Opened 2 weeks ago

Closed 2 weeks ago

#1700 closed defect (wontfix)

UDP connections are terminated when updating Nginx executable file on-the-fly

Reported by: podko.andrew@… Owned by:
Priority: major Milestone: nginx-1.15
Component: nginx-core Version: 1.15.x
Keywords: UDP, stream, upgrade Cc:
uname -a: Linux lb1.example.com 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.15.8 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Description

UDP handling allow to use it for OpenVPN balancing, but Nginx isn't remember about UDP connections during upgrade the Nginx binary file on-the-fly, so Nginx do full and fast binary upgrade, select different ports for proxied UDP packets and then connections are interrupted.

Proxied UDP connection isn't interrupt whet it's alone connection to first backend in upstream list )

For TCP streams on-the-fly upgrade is working correct - i see old and new binaries in process list, while the TCP connections to nginx are established.

Change History (1)

comment:1 Changed 2 weeks ago by mdounin

  • Resolution set to wontfix
  • Status changed from new to closed

This is expected. Since there is single UDP socket to handle all incoming packets, it is not possible to preserve packets related to old UDP sessions being routed to the old worker processes after a binary upgrade and/or configuration reload. Instead, sessions are re-established in the new processes once a new packet arrives.

From

Proxied UDP connection isn't interrupt whet it's alone connection to first backend in upstream list )

it looks like in your case the problem is that re-established sessions are routed to different upstream servers, and your upstream servers cannot handle this. You may consider using hash $remote_addr balancing, it should help to preserve sessions on the same upstream servers regardless of binary upgrades and configuration reloads.

Note: See TracTickets for help on using tickets.