Re: servers multiple sources
On Tue, Mar 22, 2016 at 11:16:04AM +0100, Beluc wrote: > well, it's can become a real mess with lot of server and source :) No because you just have to assign a source range to your loopback and use all this range for all your servers. James is right. There's no way you'll establish more than 64k connections to a same target from a single source. Note that a trick also consists in having multiple addresses (or ports) on your servers so that you can establish more connections, but it often ends up eating many more addresses than by having the aliases on the load balancer. Willy
Re: servers multiple sources
Hi. Am 25-03-2016 11:05, schrieb Beluc: Hi, @James Brown : sure ;) I configure a server to use source a.b.c.d:1-6 and I got "Connect() failed for backend abcd: no free ports." Maybe a problem with kernel I use ... or the range is not high enough http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec70.html what shows a cat /proc/sys/net/ipv4/ip_local_port_range or sysctl -a|egrep ip_local_port_range BR Aleks Regards, 2016-03-22 18:45 GMT+01:00 James Brown: Templating out (or entirely-procedurally-generating) your HAproxy config file is a must once you exceed the bare minimum of complexity. :-) Best of luck! On Tue, Mar 22, 2016 at 3:16 AM, Beluc wrote: well, it's can become a real mess with lot of server and source :) but sure, it works ! 2016-03-21 19:21 GMT+01:00 James Brown : > Why not just add each server multiple times with a different src > parameter > and a different name. > > Something like > > backend my_be > mode tcp > server server1_src1 10.1.0.1 source 10.0.0.1 > server server1_src2 10.1.0.1 source 10.0.0.2 > server server2_src1 10.1.0.2 source 10.0.0.1 > server server2_src2 10.1.0.2 source 10.0.0.2 > > On Mon, Mar 21, 2016 at 8:20 AM, Beluc wrote: >> >> Hi, >> >> We're trying to find a way to have multiple sources per server and >> thus bypass 64k connections per server. >> >> We already tried with SNAT iptables : >> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10 >> >> without success because kernel is hashing real source ip and real >> destination ip, so only one source ip nated is used (aka same as using >> one different source per server). >> >> Any idea on achieving this ? maybe in lua ? >> >> Regards, >> > > > > -- > James Brown > Engineer -- James Brown Engineer
Re: servers multiple sources
Hi, @James Brown : sure ;) I configure a server to use source a.b.c.d:1-6 and I got "Connect() failed for backend abcd: no free ports." Maybe a problem with kernel I use ... Regards, 2016-03-22 18:45 GMT+01:00 James Brown: > Templating out (or entirely-procedurally-generating) your HAproxy config > file is a must once you exceed the bare minimum of complexity. :-) > > Best of luck! > > On Tue, Mar 22, 2016 at 3:16 AM, Beluc wrote: >> >> well, it's can become a real mess with lot of server and source :) >> but sure, it works ! >> >> 2016-03-21 19:21 GMT+01:00 James Brown : >> > Why not just add each server multiple times with a different src >> > parameter >> > and a different name. >> > >> > Something like >> > >> > backend my_be >> > mode tcp >> > server server1_src1 10.1.0.1 source 10.0.0.1 >> > server server1_src2 10.1.0.1 source 10.0.0.2 >> > server server2_src1 10.1.0.2 source 10.0.0.1 >> > server server2_src2 10.1.0.2 source 10.0.0.2 >> > >> > On Mon, Mar 21, 2016 at 8:20 AM, Beluc wrote: >> >> >> >> Hi, >> >> >> >> We're trying to find a way to have multiple sources per server and >> >> thus bypass 64k connections per server. >> >> >> >> We already tried with SNAT iptables : >> >> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10 >> >> >> >> without success because kernel is hashing real source ip and real >> >> destination ip, so only one source ip nated is used (aka same as using >> >> one different source per server). >> >> >> >> Any idea on achieving this ? maybe in lua ? >> >> >> >> Regards, >> >> >> > >> > >> > >> > -- >> > James Brown >> > Engineer > > > > > -- > James Brown > Engineer
Re: servers multiple sources
Templating out (or entirely-procedurally-generating) your HAproxy config file is a must once you exceed the bare minimum of complexity. :-) Best of luck! On Tue, Mar 22, 2016 at 3:16 AM, Belucwrote: > well, it's can become a real mess with lot of server and source :) > but sure, it works ! > > 2016-03-21 19:21 GMT+01:00 James Brown : > > Why not just add each server multiple times with a different src > parameter > > and a different name. > > > > Something like > > > > backend my_be > > mode tcp > > server server1_src1 10.1.0.1 source 10.0.0.1 > > server server1_src2 10.1.0.1 source 10.0.0.2 > > server server2_src1 10.1.0.2 source 10.0.0.1 > > server server2_src2 10.1.0.2 source 10.0.0.2 > > > > On Mon, Mar 21, 2016 at 8:20 AM, Beluc wrote: > >> > >> Hi, > >> > >> We're trying to find a way to have multiple sources per server and > >> thus bypass 64k connections per server. > >> > >> We already tried with SNAT iptables : > >> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10 > >> > >> without success because kernel is hashing real source ip and real > >> destination ip, so only one source ip nated is used (aka same as using > >> one different source per server). > >> > >> Any idea on achieving this ? maybe in lua ? > >> > >> Regards, > >> > > > > > > > > -- > > James Brown > > Engineer > -- James Brown Engineer
Re: servers multiple sources
well, it's can become a real mess with lot of server and source :) but sure, it works ! 2016-03-21 19:21 GMT+01:00 James Brown: > Why not just add each server multiple times with a different src parameter > and a different name. > > Something like > > backend my_be > mode tcp > server server1_src1 10.1.0.1 source 10.0.0.1 > server server1_src2 10.1.0.1 source 10.0.0.2 > server server2_src1 10.1.0.2 source 10.0.0.1 > server server2_src2 10.1.0.2 source 10.0.0.2 > > On Mon, Mar 21, 2016 at 8:20 AM, Beluc wrote: >> >> Hi, >> >> We're trying to find a way to have multiple sources per server and >> thus bypass 64k connections per server. >> >> We already tried with SNAT iptables : >> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10 >> >> without success because kernel is hashing real source ip and real >> destination ip, so only one source ip nated is used (aka same as using >> one different source per server). >> >> Any idea on achieving this ? maybe in lua ? >> >> Regards, >> > > > > -- > James Brown > Engineer
Re: servers multiple sources
Why not just add each server multiple times with a different src parameter and a different name. Something like backend my_be mode tcp server server1_src1 10.1.0.1 source 10.0.0.1 server server1_src2 10.1.0.1 source 10.0.0.2 server server2_src1 10.1.0.2 source 10.0.0.1 server server2_src2 10.1.0.2 source 10.0.0.2 On Mon, Mar 21, 2016 at 8:20 AM, Belucwrote: > Hi, > > We're trying to find a way to have multiple sources per server and > thus bypass 64k connections per server. > > We already tried with SNAT iptables : > iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10 > > without success because kernel is hashing real source ip and real > destination ip, so only one source ip nated is used (aka same as using > one different source per server). > > Any idea on achieving this ? maybe in lua ? > > Regards, > > -- James Brown Engineer