Page MenuHomeVyOS Platform
Create Task
Maniphest T2747

"enable-local-traffic" has no effect in load-balancing to redirect local traffic
Closed, WontfixPublicBUG
Actions

Description

When performing traceroutes from 1.3-rolling-202007300117 pings are round-robin'd through the 3 WAN interfaces despite rule 5 that directs packets through WAN1 by default.

Toggling "enable-local-traffic" has no effect. All traffic from the local box follows the system routes.

load-balancing {
    wan {
        enable-local-traffic
        flush-connections
        interface-health eth0 {
            nexthop dhcp
            test 0 {
                resp-time 5
                target 8.8.8.8
                ttl-limit 1
                type ping
            }
            test 1 {
                resp-time 5
                target 8.8.4.4
                ttl-limit 1
                type ping
            }
        }
        interface-health eth1 {
            nexthop dhcp
            test 0 {
                resp-time 5
                target 1.1.1.1
                ttl-limit 1
                type ping
            }
            test 1 {
                resp-time 5
                target 1.0.0.1
                ttl-limit 1
            }
        }
        interface-health eth2 {
            nexthop dhcp
            test 0 {
                resp-time 5
                target 4.2.2.2
                ttl-limit 1
                type ping
            }
            test 1 {
                resp-time 5
                target 4.2.2.1
                ttl-limit 1
            }
        }
        rule 5 {
            destination {
                address 0.0.0.0/0
            }
            inbound-interface !eth7
            failover
            interface eth0 {
                weight 10
            }
            interface eth1 {
                weight 20
            }
            interface eth2 {
                weight 30
            }
            protocol all
        }
        rule 10 {
            destination {
                address 0.0.0.0/0
            }
            inbound-interface eth7
            interface eth0 {
                weight 10
            }
            interface eth1 {
                weight 10
            }
            interface eth2 {
                weight 10
            }
            protocol all
            source {
                address 10.0.0.0/16
            }
        }
        sticky-connections {
            inbound
        }
    }
}

Details

Difficulty level
Normal (likely a few hours)
Version
1.3-rolling-202007300117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

ajgnet created this task.Jul 30 2020, 11:52 PM
ajgnet updated the task description. (Show Details)
pasik added a subscriber: pasik.Jul 31 2020, 7:45 AM
zsdc assigned this task to Unknown Object (User).Jul 31 2020, 12:23 PM
Unknown Object (User) added a comment.Aug 7 2020, 3:57 PM

Could you please provide full configuration or at least protocol section configuration?

jack9603301 added a subscriber: jack9603301.Aug 7 2020, 4:04 PM
ajgnet added a comment.EditedAug 7 2020, 4:08 PM

Sure thing. Note my configuration contains some table maps that I have set up to route VPN traffic, and certain source IPs through specific interfaces. But there is no effect on the load-balancer when these sections are removed. Thank you.

protocols {
    static {
        interface-route 1.0.0.1/32 {
            next-hop-interface eth1 {
                distance 5
            }
        }
        interface-route 1.1.1.1/32 {
            next-hop-interface eth1 {
                distance 5
            }
        }
        interface-route 4.2.2.1/32 {
            next-hop-interface eth2 {
                distance 5
            }
        }
        interface-route 4.2.2.2/32 {
            next-hop-interface eth2 {
                distance 5
            }
        }
        interface-route 8.8.4.4/32 {
            next-hop-interface eth0 {
                distance 5
            }
        }
        interface-route 8.8.8.8/32 {
            next-hop-interface eth0 {
                distance 5
            }
        }
        table 1 {
            interface-route 0.0.0.0/0 {
                next-hop-interface vtun0 {
                }
            }
        }
        table 2 {
            interface-route 0.0.0.0/0 {
                next-hop-interface eth0 {
                }
            }
        }
        table 3 {
            interface-route 0.0.0.0/0 {
                next-hop-interface eth1 {
                }
            }
        }
        table 4 {
            interface-route 0.0.0.0/0 {
                next-hop-interface eth2 {
                }
            }
        }
    }
}

policy {
    route src-route {
        rule 10 {
            destination {
                address 0.0.0.0/0
            }
            protocol all
            set {
                table 1
            }
            source {
                address 10.0.128.115/32
            }
        }
    }
}
Viacheslav added a subscriber: Viacheslav.Aug 10 2020, 8:37 AM

la_map.png (684×561 px, 38 KB)

