You're misunderstanding outgoing interface and bound IP address. when using "source x.x.x.x", haproxy will use the NIC which hosts the IP address x.x.x.x to try to reach the server. then your kernel will pick up the main IP address configured on the corresponding nic, that's why it works when you have one IP per NIC but it doesn't work when you have many aliases.
To make it work in both cases, simply use "source 0.0.0.0 usesrc x.x.x.x", that way, HAProxy will let the kernel to choose the right outgoing NIC but will tell the kernel which IP to bind to when connecting to the remote server. Baptiste On Fri, Aug 16, 2013 at 7:21 PM, Nerilaunt <[email protected]> wrote: > Hello, > >> source a.b.c.d tels haproxy which network interface to use to reach the >> server. > > Yes > >> Now I understand that what you want is to use the IP a.b.c.d to get >> connected onto the server. Am I right? > > Not sure to understand the difference. > > On my server I have lot of IP addresses, one or two by customer. > > With the production server (one nic, and aliases) all connexions > between haproxy and the backends are from the same IP, source doesn't > change anything. > With the dev server (multiple nic) each backend connexion are > correctly from the "source" ip. > > Prod : > > Public IP : > 192.168.1.a (customer #1) > 192.168.1.b (customer #2) > 192.168.1.c (customer #3) > > IP used by HAproxy to communicate with customers backends and > monitoring checks : > Always 192.168.1.a > > Dev : > > Public IP : > 192.168.1.a (customer #1) > 192.168.1.b (customer #2) > 192.168.1.c (customer #3) > > IP used by HAproxy to communicate with customers backends and > monitoring checks : > 192.168.1.a (customer #1) > 192.168.1.b (customer #2) > 192.168.1.c (customer #3) > > Is it more understandable ? > > Thanks, > > Neri > >> >> Baptiste >> >> >> On Fri, Aug 16, 2013 at 2:40 PM, Nerilaunt <[email protected]> wrote: >>> Hi, >>> >>> I think I have found the problem. >>> >>> On the production server, we have one real nic (eth0) and ~20 alias >>> (eth0:1, eth0:2, ...). >>> The routing table show only one route by ip range and real nic, alias >>> are not shown. >>> >>> On a test server, with multiple nic, we have one route by nic. And >>> adding "source 192.168.x.x" works perfectly. >>> >>> Do you see what I mean ? Do you think it's really the cause, and if >>> yes, how can I do ? >>> >>> Thanks, >>> >>> Neri >>> >>> 2013/7/31 Nerilaunt <[email protected]>: >>>> Hi, >>>> >>>>> Is 192.168.1.1 a virtual IP or is it configured on an actual interface? >>>> >>>> 192.168.1.1 is one of the multiple interface on the server ; ~20 alias like >>>> >>>> auto eth0:17 >>>> allow-hotplug eth0:17 >>>> iface eth0:17 inet static >>>> address 192.168.1.100 >>>> netmask 255.255.255.0 >>>> gateway 192.168.1.254 >>>> >>>> auto eth0:18 >>>> allow-hotplug eth0:18 >>>> iface eth0:18 inet static >>>> address 192.168.1.1 >>>> netmask 255.255.255.0 >>>> gateway 192.168.1.254 >>>> >>>> The ip address used by haproxy is the IP i can see when I do a "ip route" : >>>> >>>> 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 >>>> >>>>> Try enabling ip_nonlocal_bind, although I'm not sure this affects >>>>> the source ip: >>>>> echo 1> /proc/sys/net/ipv4/ip_nonlocal_bind >>>> >>>> That doesn't change anything (and it seems normal, because IP really exist) >>>> >>>>> If it still doesn't work, please provide the output of "haproxy -vv" >>>> >>>> HA-Proxy version 1.5-dev19 2013/06/17 >>>> Copyright 2000-2013 Willy Tarreau <[email protected]> >>>> >>>> Build options : >>>> TARGET = linux26 >>>> CPU = generic >>>> CC = gcc >>>> CFLAGS = -O2 -g -fno-strict-aliasing >>>> OPTIONS = USE_OPENSSL=1 >>>> >>>> Default settings : >>>> maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 >>>> >>>> Encrypted password support via crypt(3): yes >>>> Built without zlib support (USE_ZLIB not set) >>>> Compression algorithms supported : identity >>>> Built with OpenSSL version : OpenSSL 0.9.8g 19 Oct 2007 >>>> Running on OpenSSL version : OpenSSL 0.9.8g 19 Oct 2007 >>>> OpenSSL library supports TLS extensions : yes >>>> OpenSSL library supports SNI : yes >>>> OpenSSL library supports prefer-server-ciphers : yes >>>> Built without PCRE support (using libc's regex instead) >>>> >>>> Available polling systems : >>>> epoll : pref=300, test result OK >>>> poll : pref=200, test result OK >>>> select : pref=150, test result OK >>>> Total: 3 (3 usable), will use epoll. >>>> >>>>> and ´strace´ the issue. >>>> >>>> It's not easy, it's on a production server, i will try to debug with a >>>> dev server. >>>> >>>> Thanks for your help. >>>> >>>> Neri >>>
