Requested from the forum
- Currently, it is impossible to balance/bind several ports to the same virtual server (if not use fwmark)
Marking is unsuitable in some cases and does not allow flexible virtual-server ---> real-server port matching.
Example of current configuration:
set high-availability virtual-server 203.0.113.1 algorithm 'source-hashing' set high-availability virtual-server 203.0.113.1 port '8080' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '8081' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.12 port '8082'
So if we need to balance also and port 8888 it will overwrite the current port 8080
The proposed change is to set the virtual-server as <tag> and use address to set the address explicit
Proposed new CLI
set high-availability virtual-server my_first_server address 203.0.113.1 set high-availability virtual-server my_first_server port 8080 set high-availability virtual-server my_first_server real-server 192.0.2.11 port '8881' set high-availability virtual-server my_first_server real-server 192.0.2.12 port '8882' set high-availability virtual-server my_second_server address 203.0.113.1 set high-availability virtual-server my_second_server port 8888 set high-availability virtual-server my_second_server real-server 192.0.2.111 port '8883' set high-availability virtual-server my_second_server real-server 192.0.2.112 port '8883'
Expected keepalived configuration:
# Virtual-server configuration
# Vserver my_first_server
virtual_server 203.0.113.1 8080 {
delay_loop 10
lb_algo sh
lb_kind NAT
persistence_timeout 300
protocol TCP
real_server 192.0.2.11 8881 {
weight 1
TCP_CHECK {
}
}
real_server 192.0.2.12 8882 {
weight 1
TCP_CHECK {
}
}
}
# Vserver my_second_server
virtual_server 203.0.113.1 8888 {
delay_loop 10
lb_algo sh
lb_kind NAT
persistence_timeout 300
protocol TCP
real_server 192.0.2.111 8883 {
weight 1
TCP_CHECK {
}
}
real_server 192.0.2.112 8883 {
weight 1
TCP_CHECK {
}
}
}- Virtual-server port should be optional. If we don't set the virtual-server port we don't expect ports and for real-server