Project

General

Profile

Actions

Feature #1181

closed

Allow a way to add protocols (such as udp) to a load balancer

Added by Gary Richards almost 14 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Load Balancer
Target version:
-
Start date:
01/10/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

I've been trying to configure load balanced DNS with pfsense 2.0. It occurred to me fairly quickly that this might not be obviously possible considering I see no mention of UDP anywhere in the load balancer config. But I proceeded looking into it anyway.

So I created a pool:
Name: DNS
Mode: Load Balance
Desc: Load Balanced DNS
Port: 53
Monitor: TCP (Yeah, I know actual requests are generally UDP, but checking TCP port is available is a nice simple way to do it without doing real lookups)
Servers in pool: 192.168.120.11, 192.168.120.12

I then configured a virtual server:
Name: DNS
Desc: Load Balanced DNS
IP Address: 192.168.120.254 (one of my VIPs)
Port: 53
Virtual Server Pool: DNS
Fail Back Pool: None

After realising i'd forgotten a few firewall rules I tried to DNS from one of my hosts... And failed, not really unexpected.

However, I could telnet to port 53 of my load balancer (ie. a tcp connection) and it worked.

Further investigation suggests that the relayd.conf created by the above is:

table <DNS> { 192.168.120.11, 192.168.120.12 }
redirect "DNS" {
 listen on 192.168.120.254 port 53
 forward to <DNS> port 53 check tcp timeout 1000
}

That's pretty simple. Reading the relayd.conf man page redirection section suggests:

listen on address [ip-proto] port port [interface name]
   Specify an address and a port to listen on.  pf(4) will redirect
   incoming connections for the specified target to the hosts in the
   main or backup table.  The port argument can optionally specify a
   port range instead of a single port; the format is min-port:max-
   port.  The optional argument ip-proto can be used to specify an
   IP protocol like tcp or udp; it defaults to tcp.  The rule can be
   optionally restricted to a given interface name.

So that explains why my load balancer doesn't work. The rule created by default will default to tcp.

An example on the same man page suggests that:

redirect "dns" {
  listen on dns.example.com tcp port 53
  listen on dns.example.com udp port 53    
  forward to <dnshosts> port 53 check tcp
}

Is a simple way to load balance DNS with relayd... so what i'm trying to do it ALMOST there, I just have no way to make pfsense also listen for udp on port 53. Everything else is already seemingly in place.

So my feature request is simply, can a way be added to select additional protocols (or even just other protocols) to listen on within a load balancer? Perhaps in some sort of initially hidden advanced section like some of the firewall rules advanced options.

This seems like a fairly trivial addition, however I did look at the code and realised that I haven't touched PHP for a while and it scared me so I closed it again.

Actions

Also available in: Atom PDF