vmm workflow

2017-08-16 Thread Carlos Cardenas
Howdy.

I've been playing around with vmm(4) on 6.1 and have noticed a few
things that seem odd.

Take the following vm.conf:
ramdisk="/home/los/vmm/bsd.rd-current"
switch "local" {
add vether0
}
vm "test.vm" {
boot $ramdisk
disable
owner los
memory 2G
disk "/home/los/vmm/test.vm.img"
interface { switch "local" }
}

Doing vmd -n yields:
/etc/vm.conf:6: syntax error

Removing the boot line yields a warning about unused macro (referring
to ramdisk).

So now my config is:
switch "local" {
add vether0
}
vm "test.vm" {
disable
owner los
memory 2G
disk "/home/los/vmm/test.vm.img"
interface { switch "local" }
}

vmd(8) is happy and am expecting
vmctl start "test.vm" -b "/home/los/vmm/bsd.rd-current" -c
to work since all the other params have been defined in vm.conf.

Instead I get:
vmctl: starting without disks
vmctl: starting without network interfaces
vmctl: start vm command failed: Operation not permitted

Increasing verbose log on vmd gets me:
startup
/etc/vm.conf:4: switch "local" registered
/etc/vm.conf:11: vm "test.vm" registered (disabled)
vm_priv_brconfig: interface bridge0 description switch1-local
vm_priv_brconfig: interface bridge0 add vether0
vmd_configure: not creating vm test.vm (disabled)
denied request 3 from uid 1000

However, if I perform a "doas vmctl start" first (along with
install) and then define it in vm.conf, "vmctl start 'test.vm'" works as
expected.

What is the expected workflow for vmm?

Any ideas on why the boot $ramdisk line is error'ing out?

+--+
Carlos



Re: OpenBSD-based ISP

2017-08-16 Thread Hrvoje Popovski
On 16.8.2017. 19:55, Juan Guillermo Narvaez wrote:
> Hello everyone!
> 
> I'm relative new using OpenBSD, I have just 4 years using this OS for dhcp
> servers.
> Today I have the mission of implement this OS in a cablemodem headend, in
> my first try I get negative results with this rules:
> 
> *pass all flags S/SA*
> 
> *#LAN*
> *match out log on bge0 inet from 192.168.254.0/24 
> to any nat-to 200.91.35.55*
> *pass on bge0 inet from 192.168.254.0/24  to any
> flags S/SA*
> *#CPE Network*
> *match out on bge0 inet from 172.21.0.0/19  to any
> nat-to 200.91.35.55*
> *pass on bge0 inet from 172.21.0.0/19  to any flags
> S/SA*
> 
> This is a basic PF that I use for this try, the CPE network has 900 active
> customers.
> When I put the whole customer network traffic through my OpenBSD router the
> traffic tend to fall slowly and the LAN network is really slow too. I read
> about a lot of 'tweaks' the high performance configurations but I think
> that OpenBSD can handle 400mbps without tweaking.
> 
> I'm wrong?
> What am I doing bad?
> 
> Thank you!
> 
> 
> 
> 

could you send dmesg, cat /etc/sysctl.conf and sysctl | grep ifq

i'm having 2 old Dell R610 with 2 x E5630 cpu and bcm5709 nic's in very
standard pf,carp,pfsync,pflow setup and on top of that i'm logging
everything. boxes are doing cca 100k states and having around 2k hosts
behind them ... of course that i'm running -current :)



Re: OpenBSD-based ISP

2017-08-16 Thread Robert Blacquiere
Just some more pointers? Please correct me if I am saying some thing
wrong. 

Maybe also good to look at cpu interupts. I'me not sure how good if_bge
today are. I found them in the past "slowly" eating interrupts when
passing lot of small sized traffic. How is your avarage packet size? 

I could blast 1000 mbit on if_em interfaces but only 400mbit when very
small packets. So also a thing to check. Also check interface drops. 

