Elastic Agent TCP Input - Proxy Protocol

lduvnjak · June 20, 2024, 11:25am

We're trying to configure load balancing for certain integrations that listen on a specific TCP port for incoming traffic, for example Cisco FTD.

The LB is Nginx and it's load balancing on L4 (stream module). Here's the Nginx configuration:

    # Cisco FTD LB
    upstream ftd-ingress {
        server server01:9003;
        server server02:9003;
    }

    server {
        listen  9003;
        proxy_pass ftd-ingress;
        proxy_protocol on;
        proxy_connect_timeout 360s;
        proxy_timeout 360s;
    }

When proxy_protocol is set to on it doesn't work because the Agent does not understand the Proxy Protocol. Is there any way we can load balance the traffic while still having the source IP information in Elasticsearch?

On UDP it is possible with proxy_bind $remote_addr transparent;, however that does not work on TCP.

Cheers,
Luka

lduvnjak · June 21, 2024, 8:32am

To sum up, does the Elastic Agent/Filebeat TCP input support the proxy protocol? If not, is there any plan to do so?
It can be solved by mangling packets on the LB, but that does not seem like an elegant solution.

Topic		Replies	Views
Logstash-tcp-input not parsing proxy protocol header Logstash	1	896	March 8, 2018
Filebeat TCP input with Nginx Module Beats filebeat	7	889	April 29, 2020
Elastic agent and port mirroring Elastic Agent	2	266	July 18, 2023
Elastic agent Does not receive traffic, but it reaches the Linux server Kibana	8	303	May 24, 2023
TCP input failed with Checkpoint syslog integration Beats docker , filebeat	1	265	August 2, 2023

Elastic Agent TCP Input - Proxy Protocol

Related topics