Forum Discussion
LabanM
Nimbostratus
NimbostratusLoad Balance UDP (Retain Source Client IP)
Good afternoon all. I'm hoping someone on here can point me in the right direction. I am working on a project to load balance UDP traffic to a few backend nodes for some IOT devices. When the IOT d...
The short answer to this is yes - normal SNAT will work fine. When a request comes into a UDP virtual server, the response will be allowed for an Idle Timeout time ie it emulates the TCP functionality. This timeout is configurable in the UDP profile. You can also disable the treating of this traffic as a flow, and instead treat each UDP packet as a new connection ( useful where using iRules and you want to inspect each packet ). This is called Datagram LB.
Take a look at K7535: Overview of the UDP profile for more info
Since you have to retain the source IP you can't do any many-to-one source NAT:ing between the IOT device and the node.
However, you could just skip any form of SNAT:ing on the VIP (disable automap, snat pool etc). Then the packets will reach the node with the original client IP as source. Then let the node answer directly to the server using it's routing table. Since it's UDP it should work fine through firewalls etc as long as there's routing and firewall openings back to the IOT device.
Just mind that the routing will be assymetric though which means that packets to and from the node will travel different paths. Some people will find this icky but the smell can be ignored linearly compared to the number of years you've worked in networking. 😂