Regards

Robert 

On Wed, Aug 16, 2017 at 04:34:50PM -0300, Juan Guillermo Narvaez wrote:
> Thanks James, now I'm trying with 3K customers and 1M states.
> 
> I will comments my results to the list when a finish.
> 
> Guillermo.
> 
> On Wed, Aug 16, 2017 at 4:01 PM, James Shupe  wrote:
> 
> > Have you raised states? 10K is the default I believe, the most likely
> > culprit.
> >
> > On 8/16/2017 12:55 PM, Juan Guillermo Narvaez wrote:
> > > Hello everyone!
> > >
> > > I'm relative new using OpenBSD, I have just 4 years using this OS for
> > dhcp
> > > servers.
> > > Today I have the mission of implement this OS in a cablemodem headend, in
> > > my first try I get negative results with this rules:
> > >
> > > *pass all flags S/SA*
> > >
> > > *#LAN*
> > > *match out log on bge0 inet from 192.168.254.0/24 <
> > http://192.168.254.0/24>
> > > to any nat-to 200.91.35.55*
> > > *pass on bge0 inet from 192.168.254.0/24  to
> > any
> > > flags S/SA*
> > > *#CPE Network*
> > > *match out on bge0 inet from 172.21.0.0/19  to any
> > > nat-to 200.91.35.55*
> > > *pass on bge0 inet from 172.21.0.0/19  to any
> > flags
> > > S/SA*
> > >
> > > This is a basic PF that I use for this try, the CPE network has 900
> > active
> > > customers.
> > > When I put the whole customer network traffic through my OpenBSD router
> > the
> > > traffic tend to fall slowly and the LAN network is really slow too. I
> > read
> > > about a lot of 'tweaks' the high performance configurations but I think
> > > that OpenBSD can handle 400mbps without tweaking.
> > >
> > > I'm wrong?
> > > What am I doing bad?
> > >
> > > Thank you!
> > >
> > >
> > >
> > >
> >
> > --
> > James Shupe, HermeTek
> > developer/ engineer
> > BSD/ Linux support & hosting
> > jsh...@hermetek.com | www.hermetek.com
> > Office 5127922525 | Mobile 5122846350
> >
> >
> >
> 
> 
> -- 
> J. Guillermo Narvaez
> @_aran0id



Re: OpenBSD-based ISP

2017-08-16 Thread Juan Guillermo Narvaez
Thanks James, now I'm trying with 3K customers and 1M states.

I will comments my results to the list when a finish.

Guillermo.

On Wed, Aug 16, 2017 at 4:01 PM, James Shupe  wrote:

> Have you raised states? 10K is the default I believe, the most likely
> culprit.
>
> On 8/16/2017 12:55 PM, Juan Guillermo Narvaez wrote:
> > Hello everyone!
> >
> > I'm relative new using OpenBSD, I have just 4 years using this OS for
> dhcp
> > servers.
> > Today I have the mission of implement this OS in a cablemodem headend, in
> > my first try I get negative results with this rules:
> >
> > *pass all flags S/SA*
> >
> > *#LAN*
> > *match out log on bge0 inet from 192.168.254.0/24 <
> http://192.168.254.0/24>
> > to any nat-to 200.91.35.55*
> > *pass on bge0 inet from 192.168.254.0/24  to
> any
> > flags S/SA*
> > *#CPE Network*
> > *match out on bge0 inet from 172.21.0.0/19  to any
> > nat-to 200.91.35.55*
> > *pass on bge0 inet from 172.21.0.0/19  to any
> flags
> > S/SA*
> >
> > This is a basic PF that I use for this try, the CPE network has 900
> active
> > customers.
> > When I put the whole customer network traffic through my OpenBSD router
> the
> > traffic tend to fall slowly and the LAN network is really slow too. I
> read
> > about a lot of 'tweaks' the high performance configurations but I think
> > that OpenBSD can handle 400mbps without tweaking.
> >
> > I'm wrong?
> > What am I doing bad?
> >
> > Thank you!
> >
> >
> >
> >
>
> --
> James Shupe, HermeTek
> developer/ engineer
> BSD/ Linux support & hosting
> jsh...@hermetek.com | www.hermetek.com
> Office 5127922525 | Mobile 5122846350
>
>
>


-- 
J. Guillermo Narvaez
@_aran0id


Re: OpenBSD-based ISP

2017-08-16 Thread James Shupe
Have you raised states? 10K is the default I believe, the most likely
culprit.

