Hi, On Sun, Oct 15, 2017 at 11:54:10PM +0500, ???? ??????? wrote: > 2017-10-15 23:43 GMT+05:00 Willy Tarreau <w...@1wt.eu>: > > > On Sun, Oct 15, 2017 at 07:16:51PM +0100, Aaron West wrote: > > > Hi Willy, > > > > > > Sorry to bother you, just a quick question if I may. > > > > > > Does support for QUIC imply we'd have rudimentary UDP support as well > > > or is it only going to support QUIC Protocol? > > > > It will be UDP for QUIC only. > > > > Do you have a *valid* use case for UDP proxying ? I'm asking because every > > time people ask for UDP support, it's for totally stupid reasons like NFS, > > for non-proxyable protocols, for protocols which are designed not to need > > a load balancer (eg: DNS) or for trivial stuff that is already naturally > > handled by their operating system (eg: done by LVS). That's why I'm > > interested in knowing about a valid case ;-) > > > dns is valid case,
DNS is indeed the most common reason people ask for UDP support, and is the main reason people are using LVS in association with haproxy, as it's really trivial to set up. Also, certain DNS servers present different views depending on the source IP address of the request, which is one case where proxying the traffic can cause trouble. > openvpn comes to mind also, but need to look carefully > with switching between two or more servers. Openvpn is a good example of why *not* to proxy the traffic. Openvpn's performance is limited by the fact that packets are bounced between kernel, user and kernel again, something which will affect haproxy as well. So in short, if you need more than one openvpn server for performance reasons, haproxy will not be able to stand the load either due to the cost of doing this bounce. In practice you'll need as many haproxy servers as openvpn servers and you'll need something in front of haproxy, which makes no sense as the same component can already load-balance openvpn then. As a rule of thumb, count on 1 million packet per second exchanged between user and kernel, and roughly half of this if the packet has to be forwarded by userland. If you're doing this in a VM, divide it by 3. > I'd say, udp balancing is tricky (thre's no syn/ack), so let us stick to > QUIC Yep totally agreed. Cheers, Willy
