bugzilla-daemon at netfilter.org
2018-Apr-24 08:40 UTC
[Bug 1248] New: The rr-load-balance part doesn't actually work on 0.7
https://bugzilla.netfilter.org/show_bug.cgi?id=1248 Bug ID: 1248 Summary: The rr-load-balance part doesn't actually work on 0.7 Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: ian.kumlien at gmail.com This might be known, 0.7 is old - but if it isn't then... ;) I added two rules like this in table nat, chain prerouting (with a hook): iifname $ext_if ip saddr $external_dns_servers tcp dport $external_dns_ports dnat to numgen inc mod 3 map { 0: 10.0.0.2, 1: 10.0.0.3, 2: 10.0.0.4 } iifname $ext_if ip saddr $external_dns_servers udp dport $external_dns_ports dnat to numgen inc mod 3 map { 0: 10.0.0.2, 1: 10.0.0.3, 2: 10.0.0.4 } And they do work, kinda. The idea is to have external slave DNS servers that are seeded from internal DNS servers - the seed is pushed out and AXFR requests would be handled by these rules. With UDP, when running 4 requests in parallel (tmux, 4 slave servers, do a lookup) some get the response quickly, but usual delays is 5 -15 seconds - and 1-2 machines gets a connection timeout. Switching to TCP doesn't help - well, you get connection denied instead of timeout. Never tried with the jhash, I wanted some kind of easy reliability setup.. I've since switched to using nginx as a dns loadbalancer =) (Fedora is still on 0.7 - i filed a ticket so they say that they will push 8.3 but..) -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180424/9d84bad4/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 11:06 UTC
[Bug 1248] The rr-load-balance part doesn't actually work on 0.7
https://bugzilla.netfilter.org/show_bug.cgi?id=1248 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fw at strlen.de --- Comment #1 from Florian Westphal <fw at strlen.de> --- (In reply to Ian Kumlien from comment #0)> iifname $ext_if ip saddr $external_dns_servers tcp dport $external_dns_ports > dnat to numgen inc mod 3 map { 0: 10.0.0.2, 1: 10.0.0.3, 2: 10.0.0.4 } >Does this still cause a problem for you? There was a bug wrt. set lookups on big-endian machines, what architecture are you using? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/4eea76d8/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 12:18 UTC
[Bug 1248] The rr-load-balance part doesn't actually work on 0.7
https://bugzilla.netfilter.org/show_bug.cgi?id=1248 --- Comment #2 from Ian Kumlien <ian.kumlien at gmail.com> --- I haven't tested it since, since it didn't actually work ;) This was tested on intel machines, so all little-endian -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/71aa8712/attachment.html>
Possibly Parallel Threads
- [Bug 1145] New: nft 0.7: expression.c:966: range_expr_value_low: Assertion '0' failed.
- [Bug 1253] New: interface wildcard in variables causes Error: Byteorder mismatch: expected big endian, got host endian
- [Bug 1238] New: meta limits protocols when it shouldn't
- [ANNOUNCE] nftables 0.7 release
- [ANNOUNCE] libnftnl 1.0.7 release