Re: [leshan-dev] lwm2m servers load balancing DTLS with nginx.

[Santos Das <santos.das@xxxxxxxxx>]

I thought the following configuration of Nginx is doing this -

hash $remote_addr:remote_port consistent;

Thanks, Santos

On Mon, Jan 30, 2017 at 10:57 PM, Julien Vermillard <jvermillard@xxxxxxxxx> wrote:

You need to send all the requests coming from the same source IP/port to the same server.

The leshan servers share nothing about the DTLS state (outside the PSK/RPK keys)

--
Julien Vermillard

On Mon, Jan 30, 2017 at 5:59 PM, Андрій Захарків <zaharkiv567@xxxxxxxxx> wrote:

Hi guys!

We are currently trying to configure LB on nginx for  LWM2M servers.

We have successfully managed to configure it for COAP connections. Clients are connecting and being distributed among servers.

However, when we are trying to connect clients via Coaps if fails. It seems that handshake stages are distributed among servers and it causes this:

Jan 30, 2017 10:23:24 AM org.eclipse.californium.scandium.dtls.Record decryptAEAD
FINE: The explicit nonce used by the sender does not match the values provided in the DTLS record
Used    : 00 01 00 00 00 00 00 00
Expected: 00 01 00 00 00 00 00 01
Jan 30, 2017 10:23:24 AM com.verizon.lwm2m.server.CustomDtlsConnector discardRecord
FINE: Discarding Handshake (22) record from peer [/172.17.0.4:33924]: MAC validation failed
Jan 30, 2017 10:23:25 AM com.verizon.lwm2m.server.CustomDtlsConnector handleTimeout
FINE: Re-transmitting flight for [/172.17.0.4:33924], [2] retransmissions left
Jan 30, 2017 10:23:29 AM com.verizon.lwm2m.server.CustomDtlsConnector handleTimeout
FINE: Re-transmitting flight for [/172.17.0.4:33924], [1] retransmissions left
Jan 30, 2017 10:23:30 AM com.verizon.lwm2m.server.CustomDtlsConnector processHandshakeRecord
FINE: Received Handshake (22) record from peer [/172.17.0.4:33924]
Jan 30, 2017 10:23:30 AM org.eclipse.californium.scandium.dtls.Record decryptHandshakeMessage
FINE: Parsing message without a session
Jan 30, 2017 10:23:30 AM com.verizon.lwm2m.server.CustomDtlsConnector processHandshakeRecord
FINE: Received Handshake (22) record from peer [/172.17.0.4:33924]
Jan 30, 2017 10:23:30 AM org.eclipse.californium.scandium.dtls.Record decryptAEAD
FINE: The explicit nonce used by the sender does not match the values provided in the DTLS record
Used    : 00 01 00 00 00 00 00 00
Expected: 00 01 00 00 00 00 00 03
Jan 30, 2017 10:23:30 AM com.verizon.lwm2m.server.CustomDtlsConnector discardRecord

We have tried different nginx load balancing methods, including 

hash $remote_addr:remote_port consistent;

Also worth to mention, if there is only 1 server behind nginx UDP loadbanacer, then everything works.

Any help on this is much appreciated.  

_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev

_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev