SNAT的时候,如果网卡上配置了10个ip,如何做负载均衡 #26
-
|
就是 snat的时候,随机或者hash一个外部ip做snat |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 8 replies
-
|
The external IP address selection is not implemented and difficult to implement in eBPF. However einat do support So you can add |
Beta Was this translation helpful? Give feedback.
-
|
这个功能必须要求kernel > = 6.7 吗? |
Beta Was this translation helpful? Give feedback.
-
|
用kernel >= 6.7 测试成功了,用ip ru add from 192.168.1.100 table 2 的方式,可以改变snat ip ,但是用 ip ru add fwmark 的方式不行,snat后都是同一个ip。 iptables 在mangle表上用-i br-lan 和 -s 192.168.1.100 的方式打上fwmark. |
Beta Was this translation helpful? Give feedback.
-
|
Yeah, the fwmark was not passed as FIB lookup parameter because there was no such field in kernel's And I just checked the latest kernel source, there is now torvalds/linux@5311591 to FIB lookup with fwmark. So I will update einat to also pass fwmark per this change, though it would requires Linux kernel>=6.10. |
Beta Was this translation helpful? Give feedback.
-
|
With b0942c0, you can actually balancing by source or destination port. And with e71806b and Linux kernel>=6.10, you can have ip rule with fwmark filter being matched. Download snapshot build in https://github.com/EHfive/einat-ebpf/actions/runs/13416468751 |
Beta Was this translation helpful? Give feedback.
-
|
我试试,感谢高效率的更新。 |
Beta Was this translation helpful? Give feedback.
-
|
环境 ip netns exec router ip addr add 10.0.2.101/24 dev veth_r_s2 ip netns exec router ip r add default dev veth_r_s2 src 10.0.2.100 table 2 ip netns exec router ip ru add sport 8000 table 2 用的snapsot中的einat-static-x86_64-unknown-linux-musl -c einat.toml 用 |
Beta Was this translation helpful? Give feedback.
-
ip netns exec router ip addr add 10.0.1.100/24 dev veth_r_s1
ip netns exec router ip addr add 10.0.1.200/24 dev veth_r_s1
ip netns exec router ip route add default dev veth_r_s1 src 10.0.1.100 table 2
ip netns exec router ip route add default dev veth_r_s1 src 10.0.1.200 table 3
ip netns exec router ip rule add sport 8001 table 2
ip netns exec router ip rule add sport 8002 table 3
ip netns exec router /path/to/einat -i veth_r_s1 >/dev/null 2>&1 &
ip netns exec server1 ncat --broker -luv -p 4000 -o /dev/stdout &
sleep 1
ip netns exec device1 nc -uq0 -p 8001 10.0.1.1 4000 <<<"test 8001"
ip netns exec device1 nc -uq0 -p 8002 10.0.1.1 4000 <<<"test 8002"
ip netns exec device1 nc -uq0 -p 8003 10.0.1.1 4000 <<<"test 8003"
sleep 1Well, it's working here(on linux kernel 6.13). Notice the source address after "Connection from" changes, reflecting ip rules above. Maybe you have misconfigured something there? |
Beta Was this translation helpful? Give feedback.
-
|
可能是kernel版本不够高,我弄个高版本内核测试一下。 |
Beta Was this translation helpful? Give feedback.
-
|
用了ubuntu 24.10 , kernel 6.11.0-8-generic 测试,基于源端口和fwmark还是snat到同一个ip了。 测试脚本: ip -all netns delete enable forwardingip netns add server1 ip link add veth_r_s1 netns router type veth peer veth_s1_r netns server1 ip link add br-lan netns router type bridge server: setup networkip netns exec server1 ip addr add 10.0.1.1/24 dev veth_s1_r server2ip netns exec server2 ip addr add 10.0.2.1/24 dev veth_s2_r router: setup external networksip netns exec router ip addr add 10.0.1.100/24 dev veth_r_s1 router: setup LANip netns exec router ip link set veth_r_d1 master br-lan ip netns exec router sysctl net.ipv4.ip_forward=1 device: setup networkip netns exec device1 ip addr add 192.168.1.100/24 dev veth_d1_r device2ip netns exec device2 ip addr add 192.168.1.200/24 dev veth_d2_r ip netns exec device1 nc -uq0 -p 8001 10.0.1.1 4000 <<<"test 8001" 测试结果:
|
Beta Was this translation helpful? Give feedback.
-
|
Make sure your are running einat from snapshot build, and if it's still not working, run the test with einat(snapshot build of course) flag |
Beta Was this translation helpful? Give feedback.
-
|
确实是我搞错版本了,下载的snap页面文件扩展名没有zip,我就想当然的把之前下载的老版本当成新版本用了,感谢。 |
Beta Was this translation helpful? Give feedback.
-
|
可以正常工作了。后续会发到release版本里面去吗。 |
Beta Was this translation helpful? Give feedback.
With b0942c0, you can actually balancing by source or destination port.
And with e71806b and Linux kernel>=6.10, you can have ip rule with fwmark filter being matched.
Download snapshot build in https://github.com/EHfive/einat-ebpf/actions/runs/13416468751