Page MenuHomeVyOS Platform
Create Task
Maniphest T7059

High-availability virtual-server not load balancing traffic between backend servers
Open, HighPublicBUG
Actions

Description

I have a system running 1.5-rolling-202501110007 that is acting as a load balancer across several HTTP servers, and it always sends all traffic to a single backend server unless I manually make changes via ipvsadm.

Here's the config snippet involved (under high-availability):

virtual-server http {
     address 50.106.9.46
     algorithm weighted-round-robin
     delay-loop 1
     port 8080
     protocol tcp
     real-server 172.16.0.1 {
         port 80
     }
     real-server 172.16.0.2 {
         port 80
     }
     real-server 172.16.1.1 {
         port 80
     }
     real-server 172.16.1.2 {
         port 80
     }
     real-server 172.31.255.1 {
         connection-timeout 5
         port 80
     }
     real-server 172.31.255.2 {
         connection-timeout 5
         port 80
     }
 }

Running a test from an external server with 256 open connections results in all connections going to the same backend:

TCP  50.106.9.46:http-alt wrr
  -> 172.16.0.1:http              Masq    1      0          0
  -> 172.16.0.2:http              Masq    1      0          0
  -> 172.16.1.1:http              Masq    1      256        0
  -> 172.16.1.2:http              Masq    1      0          0
  -> scottstuff.net:http          Masq    1      0          0
  -> scottstuff.net:http          Masq    1      0          0

The backend that gets all of the traffic varies over time, but generally a single backend ends up with all traffic. Changing the LB algorithm in VyOS doesn't seem to make any difference. I've tried RR, WRR, and a couple of the LC options.

However, manually changing the algorithm via ipvsadm and then changing it back results in traffic being balanced:

# ipvsadm -E -t 50.106.9.46:8080 -s rr
# ipvsadm -E -t 50.106.9.46:8080 -s wrr
... run test ...
TCP  50.106.9.46:http-alt wrr
  -> 172.16.0.1:http              Masq    1      42         0
  -> 172.16.0.2:http              Masq    1      43         0
  -> 172.16.1.1:http              Masq    1      43         256
  -> 172.16.1.2:http              Masq    1      42         0
  -> scottstuff.net:http          Masq    1      43         0
  -> scottstuff.net:http          Masq    1      43         0

I saw the same behavior with a nightly from July and upgraded to a current nightly, but it's still broken.

FWIW, here's most of`/run/keepalived/keepaliced.conf`:

# Autogenerated by VyOS
# Do not edit this file, all your changes will be lost
# on next commit or reboot

# Global definitions configuration block
global_defs {
    dynamic_interfaces
    script_user root
    notify_fifo /run/keepalived/keepalived_notify_fifo
    notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
}




# Virtual-server configuration
# Vserver http
virtual_server 50.106.9.46 8080 {
    delay_loop 1
    lb_algo wrr
    lb_kind NAT
    persistence_timeout 300
    protocol TCP
    real_server 172.16.0.1 80 {
        weight 1
        TCP_CHECK {
        }
    }
    real_server 172.16.0.2 80 {
        weight 1
        TCP_CHECK {
        }
    }
    real_server 172.16.1.1 80 {
        weight 1
        TCP_CHECK {
        }
    }
    real_server 172.16.1.2 80 {
        weight 1
        TCP_CHECK {
        }
    }
    real_server 172.31.255.1 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 5
        }
    }
    real_server 172.31.255.2 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 5
        }
    }
}

I should note that I have 2 additional virtual_servers defined but neither gets any traffic today so I'm omitted them from the config.

Details

Version
1.5-rolling-202501110007
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)
Forum thread
https://forum.vyos.io/t/high-availability-virtual-server-not-load-balancing-traffic/15873/1