Q: is it possible to select source alias IP for different traffic by using diff route table

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry if this sounds newbie-ish,

I got a HAproxy dual node cluster with 4 VIP on the active node on which I would like to have various return/outbound traffic leave through their own source vIP but to the same GW (firewall in front of this HAproxy cluster), only I fail to make this happen, all traffic seem to leave from the same default source IP for default route in main table. So I figure my rules for selecting a different route table may be wrong Question is can this be corrected somehow?

# My IPs from the active node:
# .253 is physical node’s IP, other node is .254
# 10.45.70.252, .248,.247,.246 are VIP used for load balancing different services
# I want to have traffic from different real server pools on their different vlans behind this HAproxy cluster leave through the same default GW but with each their vIP as source
# to separate their IP reputation.
 
[root@hapA ~]# ip a| grep inet
    inet 127.0.0.1/8 scope host lo
    # physical node IP
    inet 10.45.69.253/24 brd 10.45.69.255 scope global eth0
    inet 10.45.69.252/32 scope global eth0
    inet 10.45.70.253/24 brd 10.45.70.255 scope global eth1
    # VIPs
    inet 10.45.70.246/32 scope global eth1
    inet 10.45.70.247/32 scope global eth1
    inet 10.45.70.248/32 scope global eth1
    inet 10.45.70.252/32 scope global eth1
    # physical IP on different vlan
    inet 10.7.0.253/24 brd 10.7.0.255 scope global eth2
    # VIP of different vlan
    inet 10.7.0.246/32 scope global eth2
    inet 10.7.0.247/32 scope global eth2
    inet 10.7.0.248/32 scope global eth2
    inet 10.7.0.252/32 scope global eth2
    # physical IP on different vlan
    inet 10.8.1.253/24 brd 10.8.1.255 scope global eth3
    # VIP of different vlan
    inet 10.8.1.247/32 scope global eth3
    # physical IP on different vlan
    inet 10.8.2.253/24 brd 10.8.2.255 scope global eth4
    # VIP of different vlan
    inet 10.8.2.252/32 scope global eth4
    # physical IP on different vlan
    inet 10.8.3.253/24 brd 10.8.3.255 scope global eth5
    # VIP of different vlan
    inet 10.8.3.246/32 scope global eth5
    inet 10.8.3.252/32 scope global eth5

# my test rules
[root@hapA ~]# ip rule show
0:      from all lookup local 
32761:  from 10.7.0.0/24 lookup hapv2 
32762:  from 10.7.0.248 lookup hapv2 
32763:  from 10.7.0.247 lookup hapv3 
32765:  from all fwmark 0x1 lookup haprxmark 
32766:  from all lookup main 
32767:  from all lookup default 

# my route tables
[root@hapA ~]# ip route show table hapv2
default via 10.45.70.249 dev eth1  src 10.45.70.248 
10.7.0.0/24 dev eth2  proto kernel  scope link  src 10.7.0.248 

[root@hapA ~]# ip route show table hapv3
default via 10.45.70.249 dev eth1  src 10.45.70.247 

[root@hapA ~]# ip route show table hapv4
default via 10.45.70.249 dev eth1  src 10.45.70.246 
10.7.0.0/24 dev eth2  proto kernel  scope link  src 10.7.0.253 
10.8.1.0/24 dev eth3  proto kernel  scope link  src 10.8.1.253 
10.8.2.0/24 dev eth4  proto kernel  scope link  src 10.8.2.253 
10.8.3.0/24 dev eth5  proto kernel  scope link  src 10.8.3.253 
10.45.69.0/24 dev eth0  proto kernel  scope link  src 10.45.69.253 
10.45.70.0/24 dev eth1  proto kernel  scope link  src 10.45.70.253 

[root@hapA ~]# ip route show table main
default via 10.45.70.249 dev eth1 
10.7.0.0/24 dev eth2  proto kernel  scope link  src 10.7.0.253 
10.8.1.0/24 dev eth3  proto kernel  scope link  src 10.8.1.253 
10.8.2.0/24 dev eth4  proto kernel  scope link  src 10.8.2.253 
10.8.3.0/24 dev eth5  proto kernel  scope link  src 10.8.3.253 
10.45.69.0/24 dev eth0  proto kernel  scope link  src 10.45.69.253 
10.45.70.0/24 dev eth1  proto kernel  scope link  src 10.45.70.253 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
169.254.0.0/16 dev eth2  scope link  metric 1004 
169.254.0.0/16 dev eth3  scope link  metric 1005 
169.254.0.0/16 dev eth4  scope link  metric 1006 
169.254.0.0/16 dev eth5  scope link  metric 1007 

My various real server have default gw set to various vIP in their respective vlans, f.ex. some use 10.7.0.246 others 10.45.69.252 and I would like such traffic to leave from 10.45.70.246 and others from 10.45.70.252 through the same FW/default GW 10.45.70.249.

Only I see everything leaving as of 10.45.70.253, would it be possible to change source IP when leave from the same physical NIC with different route tables?

TIA

/Steffen


--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux