The name of the balancing rule.

Example: name("TCP_UDP balancer").

enabled

Enable/disable a rule:

  • enabled(yes) or enabled(true).

  • enabled(no) or enabled(false).

desc

A description of the rule.

Example: desc("TCP_UDP balancing- rule").

src.zone

Traffic source zone.

To specify a source zone, such as Trusted: src.zone = Trusted.

For more details about how to configure zones using CLI, see the Zones section.

src.ip

Add source IP address or domain lists.

To specify a list of IP addresses: src.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section.

To specify a source domain list: src.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section.

Example: src.ip = lib.network("Test ip-list").

src.geoip

Specify a Geo IP as the source.

Example: src.geoip = US.

url.address

Virtual server IP address.

Example: url.address = 10.10.0.20.

url.port

The port for which load balancing is to be performed.

Example: url.port = 1812.

service

The protocol (TCP or UDP) for which load balancing is to be performed.

Example: service = udp.

scheduler

Load balancing methods for real servers:

  • rr (round robin): each new connection is passed to the next server in the list, loading all servers evenly.

  • wrr (weighted round robin): similar to round robin, but the real servers are loaded taking their weights into account, which allows you to distribute the load allowing the performance of each server to be taken into account.

  • lc (least connections): a new connection is sent to the server which currently has the least number of connections.

  • wlc (weighted least connections): similar to least connections, but the real servers are loaded taking their weights into account, which allows the performance of each server to be taken into account.

Example: scheduler(rr).

real_server

Real servers to which traffic will be redirected. You need to specify the following for a server:

  • ip: the server's IP address

  • port: the server port to which requests from users will be redirected

  • weight: the weight to be used for uneven load distribution on real servers

  • mode: the operating mode:

    • gate (gateway mode): use routing to redirect traffic to the virtual server

    • masq (masquerading mode): DNAT is used to forward the traffic to the virtual server

    • masq-snat (masquerading mode with the source IP overridden): similar to the masq mode, but UserGate will substitute the source IP address with its own.

Example: real_server(masq, 10.10.0.9:1812, 50).

ipvs_fallback

Configure fallback:

  • ip: the server's IP address

  • port: the server port to which requests from users will be forwarded

  • mode: the operating mode:

    • gate (gateway mode): use routing to redirect traffic to the virtual server

    • masq (masquerading mode): DNAT is used to forward the traffic to the virtual server

    • masq-snat (masquerading mode with the source IP overridden): similar to the masq mode, but UserGate will substitute the source IP address with its own.

Example: ipvs_fallback(masq, 10.10.100.100:1812).

monitor

Configure real server monitoring:

  • kind: the checking type

    • ping: check if the node is reachable using the ping utility.

    • connect: check if the node is up and running by establishing a TCP connection to a specific port.

    • negotiate: check node health by sending a certain HTTP or DNS request and comparing the response against the expected one.

  • service: specify the service (HTTP or DNS) if the checking type is negotiate.

  • request: must be specified if the checking type is negotiate.

  • response: the expected response. Must be specified if the checking type is negotiate.

  • interval: the time interval at which checks should be performed.

  • timeout: how long to wait for the response.

  • max-failures: the maximum number of attempts to check real servers, after which a server is considered inoperable and excluded from balancing.

Example:

monitor_kind(ping) \ monitor_interval(60) \ monitor_timeout(60) \ monitor_failurecount(10) \

To edit an existing load balancing rule, use the following command:

Admin@nodename# set network-policy load-balancing tcp-udp <position> upl-rule

To display information about all TCP/UDP balancing rules, use the following command:

Admin@nodename# show network-policy load-balancing tcp-udp

To display information about a specific TCP/UDP load balancing rule, use the following command:

Admin@nodename# show network-policy load-balancing tcp-udp <position>

Example command to create a load balancing rule using UPL:

Admin@nodename# create network-policy load-balancing tcp-udp 1 upl-rule OK \ ...src.zone = Trusted \ ...url.address = 10.10.0.20 \ ...url.port = 1812 \ ...service = udp \ ...scheduler(rr) \ ...real_server((gate, 10.10.0.9, 50), (gate, 10.10.0.8, 50)) \ ...name(tcpudp_balancer1) \ ...enabled(true) ... Admin@nodename# show network-policy load-balancing tcp-udp % ----------------- 1 ----------------- OK \ src.zone = Trusted \ url.address = 10.10.0.20 \ url.port = 1812 \ service = udp \ scheduler(rr) \ real_server((gate, 10.10.0.9, 50), (gate, 10.10.0.8, 50)) \ monitor_kind(ping) \ monitor_interval(60) \ monitor_timeout(60) \ monitor_failurecount(10) \ enabled(true) \ id(cbed6ed7-901e-4641-83a1-a05f82dae177) \ name(tcpudp_balancer1)

To delete an existing load balancer, use the following command:

Admin@nodename# delete network-policy load-balancing tcp-udp <position>