On Fri, 27 Dec 2019 at 12:17, Stuart Henderson <[email protected]> wrote:
> On 2019-12-26, Thomas Huber <[email protected]> wrote: > > I just tried to get a little deeper into load-balancing and try > > to use relayd(8) in a dynamic (translate to microservices) environment > > where I´l like to add and remove hosts on the fly. > > After some reading I thought I should use tables for this purpose. > > > > relayctl(8) only allows to enable or disable complete tables but not > > to alter a table. > > > > So I checked out > > > > 'pfctl -t <table> -T add ' > > > > which should do exactly what I want. > > That manipulates tables in PF not in relayd. > > > But unfortunatelly the tables (to relay or redirect) are not > > present in 'pfctl -s Table' > > relayd *uses* PF tables for redirect (but not relay). They are added > under PF "anchors". See the list of relayd's anchors with pfctl -sA -a > relayd. See the list of tables attached to an anchor with pfctl -sT -a > relayd/RDR_someanchor. See table contents with pfctl -a RDR_someanchor > -t RDR_sometable -Ts. But changing PF tables doesn't feed back to > relayd. It won't start doing health checks for added hosts, etc. > > thanks for the details, Stuart. This makes absolute sense. > > I just hava a small setup to play, no real hosts or serverices attached > > but before growing bigger I wanted to ask here if this should be > > possible how I try it or another idea how to alter realyd(8) tables > > without updating relay.conf(5) and reload. > > You need to update the config and reload. This is probably easier if > you use a short file containing just the table definition and use > "include". > sure. or work with some kind of template for the config-file. The first idea I had to react on more dynamic host changes was to utilze the '-D macro=value' for relayd. But I guess this also has some downsides. > > If you want something with more dynamic runtime configuration, haproxy > is in ports, runs ok on OpenBSD and maybe a better fit. relayd has lower > overhead in cases where packets are sent unmodified (it uses SO_SPLICE > for simple TCP relays to hand-off packet shuffling to the kernel; > haproxy can do this on Linux using splice(2) on Linux but doesn't > use SO_SPLICE) but that's irrelevant in other cases (e.g. if the > load-balancer terminates TLS connections) and might otherwise be a > better fit for microservices. > haproxy would be my weappon of choice but of course it is always nicer to use the OpenBSD onboard-tools. And thanks again for details about syscalls here. Quite interesting too me. I´ll try to extend my setup and do some kind of benchmarking with relayd, haproy (on Linux and OpenBSD) and maybe nginx.
