Comments (6)
Hi @nitzan-tz,
As @UltraInstinct14 mentioned, traffic for undefined rules appears to have resulted in a loop.
If you add an IP address for 20.20.20.1 or add a rule for 20.20.20.1 with ICMP like
loxicmd create lb 20.20.20.1 --icmp --endpoints=56.56.56.1:1,57.57.57.1:1,58.58.58.1:1 --mode dsr --select hash
, then it is confirmed that the loop disappears.
Thank you very much for your opinion. Regarding undefined rules, we will consider disabling ICMP redirect in the next release.
from loxilb.
We can have a mode where loxilb can simply blackhole all untrusted traffic.If tcp rule is available, only allow that. All other streams can be blackholed.
from loxilb.
tcplbl3dsrha was a work in progress. However tcplbl3dsrha cicd scenario has been updated after this report. As you correctly pointed , ep3 was not being setup properly. And yes, there was no need to check connectivity to ep1, ep2 ep3. So, now it skips those and checks VIP connectivity directly instead. Also, some code fixes were needed to completely fix this scenario.
Request to update to latest images/scripts and give it a try !! Thanks !!
from loxilb.
Hi,
I cloned the latest branch and delete the docker image before I run the config again
root@554d7e3a98d5:/# loxicmd version
v0.9.0 2024_01_23-main-3ecac9f
I still see few issues
- Ping from the user container to the VIP receives ICMP redirect and then there is a routing loop. maybe disable ICMP redirect for the docker container will be good idea
root@554d7e3a98d5:/# tcpdump -nni vlan11 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan11, link-type EN10MB (Ethernet), capture size 262144 bytes
18:23:28.893097 IP 1.1.1.1 > 20.20.20.1: ICMP echo request, id 13, seq 1, length 64
18:23:28.893175 IP 11.11.11.2 > 1.1.1.1: ICMP redirect 20.20.20.1 to host 11.11.11.254, length 92
18:23:28.893183 IP 1.1.1.1 > 20.20.20.1: ICMP echo request, id 13, seq 1, length 64
18:23:28.893205 IP 1.1.1.1 > 20.20.20.1: ICMP echo request, id 13, seq 1, length 64
18:23:28.893225 IP 1.1.1.1 > 20.20.20.1: ICMP echo request, id 13, seq 1, length 64
18:23:28.893234 IP 1.1.1.1 > 20.20.20.1: ICMP echo request, id 13, seq 1, length 64
18:23:28.893244 IP 1.1.1.1 > 20.20.20.1: ICMP echo request, id 13, seq 1, length 64
- For application traffic there is a loop as you can see in the attached image. It looks like the loxilb doesn't pick up the packet
- On r1 you didn't enable ECMP so it has only one path adding "maximum-paths 4" solved it
4144d1e7872d# sh ip route 20.20.20.1/32
Routing entry for 20.20.20.1/32
Known via "bgp", distance 20, metric 0, best
Last update 00:00:15 ago
* 11.11.11.2, via vlan11
4144d1e7872d# conf t
4144d1e7872d(config)# router bgp 65001
4144d1e7872d(config-router)# maximum-paths 4
4144d1e7872d(config-router)# end
4144d1e7872d# sh ip route 20.20.20.1/32
Routing entry for 20.20.20.1/32
Known via "bgp", distance 20, metric 0, best
Last update 00:00:02 ago
* 11.11.11.2, via vlan11
* 11.11.11.1, via vlan11
Thanks
Nitzan
from loxilb.
By default, loxilb just serves only "VIP+ServicePort" combination. All other traffic will be ignored. So, ping to 20.20.20.1 is routed via some default route and creates the problem that you mentioned. You can add ip addr add 20.20.20.1/32 dev lo
manually to llb1 and llb2 and it should be fine.
from loxilb.
The original issue is considered fixed. Suggestion will be taken up as enhancements in future release.
from loxilb.
Related Issues (20)
- performance: loxilb starts consuming 100% CPU only after a few seconds HOT 4
- Support for docker arm builds HOT 2
- Direct host route addition cause traffic forwarding to stop working HOT 11
- Master node IP address changed to one of the Loadbalancer IP addresses after deployment HOT 1
- Issue with BFD Patch for Fast Failover: BFD Not Stable in HA Setup with loxilb HOT 2
- Configure end-point probe-time,retry values etc from kube-loxilb HOT 1
- BFD State Inconsistent [ Both shows MASTER ] at times HOT 2
- [BFD] New loxilb instance not retaining MASTER state after failover HOT 1
- Misleading libbpf FAILED logs
- Build from code and run is not working in a VM with kernel version 5.xxx-generic IF hypervisor (host) has a bigger kernel version like 6.xxx-generic HOT 16
- BPFireOS: cpumap libbpf: map 'cpu_map': failed to create: Argument list too long HOT 20
- BPFireOS: Prog section 'tc_packet_hook0' rejected: Permission denied (13)! R1 type=scalar expected=map_ptr HOT 11
- Ubuntu 22.04 libbpf: prog 'tc_packet_func_fast': BPF program load failed: Argument list too long HOT 4
- Loxilb SYNProxy support? HOT 1
- loxilb go code build error in BPFire chroot build environment HOT 1
- Support for proxy protocol v2
- Support for AWS multi-VPC/multi-AZ HOT 1
- SCTP Load Balancing on Kubernetes HOT 1
- Fullnat support pool of local IP addresses assigned to local network interface as source IP HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loxilb.