Workaround

set protocols static table 100 interface-route 0.0.0.0/0 next-hop-interface eth0
set protocols static table 102 interface-route 0.0.0.0/0 next-hop-interface eth2

And script

#!/usr/bin/env bash

my_eth0_ip=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)
my_eth2_ip=$(ip addr show eth2 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)

ip rule add from $my_eth0_ip lookup 100
ip rule add from $my_eth2_ip lookup 102

+1 for T439 and T2196

Viacheslav mentioned this in T2760: In a load-balanced multi-wan configuration with DHCP assigned addresses, IPsec "dhcp-interface" does not work.Aug 10 2020, 8:42 AM
Viacheslav mentioned this in T375: WAN failover, not to balance the load.Aug 13 2020, 12:43 PM
SrividyaA added a subscriber: SrividyaA.Aug 21 2020, 9:24 PM
masterit added a subscriber: masterit.Feb 24 2021, 10:31 PM

I can confirm this bug is still present in the latest 1.3-rolling-202101 snapshot as well as the latest stable release. (1.2.6-S1)

i have additional notes about this in the following forum post: wan-load-balance-failover-trouble-with-dhcp

Viacheslav removed Unknown Object (User) as the assignee of this task.Feb 26 2021, 9:05 PM
Viacheslav added a subscriber: Unknown Object (User).
dmbaturin added a project: test.Jul 29 2021, 12:51 PM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 1:40 PM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.Sep 5 2021, 7:06 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa1).Nov 1 2021, 10:09 PM
masterit mentioned this in T4443: Wan Load Balancing Multiple Regressions.May 25 2022, 11:27 PM
marc_s added a subscriber: marc_s.Jun 28 2022, 8:34 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM
Harliff added a subscriber: Harliff.Apr 2 2023, 4:08 PM
Harliff added a comment.Apr 2 2023, 4:10 PM

I can confirm this bug in rolling 1.3-2023-03-30.

syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:41 PM
JeffWDH added a subscriber: JeffWDH.Jul 20 2023, 11:41 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:30 PM
Harliff added a comment.Dec 8 2023, 1:44 PM

I've just tested the "protocols failover" function in the 1.4-rolling-202311021324 - it works well!

Maybe the team should get rid of the "load-balancing wan enable-local-traffic" function in the 1.4/1.5 branches?

syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:37 PM
dmbaturin triaged this task as High priority.Jan 9 2024, 7:56 PM
dmbaturin edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.6).
KaydenD added a subscriber: KaydenD.Feb 2 2024, 6:18 PM
dmbaturin added a project: Restricted Project.Feb 15 2024, 11:32 AM
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.0-epa1); removed VyOS 1.4 Sagitta.Feb 15 2024, 3:03 PM
Viacheslav added a comment.Feb 16 2024, 4:25 PM

enable-local-traffic just writes several old iptables rules https://github.com/vyos/vyatta-wanloadbalance/blob/961a2e8862280d2ce5500626cdee8a1adaa67ab2/src/lbdecision.cc#L124-L130
Propose to close task as "wontfix" due to the old backend and C implementation.
The correct behavior should be implemented for the protocols failover route feature.
I also propose to close all load-balancing wan tasks as wontfix for the same reason.
The task for dynamic interface T5647

dmbaturin edited projects, added VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project.Fri, Apr 12, 3:08 PM
Viacheslav closed this task as Wontfix.Wed, Apr 24, 12:13 PM
Viacheslav claimed this task.

Close it as wontfix due to legacy backend.