You're right... documentation says about "source x.x.x.x" : "the IPv4 address HAProxy will bind to before connecting to a server."
Actually, I use very often "source 0.0.0.0" combined with "usesrc clientip". In such configuration, HAProxy will let the system choose the right outgoing interface address but will spoof client IP when binding the connection to the server. if an IP address is specified instead of 0.0.0.0, HAProxy will choose the corresponding NIC for outgoing traffic (but still spoofing client ip when connecting). That said, it deserve a try :) Let me configure a few aliases on my loopback and try different configuration, then come back to you. Baptiste On Mon, Aug 19, 2013 at 11:16 AM, Lukas Tribus <[email protected]> wrote: > Hi Baptiste, > > >> when using "source x.x.x.x", haproxy will use the NIC which hosts the >> IP address x.x.x.x to try to reach the server. >> then your kernel will pick up the main IP address configured on the >> corresponding nic, that's why it works when you have one IP per NIC >> but it doesn't work when you have many aliases. > > > Are you sure about this? The documentation certainly suggests otherwise [1]. > I think you are confusing it with the "interface" keyword. > > The interface keyword sets SO_BINDTODEVICE, which does what you describe > above. The source keyword however calls bind() to set the local ip address, > according to the strace I did some time ago. > > It don't see a reason why we need TPROXY support in the kernel, just to > set the outgoing ip address in Nerilaunt's scenario. > > > > Regards, > > Lukas > > > [1] > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#source%20%28Alphabetically%20sorted%20keywords%20reference%29
