Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T4904: keepalived virtual-server allow multiple ports with fwmark #1735

Merged
merged 1 commit into from
Jan 4, 2023
Merged

T4904: keepalived virtual-server allow multiple ports with fwmark #1735

merged 1 commit into from
Jan 4, 2023

Conversation

sever-sever
Copy link
Member

Allow multiple ports for high-availability virtual-server The current implementation allows balance only one "virtual" address and port between several "real servers"
Allow matching "fwmark" to set traffic which should be balanced.

Allow setting port 0 (all traffic) if we use "fwmark" Add health-check script.

Change Summary

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Component(s) name

keepalive, virtual-server

Proposed changes

How to test

We can mark just required ports without IP addresses or with them
And use fwmark value for virtual-server
Also, we use "port 0" as we mark several ports

VyOS config:

set interfaces ethernet eth0 address '192.0.2.1/24'
set interfaces ethernet eth0 description 'LAN'
set interfaces ethernet eth4 address 'dhcp'
set interfaces ethernet eth4 description 'WAN'

set policy route PR interface 'eth4'
set policy route PR rule 10 destination port '80,2222,8888'
set policy route PR rule 10 protocol 'tcp'
set policy route PR rule 10 set mark '111'

set high-availability virtual-server 203.0.113.1 fwmark '111'
set high-availability virtual-server 203.0.113.1 protocol 'tcp'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.12 health-check script '/bin/true'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.12 port '0'

set nat source rule 100 outbound-interface 'eth4'
set nat source rule 100 source address '192.0.2.0/24'
set nat source rule 100 translation address 'masquerade'

Keepal;lived config

vyos@r1# cat /run/keepalived/keepalived.conf 
...
# Virtual-server configuration
# Vserver 203.0.113.1
virtual_server fwmark 111 {
    delay_loop 10
    lb_algo lc
    lb_kind NAT
    persistence_timeout 300
    protocol TCP
    real_server 192.0.2.11 0 {
        weight 1
        MISC_CHECK {
            misc_path /bin/true
        }
    }
    real_server 192.0.2.12 0 {
        weight 1
        MISC_CHECK {
            misc_path /bin/true
        }
    }
}

Show virtual-server

vyos@r1# run show virtual-server 
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  111 lc persistent 300
  -> 192.0.2.11:0                 Masq    1      0          0         
  -> 192.0.2.12:0                 Masq    1      1          0
[edit]
vyos@r1#

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@sever-sever
T4904: keepalived virtual-server allow multiple ports with fwmark
4923491 
Allow multiple ports for high-availability virtual-server
The current implementation allows balance only one "virtual" address
and port between between several "real servers"
Allow matching "fwmark" to set traffic which should be balanced

Allow to set port 0 (all traffic) if we use "fwmark"
Add health-check script

  set high-availability virtual-server 203.0.113.1 fwmark '111'
  set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true'
  set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'
@c-po c-po requested review from a team, dmbaturin, sarthurdev, zdc, jestabro and c-po and removed request for a team January 2, 2023 19:07
@sever-sever sever-sever merged commit f5af95b into vyos:current Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin is a code owner automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

Assignees

@sever-sever sever-sever

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sever-sever @c-po