id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1298 when use nginx stream module to proxy UDP traffic, one connection connect to nginx, but nginx will create one new socket to send every UDP packet cheng0201@… "just use netperf to test nginx stream module UDP proxy performance, a host as upstream server to run netserver, and another host run netperf to send traffic nginx as below: netperf -t UDP_STREAM -c -C -fM -n4 -H 172.16.0.15 -l 60 -- -m 1400 -P ,10000 nginx stream part config as below: stream { access_log /var/log/lb/stream-access.log stream_format; tcp_nodelay on; proxy_connect_timeout 5s; proxy_timeout 60s; upstream backend-mxx3yddtxa { server 172.16.0.19:12865 weight=10 max_fails=0; } upstream backend-39xka0qmti { server 172.16.0.19:10000 weight=10 max_fails=0; } server { listen 172.16.0.15:12865 reuseport; proxy_timeout 86400s; proxy_pass backend-mxx3yddtxa; } server { listen 172.16.0.15:10000 udp reuseport; #proxy_timeout 0s; proxy_responses 0; proxy_pass backend-39xka0qmti; } } whatever set proxy_timeout 0s or proxy_responses 0, nginx will use up all the local udp port, and at last continue to print out error log as below: 2017/06/22 06:50:26 [error] 21260#21260: *138915386 connect() to 172.16.0.19:10000 failed (11: Resource temporarily unavailable) while connecting to upstream, udp c lient: 172.16.0.18, server: 172.16.0.15:10000, upstream: ""172.16.0.19:10000"", bytes from/to client:1400/0, bytes from/to upstream:0/0 as we know, UDP is connectionless protocol, and nginx receive incoming UDP packet through listen socket and without new udp socket, so forward udp packet to upstream without connection information. when we create a new socket for every UDP packet, socket will easily used up. Maybe we should add a config option, when enable this option, attach a map with upstream, and the map use remote IP and port as key, and the socket used to forward to upstream as value, when first remote UDP come to nginx, nginx insert a entry for it, later UDP packet will find this map, if no entry match, new a entry and insert it, else will get stored socket send the packet. of coure, maybe there are some other good way to solve this issue." enhancement closed major nginx-core 1.12.x fixed Linux centos 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.12.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) built with OpenSSL 1.1.0e 16 Feb 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-openssl=openssl-1.1.0e --add-module=modules/nginx_http_status_module --add-module=modules/nginx_http_upstream_check_module --add-module=modules/nginx-sticky-module-ng --add-module=modules/nginx_stream_upstream_check_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC -DNGX_HTTP_STATUS -DNGX_HTTP_UPSTREAM_CHECK -DNGX_STREAM_UPSTREAM_CHECK' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'"