On 8/16/2017 12:55 PM, Juan Guillermo Narvaez wrote:
> Hello everyone!
> 
> I'm relative new using OpenBSD, I have just 4 years using this OS for dhcp
> servers.
> Today I have the mission of implement this OS in a cablemodem headend, in
> my first try I get negative results with this rules:
> 
> *pass all flags S/SA*
> 
> *#LAN*
> *match out log on bge0 inet from 192.168.254.0/24 
> to any nat-to 200.91.35.55*
> *pass on bge0 inet from 192.168.254.0/24  to any
> flags S/SA*
> *#CPE Network*
> *match out on bge0 inet from 172.21.0.0/19  to any
> nat-to 200.91.35.55*
> *pass on bge0 inet from 172.21.0.0/19  to any flags
> S/SA*
> 
> This is a basic PF that I use for this try, the CPE network has 900 active
> customers.
> When I put the whole customer network traffic through my OpenBSD router the
> traffic tend to fall slowly and the LAN network is really slow too. I read
> about a lot of 'tweaks' the high performance configurations but I think
> that OpenBSD can handle 400mbps without tweaking.
> 
> I'm wrong?
> What am I doing bad?
> 
> Thank you!
> 
> 
> 
> 

-- 
James Shupe, HermeTek
developer/ engineer
BSD/ Linux support & hosting
jsh...@hermetek.com | www.hermetek.com
Office 5127922525 | Mobile 5122846350




OpenBSD-based ISP

2017-08-16 Thread Juan Guillermo Narvaez
Hello everyone!

I'm relative new using OpenBSD, I have just 4 years using this OS for dhcp
servers.
Today I have the mission of implement this OS in a cablemodem headend, in
my first try I get negative results with this rules:

*pass all flags S/SA*

*#LAN*
*match out log on bge0 inet from 192.168.254.0/24 
to any nat-to 200.91.35.55*
*pass on bge0 inet from 192.168.254.0/24  to any
flags S/SA*
*#CPE Network*
*match out on bge0 inet from 172.21.0.0/19  to any
nat-to 200.91.35.55*
*pass on bge0 inet from 172.21.0.0/19  to any flags
S/SA*

This is a basic PF that I use for this try, the CPE network has 900 active
customers.
When I put the whole customer network traffic through my OpenBSD router the
traffic tend to fall slowly and the LAN network is really slow too. I read
about a lot of 'tweaks' the high performance configurations but I think
that OpenBSD can handle 400mbps without tweaking.

I'm wrong?
What am I doing bad?

Thank you!




-- 
J. Guillermo Narvaez
@_aran0id


Using USB headsets

2017-08-16 Thread Norman Golisz
Hi,

I'm trying to figure out how to get my USB headset (Plantronics C310)
to work.

I can't hear anything, nor does the microphone work. I fiddled with
different mixerctl settings to no avail, and I'm not even sure my
headset had been detected at all, as the available options to set
don't change, while I plug or unplug the device[1].

dmesg[2] happily reports it detected and configured the device:

uaudio0 at uhub0 port 1 configuration 1 interface 0 "Plantronics Plantronics 
C310" rev 2.00/1.35 addr 2
uaudio0: audio rev 1.00, 7 mixer controls
audio1 at uaudio0
uhidev1 at uhub0 port 1 configuration 1 interface 3 "Plantronics Plantronics 
C310" rev 2.00/1.35 addr 2
uhidev1: iclass 3/0, 42 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=32, output=32, feature=0
uhid3 at uhidev1 reportid 4: input=0, output=36, feature=0
uhid4 at uhidev1 reportid 5: input=32, output=0, feature=0
uhid5 at uhidev1 reportid 6: input=0, output=36, feature=0
uhid6 at uhidev1 reportid 7: input=32, output=0, feature=0
uhid7 at uhidev1 reportid 8: input=1, output=0, feature=0
uhid8 at uhidev1 reportid 9: input=0, output=1, feature=0
uhid9 at uhidev1 reportid 20: input=1, output=0, feature=0
uhid10 at uhidev1 reportid 21: input=2, output=0, feature=0
uhid11 at uhidev1 reportid 23: input=0, output=1, feature=0
uhid12 at uhidev1 reportid 24: input=0, output=1, feature=0
uhid13 at uhidev1 reportid 25: input=0, output=1, feature=0
uhid14 at uhidev1 reportid 26: input=0, output=1, feature=0
uhid15 at uhidev1 reportid 27: input=0, output=0, feature=2
uhid16 at uhidev1 reportid 30: input=0, output=1, feature=0
uhid17 at uhidev1 reportid 31: input=1, output=0, feature=0
uhid18 at uhidev1 reportid 32: input=0, output=1, feature=0
uhid19 at uhidev1 reportid 42: input=0, output=1, feature=0

Do you have an idea what else to try? Do you have experience with
similar hardware?

