Add TCP loadBalancer sourceIPs #10277
Conversation
mzealey
force-pushed
the
mz/tcp-source-ip
branch
from
a8c109c
to
c46c8a8
Compare
|
Thank you for submitting this PR. I think I understand your problem, but I wonder if the proposed solution is optimal. Perhaps it would be simpler to tackle the problem at system level? Or could we automate the process, eliminating the need for manual configuration in Traefik? Given these considerations, I've decided to put the PR into design review. At the same time, could you create an issue to facilitate a wider discussion on the problem? This will help us to explore potential solutions collaboratively. |
juliens
added
status/1-needs-design-review
area/service
and removed
status/0-needs-triage
labels
|
Unfortunately there does not seem to be a simple way in Linux to achieve this, other than specifying the source IP address, much less something that is cross-platform portable. All large-scale proxy servers that I have seen have this sort of option for precisely this reason. I'm not convinced that 'get all IPs of the specified interface' or of the server is a sensible approach as there may be complex routing setups. |
|
Since we haven't found a "simple" Linux solution, we've decided to accept this pull request for review in the upcoming minor version (v3.1). Would you mind shifting your PR to the master branch and performing a rebase? |
| An additional option of `sourceIPs` is provided which should be a list of TCP | ||
| source addresses belonging to your server to randomly use for the outbound | ||
| connections if you have multiple IP addresses on an interface. |
There was a problem hiding this comment.
| An additional option of `sourceIPs` is provided which should be a list of TCP | |
| source addresses belonging to your server to randomly use for the outbound | |
| connections if you have multiple IP addresses on an interface. | |
| Moreover, the `sourceIPs` option enables the configuration of a list of IPs, | |
| from which the source address for outbound connections will be selected. | |
| Each new connection will randomly choose a source address from the specified list. |
| @@ -90,15 +93,21 @@ func (p *Proxy) ServeTCP(conn WriteCloser) { | |||
| } | |||
|
|
|||
| func (p Proxy) dialBackend() (*net.TCPConn, error) { | |||
There was a problem hiding this comment.
Could you add a test, similar to TestLookupAddress, to make sure a source IP is obtained from a configured list?
What does this PR do?
In haproxy and other loadbalancers, a
source-ipcan be specified for each connection. Linux by default only uses the primary IP of a given interface, but to get > 60k simultaneous connections to a single remote IP, multiple source IPs are required. This patch should allow an optional list ofsourceIPsto be specified for outbound TCP connections and will use one at random if so.I have not fully tested this patch yet, but it compiles and parses correctly and seems relatively harmless.
Motivation
We want to use traefik to handle a large number of long-lived TCP connections.
More
Additional Notes
I'm guessing this may need to be implemented elsewhere, however TCP streaming was sufficient for our use-case.