L2JMobius

I need to use a load balancer to route the client calls through my game server.

goupgames · 5 · 145

Offline goupgames

  • Vassal
  • *
    • Posts: 2
Hi Guys,

 :) If this is not the correct area, please let me know.

I hope you can help me with a challenge...
I need to use a load balancer to route the client calls through my game server.
To do so, I set up the load balancer with two listeners, one listener to port 2106 and another listener to port 7777.
Then, in the same load balancer, I created two backend sets: a backend set called "backend2106", which forwards to the game server port 2106 whats been received in LB port 2106. In the same way, I create another backend set called "backend7777", which forwards to the game server port 7777 whats been received in LB port 7777.

As per my understanding, the client app operation goes to port 2106 looking for authentication (Step #1) and, once authenticated, goes to port 7777 to start the game (Step #2).
When I point the client app directly to the game server, everything works fine. When I point the client app to the Loadbalance IP, just Step #1, I mean, the authentication process, works fine. Step #2, which should be the game start keeps trying to connect but no response... Therefore, I believe that the first call touches LB port 2106 and then is successfully forwarded to the game server port 2106, however, for some reason the same does not happen with port 7777.
Does anybody have a clue on this? I mean, is that possible that the second call is not passing through the LB for some reason?

Note: before somebody starts asking... I need such  LB to be able to create some Web application Firewall (WAF) access rules regarding origin territories.


Offline Mechagon3k

  • Knight
  • ***
    • Posts: 54
1. What OS are you using on your game server?
2. Using WAF for gaming server machines, lol, why? It's not needed.

 


Offline goupgames

  • Vassal
  • *
    • Posts: 2
I use ubuntu. I use Oracle Cloud services.

To enable DDos protections at layer 7, I need to have WAF configured. For this it is necessary to use the loadbalancer to enable the protections.



Offline Mechagon3k

  • Knight
  • ***
    • Posts: 54
WAF - A web application firewall is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
https://en.wikipedia.org/wiki/Web_application_firewall

WAF is for web and not for gaming servers... as I said you don't need it. Using Ubuntu and UFW is all you need! (Trust me that I'm using it too and no incidents in 5 years).



Offline Trance

  • Elder
  • ****
    • Posts: 133
I use ubuntu. I use Oracle Cloud services.

To enable DDos protections at layer 7, I need to have WAF configured. For this it is necessary to use the loadbalancer to enable the protections.

You need to familiarize yourself about what you're talking about.

I'm pretty sure you're referring to L4 - which is where most of the attacks are happening.
L7 is only for the HTTP protocol -  flood is done by slowly opening up connections and then sending incomplete requests. You only need to accept *new* SYN packets and established connections; and of course deny anything else.

OVH has a firewall bug regarding the ACK flags. So you need to focus on that. Start by denying INVALID packets.