On 12 June 2017 at 16:54, Kevin Lin <[email protected]> wrote: > Hello, My name is Kevin Lin and I work with Ethan on Quilt (quilt.io). We > just started using load balancing for the project -- Ethan wanted me to > write to > you all with feedback on the load balancer, and to get some feedback on our > approach. > > For context, we have a number of containers connected to a single logical > switch. We would like to create load balancers across groups of these > containers. The load balancer should have it's own IP and MAC address, and > be accessible from any of the containers connected to the switch. > > The point that confused me about the load balancer was that it only > rewrites > the IP addresses, and doesn't handle MAC addresses for you. As a > result, it's very easy to set up a load balancer on a logical switch, that > changes the IP to the appropriate desitination container, but can't respond > ARPs or rewrite MAC addresses. This got us thinking, that what we really > want > is a load balancer attached to a logical router, but the documentation > seems to > indicate that this can't be set up without using a gateway. > > Anyways, we got it working, but we ended up with this rather convoluted > design: > - The load balancer is associated with the logical switch. > - A logical router is connected to the logical switch. That just responds > to > ARPs and forwards traffic sent to it back onto the logical switch (after > rewriting the MAC). > - The IP of the load balancer is associated with this logical router's > port. >
This is how we use it for kubernetes too. The general thought process I went with was that you won't have just a logical switch without some connected gateway (either logical router or external default gateway) and we offload the hairpin to the connected router. This is how kube-proxy works in google cloud too. I did not want to add the additional complexity of ARP responses from the load-balancer. > > This way, when containers ARP for and send traffic to a load balanced IP, > it > gets routed to the logical router, but the load balancer rules rewrite the > destination IP. The router then receives this packet, and routes it > through to > the rewritten IP. It works, but it's a bit of an unnatural hack. > > Hope this is helpful, > Kevin > > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
