I set up an eks in aws, I installed the traefik via helm charts, and I also added the nlb annotation to the UDP load balancer to make it work. There's a service listening to the UDP packets and it does, it's receiving the packet but with the wrong IP.
My question is that how can I configure the traefik UDP load balancer to forward the real IP of the client?
Can you confirm the address that Traefik is receiving is the real client source address?
Getting the correct IP address as the client source on incoming connections usually involves some configuration before Traefik to work properly, mainly on any load balancer / proxy that might be in front of it.
As an example for Kubernetes cloud providers its often required to set the service.spec.externalTrafficPolicy to Local to avoid being NATed on the load balancer provisioned by the cluster, see Using Source IP | Kubernetes
I mean is there a way to log out the received messages in the traefik-udp service? I tried turning on the logging on info level but I can see only the HTTP logs but not any udp packet-related log.
usually there is access logs to show what is incoming but to be honest I don't remember if the functionality shows anything useful or anything at all for UDP connections.
if you identified that the NLB uses the correct client IP than its probably a matter of letting Traefik know there is another load balancer in front of it and that it should trust it.
On TCP you can rely on enabling the proxy protocol on the entrypoint, reference here
For HTTP there is also the option to just trust X-Forwarded-* headers, reference here
Unfortunately for UDP we still don't support proxy protocol, tracked on this issue, and that might explain why you're just seeing the Traefik IP
@douglasdtm It's weird I managed to solve it with proxy_protocol.v2, but I'm confused about how the traefik works together with nlb, the load balancing might happen somehow without traefik. We decided to move on without traefik we experienced no difference with/without traefik.