Best wishes,
Norman

[1] mixerctl -v

inputs.dac-0:1=126,126
inputs.dac-2:3=126,126
record.adc-2:3_mute=off  [ off on ]
record.adc-2:3=124,124
record.adc-0:1_mute=off  [ off on ]
record.adc-0:1=124,124
inputs.mix_source=mic2,spkr2,spkr3,beep  { mic2 spkr2 spkr3 beep }
inputs.mix_mic2=120,120
inputs.mix_spkr2=120,120
inputs.mix_spkr3=120,120
inputs.mix_beep=120,120
inputs.mix2_source=dac-0:1,mix  { dac-0:1 mix }
inputs.mix3_source=dac-2:3,mix  { dac-2:3 mix }
inputs.mic=85,85
outputs.spkr_source=mix3  [ mix2 mix3 ]
outputs.spkr_mute=off  [ off on ]
outputs.spkr_eapd=on  [ off on ]
outputs.hp_source=mix2  [ mix2 mix3 ]
outputs.hp_mute=off  [ off on ]
outputs.hp_boost=off  [ off on ]
outputs.hp_eapd=on  [ off on ]
outputs.mic2_source=mix2  [ mix2 mix3 ]
outputs.mic2_mute=off  [ off on ]
inputs.mic2=85,85
outputs.mic2_dir=input-vr80  [ none output input input-vr0 input-vr50 
input-vr80 input-vr100 ]
outputs.spkr2_source=mix2  [ mix2 mix3 ]
outputs.spkr2_mute=off  [ off on ]
inputs.spkr2=85,85
outputs.spkr2_dir=output  [ none output input input-vr0 input-vr50 input-vr80 
input-vr100 ]
outputs.spkr3_source=mix2  [ mix2 mix3 ]
outputs.spkr3_mute=off  [ off on ]
inputs.spkr3=85,85
outputs.spkr3_dir=output  [ none output input input-vr0 input-vr50 input-vr80 
input-vr100 ]
record.adc-0:1_source=mic2,spkr2,spkr3,beep,mix,mic  { mic2 spkr2 spkr3 beep 
mix mic }
record.adc-2:3_source=mic2,spkr2,spkr3,beep,mix  { mic2 spkr2 spkr3 beep mix }
outputs.hp_sense=unplugged  [ unplugged plugged ]
outputs.mic2_sense=unplugged  [ unplugged plugged ]
outputs.spkr_muters=hp,mic2  { hp mic2 }
outputs.master=126,126
outputs.master.mute=off  [ off on ]
outputs.master.slaves=dac-0:1,dac-2:3,spkr,hp,spkr2,spkr3  { dac-0:1 dac-2:3 
spkr hp mic2 spkr2 spkr3 }
record.volume=124,124
record.volume.mute=off  [ off on ]
record.volume.slaves=adc-2:3,adc-0:1  { adc-2:3 adc-0:1 mic mic2 spkr2 spkr3 }

[2] dmesg

OpenBSD 6.1-current (GENERIC.MP) #93: Thu Jul  6 15:41:21 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16846462976 (16066MB)
avail mem = 16330108928 (15573MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (70 entries)
bios0: vendor LENOVO version "G1ET73WW (2.09 )" date 10/19/2012
bios0: LENOVO 2349S1P
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! 
UEFI UEFI POAT SSDT SSDT DMAR UEFI DBG2
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3) 
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3360M CPU @ 2.80GHz, 2794.07 MHz
cpu0: 

Re: relayd l7 loadbalancing

2017-08-16 Thread Mischa Peters
> On 16 Aug 2017, at 10:41, Claudio Jeker  wrote:
> On Wed, Aug 16, 2017 at 10:27:58AM +0200, Maxim Bourmistrov wrote:
>> 
>> Once connection is established, state is created in PF. Subsequent requests 
>> will be ???pipelined???.
>> It is possible to influence this behavior by manipulating tcp.established in 
>> pf.conf,
>> but I don???t think this is what you want.
>> 
> 
> This is not correct. The problem is keep-alive and the fact the once a
> backend is selected by relayd it sticks to it until the session is closed.
> This is a bug and something benno@ and I have on our radar to fix.

