Re: servers multiple sources

2016-03-25 Thread Willy Tarreau 
On Tue, Mar 22, 2016 at 11:16:04AM +0100, Beluc wrote:
> well, it's can become a real mess with lot of server and source :)

No because you just have to assign a source range to your loopback and
use all this range for all your servers. James is right. There's no way
you'll establish more than 64k connections to a same target from a
single source. Note that a trick also consists in having multiple
addresses (or ports) on your servers so that you can establish more
connections, but it often ends up eating many more addresses than
by having the aliases on the load balancer.

Willy

Re: servers multiple sources

2016-03-25 Thread Aleksandar Lazic 

Hi.

Am 25-03-2016 11:05, schrieb Beluc:

Hi,
@James Brown : sure ;)

I configure a server to use source a.b.c.d:1-6 and I got
"Connect() failed for backend abcd: no free ports."

Maybe a problem with kernel I use ...


or the range is not high enough

http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec70.html

what shows a

cat /proc/sys/net/ipv4/ip_local_port_range

or

sysctl -a|egrep ip_local_port_range

BR Aleks


Regards,

2016-03-22 18:45 GMT+01:00 James Brown :
Templating out (or entirely-procedurally-generating) your HAproxy 
config

file is a must once you exceed the bare minimum of complexity. :-)

Best of luck!

On Tue, Mar 22, 2016 at 3:16 AM, Beluc  wrote:


well, it's can become a real mess with lot of server and source :)
but sure, it works !

2016-03-21 19:21 GMT+01:00 James Brown :
> Why not just add each server multiple times with a different src
> parameter
> and a different name.
>
> Something like
>
> backend my_be
> mode tcp
> server server1_src1 10.1.0.1 source 10.0.0.1
> server server1_src2 10.1.0.1 source 10.0.0.2
> server server2_src1 10.1.0.2 source 10.0.0.1
> server server2_src2 10.1.0.2 source 10.0.0.2
>
> On Mon, Mar 21, 2016 at 8:20 AM, Beluc  wrote:
>>
>> Hi,
>>
>> We're trying to find a way to have multiple sources per server and
>> thus bypass 64k connections per server.
>>
>> We already tried with SNAT iptables :
>> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10
>>
>> without success because kernel is hashing real source ip and real
>> destination ip, so only one source ip nated is used (aka same as using
>> one different source per server).
>>
>> Any idea on achieving this ? maybe in lua ?
>>
>> Regards,
>>
>
>
>
> --
> James Brown
> Engineer





--
James Brown
Engineer

Re: servers multiple sources

2016-03-25 Thread Beluc 
Hi,
@James Brown : sure ;)

I configure a server to use source a.b.c.d:1-6 and I got
"Connect() failed for backend abcd: no free ports."

Maybe a problem with kernel I use ...

Regards,

2016-03-22 18:45 GMT+01:00 James Brown :
> Templating out (or entirely-procedurally-generating) your HAproxy config
> file is a must once you exceed the bare minimum of complexity. :-)
>
> Best of luck!
>
> On Tue, Mar 22, 2016 at 3:16 AM, Beluc  wrote:
>>
>> well, it's can become a real mess with lot of server and source :)
>> but sure, it works !
>>
>> 2016-03-21 19:21 GMT+01:00 James Brown :
>> > Why not just add each server multiple times with a different src
>> > parameter
>> > and a different name.
>> >
>> > Something like
>> >
>> > backend my_be
>> > mode tcp
>> > server server1_src1 10.1.0.1 source 10.0.0.1
>> > server server1_src2 10.1.0.1 source 10.0.0.2
>> > server server2_src1 10.1.0.2 source 10.0.0.1
>> > server server2_src2 10.1.0.2 source 10.0.0.2
>> >
>> > On Mon, Mar 21, 2016 at 8:20 AM, Beluc  wrote:
>> >>
>> >> Hi,
>> >>
>> >> We're trying to find a way to have multiple sources per server and
>> >> thus bypass 64k connections per server.
>> >>
>> >> We already tried with SNAT iptables :
>> >> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10
>> >>
>> >> without success because kernel is hashing real source ip and real
>> >> destination ip, so only one source ip nated is used (aka same as using
>> >> one different source per server).
>> >>
>> >> Any idea on achieving this ? maybe in lua ?
>> >>
>> >> Regards,
>> >>
>> >
>> >
>> >
>> > --
>> > James Brown
>> > Engineer
>
>
>
>
> --
> James Brown
> Engineer

Re: servers multiple sources

2016-03-22 Thread James Brown 
Templating out (or entirely-procedurally-generating) your HAproxy config
file is a must once you exceed the bare minimum of complexity. :-)

Best of luck!

On Tue, Mar 22, 2016 at 3:16 AM, Beluc  wrote:

> well, it's can become a real mess with lot of server and source :)
> but sure, it works !
>
> 2016-03-21 19:21 GMT+01:00 James Brown :
> > Why not just add each server multiple times with a different src
> parameter
> > and a different name.
> >
> > Something like
> >
> > backend my_be
> > mode tcp
> > server server1_src1 10.1.0.1 source 10.0.0.1
> > server server1_src2 10.1.0.1 source 10.0.0.2
> > server server2_src1 10.1.0.2 source 10.0.0.1
> > server server2_src2 10.1.0.2 source 10.0.0.2
> >
> > On Mon, Mar 21, 2016 at 8:20 AM, Beluc  wrote:
> >>
> >> Hi,
> >>
> >> We're trying to find a way to have multiple sources per server and
> >> thus bypass 64k connections per server.
> >>
> >> We already tried with SNAT iptables :
> >> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10
> >>
> >> without success because kernel is hashing real source ip and real
> >> destination ip, so only one source ip nated is used (aka same as using
> >> one different source per server).
> >>
> >> Any idea on achieving this ? maybe in lua ?
> >>
> >> Regards,
> >>
> >
> >
> >
> > --
> > James Brown
> > Engineer
>



-- 
James Brown
Engineer

Re: servers multiple sources

2016-03-22 Thread Beluc 
well, it's can become a real mess with lot of server and source :)
but sure, it works !

2016-03-21 19:21 GMT+01:00 James Brown :
> Why not just add each server multiple times with a different src parameter
> and a different name.
>
> Something like
>
> backend my_be
> mode tcp
> server server1_src1 10.1.0.1 source 10.0.0.1
> server server1_src2 10.1.0.1 source 10.0.0.2
> server server2_src1 10.1.0.2 source 10.0.0.1
> server server2_src2 10.1.0.2 source 10.0.0.2
>
> On Mon, Mar 21, 2016 at 8:20 AM, Beluc  wrote:
>>
>> Hi,
>>
>> We're trying to find a way to have multiple sources per server and
>> thus bypass 64k connections per server.
>>
>> We already tried with SNAT iptables :
>> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10
>>
>> without success because kernel is hashing real source ip and real
>> destination ip, so only one source ip nated is used (aka same as using
>> one different source per server).
>>
>> Any idea on achieving this ? maybe in lua ?
>>
>> Regards,
>>
>
>
>
> --
> James Brown
> Engineer

Re: servers multiple sources

2016-03-21 Thread James Brown 
Why not just add each server multiple times with a different src parameter
and a different name.

Something like

backend my_be
mode tcp
server server1_src1 10.1.0.1 source 10.0.0.1
server server1_src2 10.1.0.1 source 10.0.0.2
server server2_src1 10.1.0.2 source 10.0.0.1
server server2_src2 10.1.0.2 source 10.0.0.2

On Mon, Mar 21, 2016 at 8:20 AM, Beluc  wrote:

> Hi,
>
> We're trying to find a way to have multiple sources per server and
> thus bypass 64k connections per server.
>
> We already tried with SNAT iptables :
> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10
>
> without success because kernel is hashing real source ip and real
> destination ip, so only one source ip nated is used (aka same as using
> one different source per server).
>
> Any idea on achieving this ? maybe in lua ?
>
> Regards,
>
>


-- 
James Brown
Engineer