[leshan-dev] lwm2m servers load balancing DTLS with nginx.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[leshan-dev] lwm2m servers load balancing DTLS with nginx.

From: Андрій Захарків <zaharkiv567@xxxxxxxxx>
Date: Mon, 30 Jan 2017 18:59:55 +0200
Delivered-to: leshan-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/leshan-dev>
List-help: <mailto:leshan-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=unsubscribe>

Hi guys!

We are currently trying to configure LB on nginx for LWM2M servers.

We have successfully managed to configure it for COAP connections. Clients are connecting and being distributed among servers.

However, when we are trying to connect clients via Coaps if fails. It seems that handshake stages are distributed among servers and it causes this:

Jan 30, 2017 10:23:24 AM org.eclipse.californium.scandium.dtls.Record decryptAEAD
FINE: The explicit nonce used by the sender does not match the values provided in the DTLS record
Used : 00 01 00 00 00 00 00 00
Expected: 00 01 00 00 00 00 00 01
Jan 30, 2017 10:23:24 AM com.verizon.lwm2m.server.CustomDtlsConnector discardRecord
FINE: Discarding Handshake (22) record from peer [/172.17.0.4:33924]: MAC validation failed
Jan 30, 2017 10:23:25 AM com.verizon.lwm2m.server.CustomDtlsConnector handleTimeout
FINE: Re-transmitting flight for [/172.17.0.4:33924], [2] retransmissions left
Jan 30, 2017 10:23:29 AM com.verizon.lwm2m.server.CustomDtlsConnector handleTimeout
FINE: Re-transmitting flight for [/172.17.0.4:33924], [1] retransmissions left
Jan 30, 2017 10:23:30 AM com.verizon.lwm2m.server.CustomDtlsConnector processHandshakeRecord
FINE: Received Handshake (22) record from peer [/172.17.0.4:33924]
Jan 30, 2017 10:23:30 AM org.eclipse.californium.scandium.dtls.Record decryptHandshakeMessage
FINE: Parsing message without a session
Jan 30, 2017 10:23:30 AM com.verizon.lwm2m.server.CustomDtlsConnector processHandshakeRecord
FINE: Received Handshake (22) record from peer [/172.17.0.4:33924]
Jan 30, 2017 10:23:30 AM org.eclipse.californium.scandium.dtls.Record decryptAEAD
FINE: The explicit nonce used by the sender does not match the values provided in the DTLS record
Used : 00 01 00 00 00 00 00 00
Expected: 00 01 00 00 00 00 00 03
Jan 30, 2017 10:23:30 AM com.verizon.lwm2m.server.CustomDtlsConnector discardRecord

We have tried different nginx load balancing methods, including


hash $remote_addr:remote_port consistent;

Also worth to mention, if there is only 1 server behind nginx UDP loadbanacer, then everything works.

Any help on this is much appreciated.

Follow-Ups:
- Re: [leshan-dev] lwm2m servers load balancing DTLS with nginx.
  - From: Julien Vermillard

Prev by Date: Re: [leshan-dev] JSON format support
Next by Date: Re: [leshan-dev] lwm2m servers load balancing DTLS with nginx.
Previous by thread: [leshan-dev] JSON format support
Next by thread: Re: [leshan-dev] lwm2m servers load balancing DTLS with nginx.
Index(es):
- Date
- Thread

Breadcrumbs