Great to hear! This will make relayd even more flexible. I guess your todo list 
must to long so I will wait patiently.
My C skills are non existent otherwise I would have tried to help.

> The workaround for now is to disable keep-alive this can be done by
> adding:
>   match header set "Connection" value "close"
> to your config. The solution is not ideal and will make page load times
> slower.

Will check the load times with and without, maybe it's workable for now.

Much appreciated!

Mischa



Re: Getting Dell RAID status via SNMP

2017-08-16 Thread Jibby Jeremiah
Sorry have not been checking in for a while - will definitely try the
patches suggested.
It may take a few weeks though to fit with our internal processes.

I will report back - thanks

On Sun, Jul 30, 2017 at 10:33 PM, FUKAUMI Naoki  wrote:

> Hi,
>
> From: Andrew Daugherity 
> Subject: Re: Getting Dell RAID status via SNMP
> Date: Fri, 28 Jul 2017 15:08:47 -0500
>
> >> Here is new/WIP patch to support bio(4) for mfii(4). it doesn't fix the
> >> "issue" yet, but it includes hot swap support from my patch for mfi(4)
> >>  http://marc.info/?l=openbsd-tech=149872410222552=2
> >>
> >> Could you try attached patch?
> >>
> >
> > Hi,
> >
> > Thanks for the patch, but it fails to build (also, I had to use 'patch
> -l'
> > to get it to apply at all, due to ^M line endings, etc.):
> > 
> > /usr/src/sys/dev/pci/mfii.c: In function 'mfii_makegood':
> > /usr/src/sys/dev/pci/mfii.c:3068: error: 'MR_DCMD_CFG_FOREIGN_SCAN'
> > undeclared (first use in this function)
> (snip)
>
> sorry, I forgot that my mfii(4) patch depends on updated mfireg.h in my
> mfi(4) patch. (it's not merged yet)
>
> > I got around that by copying those definitions from the FreeBSD mfi
> driver
>
> your fix is correct :), I also got definitions from FreeBSD.
> and your sysctl/bioctl/dmesg output looks good to me.
>
> > Nice work!  Sorry I don't have a card with cache (e.g. H730) to test on,
> > but I haven't hit any problems with my H330 yet.
>
> thank you for your report!
>
> Best Regards,
>
> --
> FUKAUMI Naoki
>
>


Re: relayd l7 loadbalancing

2017-08-16 Thread Claudio Jeker
On Wed, Aug 16, 2017 at 10:27:58AM +0200, Maxim Bourmistrov wrote:
> 
> Once connection is established, state is created in PF. Subsequent requests 
> will be ???pipelined???.
> It is possible to influence this behavior by manipulating tcp.established in 
> pf.conf,
> but I don???t think this is what you want.
> 

This is not correct. The problem is keep-alive and the fact the once a
backend is selected by relayd it sticks to it until the session is closed.
This is a bug and something benno@ and I have on our radar to fix.

The workaround for now is to disable keep-alive this can be done by
adding:
match header set "Connection" value "close"
to your config. The solution is not ideal and will make page load times
slower.

> > 16 aug. 2017 kl. 10:05 skrev Mischa Peters :
> > 
> > Hi All,
> > 
> > I have somewhat the following config for relayd running on 6.1.
> > And I am trying to forward certain request paths to different hosts.
> > 
> > table  { xx.xx.xx.131 }
> > table  { xx.xx.xx.31 }
> > http protocol httpsfilter {
> >   match request header remove "Proxy"
> >   match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> >   match request header append "X-Forwarded-By" value 
> > "$SERVER_ADDR:$SERVER_PORT"
> > 
> >   match response header set "Server" value "Sever"
> >   match response header set "X-Powered-By" value "Power"
> >   match response header set "X-Frame-Options" value "SAMEORIGIN"
> >   match response header set "X-Xss-Protection" value "1; mode=block"
> >   match response header set "X-Content-Type-Options" value "nosniff"
> > 
> >   match request quick path "/crm/" forward to 
> > 
> >   tcp { no splice }
> > }
> > relay host_tls {
> >   listen on $ext_addr_v4 port 443 tls
> >   listen on $ext_addr_v6 port 443 tls
> >   protocol httpsfilter
> >   forward to  port 80 check http "/" host example.com code 200
> >   forward to  port 80
> > }
> > 
> > I have tried both "match request quick path" and "match request quick url" 
> > but what I noticed is that as soon as you have visited one of the URLs that 
> > needs forwarding to a different host you end up at the  for all 
> > subsequent requests.
> > With "match request quick url" this is to be expected as it checks 
> > everything up to /.
> > 
> > For example:
> > 
> > http://example.com/ -> wwwhost
> > http://example.com/crm/ -> otherhost
> > http://exmaple.com/folder/ -> otherhost
> > 
> > Is this expected behaviour for "match request quick path" as well?
> > Is there any way to do this type of load balancing?
> > 
> > Thanx!!
> > 
> > Mischa
> > 
> 

