Skip to main content

NGINX TCP/UDP Load Balancing

Shen Zhen, China

See also:

Stream Module

TCP and UDP load balancer with NGINX's Stream module (requirers >=1.9).

TCP Load Balancing

For TCP load balancing we need to define an upstream block in the main configuration file, e.g with two MySQL backends.

stream {
upstream backend_dbs {
server db1.mydomain.com:3306;
server db2.mydomain.com:3306;
}

server {
listen 3306;
proxy_pass backend_dbs;
}
}

Then in the server block a TCP socket to listen on freely chosen port and proxy everything from there to the backend.

UDP Load Balancing

For NTP load balancing service we can add an upstream block for the backend NTP servers. The listen directive is similar to the TCP configuration, but we need to specify the udp parameter to tell NGINX to listen for UDP on this port.

One of the things to keep in mind is that NGINX UDP load balancing is built in a way that it expects one or more responses from the backend. In case of an NTP service, we’re expecting one request and one reply:

stream {
upstream backend_time {
server ntp1.mydomain.com:123;
server ntp2.mydomain.com:123;
}

server {
listen 123 udp;
proxy_pass backend_time;
proxy_timeout 5s;
proxy_requests 1;
proxy_responses 1;
error_log logs/ntp.log
}
}

Load-balancing an NTS Timeserver

stream {

upstream ntp_server {
server ntp1.mydomain.com:123;
server ntp2.mydomain.com:123;
server ntp3.mydomain.com:123;
server ntp4.mydomain.com:123;
}

upstream nts_server {
server ntp1.mydomain.com:4460;
server ntp2.mydomain.com:4460;
server ntp3.mydomain.com:4460;
server ntp3.mydomain.com:4460;
}

server {
listen 123 udp;
listen 123; #tcp
proxy_pass ntp_server;
error_log /var/log/nginx/ntp.log info;
proxy_responses 1;
proxy_timeout 1s;
}

server {
listen 4460 udp;
listen 4460; #tcp

proxy_pass nts_server;
error_log /var/log/nginx/nts.log info;
proxy_responses 1;
proxy_timeout 1s;
}
}

Provisioning using Hashicorp Nomad

see Hashicorp Nomad Secure & Balanced NTS Time Service