Page MenuHomeVyOS Platform
Create Task
Maniphest T4387

Create additional smoketests for multiwan PBR & load-balanced configurations
Closed, ResolvedPublic
Actions

Description

There does not appear to be a dedicated smoke test for multiwan load balancing configurations, or configurations that use policy routing with incoming connections through secondary WANs . The load-balancer is a distinguishing feature for VyOS and increasing its stability would benefit users. In noticing tickets from a few years ago, breaking changes to this feature often go unnoticed and could be reduced with additional unit tests.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

ajgnet triaged this task as Normal priority.Apr 22 2022, 12:19 AM
ajgnet created this task.
ajgnet created this object in space S1 VyOS Public.
ajgnet changed Issue type from Internal change (not visible to end users) to Feature (new functionality).
pasik added a subscriber: pasik.Apr 22 2022, 7:57 AM
n.fort added a subscriber: n.fort.EditedMay 15 2022, 3:01 PM

I agree that having a smoketest for WLB will be great. But, there are certain limitations/considerations:

  • smoketests consists on loading configuration through cli, and then checking in the "backend" if configuration is present as expected.
  • But the problem with WLB, is that the configuration in firewall depends on the status of the WLB. So, in certain manner, it's dynamic.

For example, on a simple WLB configuration:

vyos@vyos# run show config comm | grep wan
set load-balancing wan interface-health eth0 nexthop '198.51.100.1'
set load-balancing wan interface-health eth1 nexthop '203.0.113.1'
set load-balancing wan rule 10 failover
set load-balancing wan rule 10 inbound-interface 'eth2'
set load-balancing wan rule 10 interface eth0 weight '100'
set load-balancing wan rule 10 interface eth1 weight '10'
set load-balancing wan rule 20 failover
set load-balancing wan rule 20 inbound-interface 'eth3'
set load-balancing wan rule 20 interface eth0 weight '10'
set load-balancing wan rule 20 interface eth1 weight '100'

We have next mangle rules, which differs depending on WLB status:

#### When Both interfaces on WLB are active
vyos@vyos# sudo nft list table ip mangle
table ip mangle {
	chain WANLOADBALANCE_PRE {
		iifname "eth2" ct state new counter packets 28 bytes 2528 jump ISP_eth0
		iifname "eth2" counter packets 0 bytes 0 meta mark set ct mark
		iifname "eth3" ct state new counter packets 24 bytes 2192 jump ISP_eth1
		iifname "eth3" counter packets 0 bytes 0 meta mark set ct mark

### And when first one is inactive:
vyos@vyos# sudo nft list table ip mangle
table ip mangle {
	chain WANLOADBALANCE_PRE {
		iifname "eth2" ct state new counter packets 0 bytes 0 jump ISP_eth1
		iifname "eth2" counter packets 0 bytes 0 meta mark set ct mark
		iifname "eth3" ct state new counter packets 0 bytes 0 jump ISP_eth1
		iifname "eth3" counter packets 0 bytes 0 meta mark set ct mark
	}

### And when both are inactive:
table ip mangle {
        chain WANLOADBALANCE_PRE {
        }
Viacheslav added a project: VyOS 1.3 Equuleus (1.3.0).May 28 2022, 5:14 AM
Viacheslav added a subscriber: Viacheslav.May 28 2022, 11:05 AM

PR https://github.com/vyos/vyos-1x/pull/1338

Viacheslav added a comment.EditedJun 2 2022, 10:09 AM

PR for the current https://github.com/vyos/vyos-1x/pull/1346

n.fort added a comment.Jun 5 2022, 8:12 PM

Added more options. PR https://github.com/vyos/vyos-1x/pull/1350

syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:04 AM
c-po closed this task as Resolved.Jan 21 2023, 8:34 PM
c-po removed a project: VyOS 1.3 Equuleus (1.3.3).