-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TCP loadBalancer sourceIPs #10277
base: v2.10
Are you sure you want to change the base?
Conversation
a8c109c
to
c46c8a8
Compare
Thank you for submitting this PR. I think I understand your problem, but I wonder if the proposed solution is optimal. Perhaps it would be simpler to tackle the problem at system level? Or could we automate the process, eliminating the need for manual configuration in Traefik? Given these considerations, I've decided to put the PR into design review. At the same time, could you create an issue to facilitate a wider discussion on the problem? This will help us to explore potential solutions collaboratively. |
Unfortunately there does not seem to be a simple way in Linux to achieve this, other than specifying the source IP address, much less something that is cross-platform portable. All large-scale proxy servers that I have seen have this sort of option for precisely this reason. I'm not convinced that 'get all IPs of the specified interface' or of the server is a sensible approach as there may be complex routing setups. |
Since we haven't found a "simple" Linux solution, we've decided to accept this pull request for review in the upcoming minor version (v3.1). Would you mind shifting your PR to the master branch and performing a rebase? |
An additional option of `sourceIPs` is provided which should be a list of TCP | ||
source addresses belonging to your server to randomly use for the outbound | ||
connections if you have multiple IP addresses on an interface. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An additional option of `sourceIPs` is provided which should be a list of TCP | |
source addresses belonging to your server to randomly use for the outbound | |
connections if you have multiple IP addresses on an interface. | |
Moreover, the `sourceIPs` option enables the configuration of a list of IPs, | |
from which the source address for outbound connections will be selected. | |
Each new connection will randomly choose a source address from the specified list. |
@@ -90,15 +93,21 @@ func (p *Proxy) ServeTCP(conn WriteCloser) { | |||
} | |||
|
|||
func (p Proxy) dialBackend() (*net.TCPConn, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you add a test, similar to TestLookupAddress
, to make sure a source IP is obtained from a configured list?
What does this PR do?
In haproxy and other loadbalancers, a
source-ip
can be specified for each connection. Linux by default only uses the primary IP of a given interface, but to get > 60k simultaneous connections to a single remote IP, multiple source IPs are required. This patch should allow an optional list ofsourceIPs
to be specified for outbound TCP connections and will use one at random if so.I have not fully tested this patch yet, but it compiles and parses correctly and seems relatively harmless.
Motivation
We want to use traefik to handle a large number of long-lived TCP connections.
More
Additional Notes
I'm guessing this may need to be implemented elsewhere, however TCP streaming was sufficient for our use-case.