-- 
:wq Claudio



Re: relayd l7 loadbalancing

2017-08-16 Thread Maxim Bourmistrov

Once connection is established, state is created in PF. Subsequent requests 
will be ’pipelined’.
It is possible to influence this behavior by manipulating tcp.established in 
pf.conf,
but I don’t think this is what you want.

> 16 aug. 2017 kl. 10:05 skrev Mischa Peters :
> 
> Hi All,
> 
> I have somewhat the following config for relayd running on 6.1.
> And I am trying to forward certain request paths to different hosts.
> 
> table  { xx.xx.xx.131 }
> table  { xx.xx.xx.31 }
> http protocol httpsfilter {
>   match request header remove "Proxy"
>   match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
>   match request header append "X-Forwarded-By" value 
> "$SERVER_ADDR:$SERVER_PORT"
> 
>   match response header set "Server" value "Sever"
>   match response header set "X-Powered-By" value "Power"
>   match response header set "X-Frame-Options" value "SAMEORIGIN"
>   match response header set "X-Xss-Protection" value "1; mode=block"
>   match response header set "X-Content-Type-Options" value "nosniff"
> 
>   match request quick path "/crm/" forward to 
> 
>   tcp { no splice }
> }
> relay host_tls {
>   listen on $ext_addr_v4 port 443 tls
>   listen on $ext_addr_v6 port 443 tls
>   protocol httpsfilter
>   forward to  port 80 check http "/" host example.com code 200
>   forward to  port 80
> }
> 
> I have tried both "match request quick path" and "match request quick url" 
> but what I noticed is that as soon as you have visited one of the URLs that 
> needs forwarding to a different host you end up at the  for all 
> subsequent requests.
> With "match request quick url" this is to be expected as it checks everything 
> up to /.
> 
> For example:
> 
> http://example.com/ -> wwwhost
> http://example.com/crm/ -> otherhost
> http://exmaple.com/folder/ -> otherhost
> 
> Is this expected behaviour for "match request quick path" as well?
> Is there any way to do this type of load balancing?
> 
> Thanx!!
> 
> Mischa
> 



relayd l7 loadbalancing

2017-08-16 Thread Mischa Peters
Hi All,

I have somewhat the following config for relayd running on 6.1.
And I am trying to forward certain request paths to different hosts.

table  { xx.xx.xx.131 }
table  { xx.xx.xx.31 }
http protocol httpsfilter {
   match request header remove "Proxy"
   match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
   match request header append "X-Forwarded-By" value 
"$SERVER_ADDR:$SERVER_PORT"

   match response header set "Server" value "Sever"
   match response header set "X-Powered-By" value "Power"
   match response header set "X-Frame-Options" value "SAMEORIGIN"
   match response header set "X-Xss-Protection" value "1; mode=block"
   match response header set "X-Content-Type-Options" value "nosniff"

   match request quick path "/crm/" forward to 

   tcp { no splice }
}
relay host_tls {
   listen on $ext_addr_v4 port 443 tls
   listen on $ext_addr_v6 port 443 tls
   protocol httpsfilter
   forward to  port 80 check http "/" host example.com code 200
   forward to  port 80
}

I have tried both "match request quick path" and "match request quick url" but 
what I noticed is that as soon as you have visited one of the URLs that needs 
forwarding to a different host you end up at the  for all subsequent 
requests.
With "match request quick url" this is to be expected as it checks everything 
up to /.

For example:

http://example.com/ -> wwwhost
http://example.com/crm/ -> otherhost
http://exmaple.com/folder/ -> otherhost

Is this expected behaviour for "match request quick path" as well?
Is there any way to do this type of load balancing?

Thanx!!

Mischa