Page MenuHomeVyOS Platform

"enable-local-traffic" has no effect in load-balancing to redirect local traffic
Open, Requires assessmentPublicBUG

Description

When performing traceroutes from 1.3-rolling-202007300117 pings are round-robin'd through the 3 WAN interfaces despite rule 5 that directs packets through WAN1 by default.

Toggling "enable-local-traffic" has no effect. All traffic from the local box follows the system routes.

load-balancing {
    wan {
        enable-local-traffic
        flush-connections
        interface-health eth0 {
            nexthop dhcp
            test 0 {
                resp-time 5
                target 8.8.8.8
                ttl-limit 1
                type ping
            }
            test 1 {
                resp-time 5
                target 8.8.4.4
                ttl-limit 1
                type ping
            }
        }
        interface-health eth1 {
            nexthop dhcp
            test 0 {
                resp-time 5
                target 1.1.1.1
                ttl-limit 1
                type ping
            }
            test 1 {
                resp-time 5
                target 1.0.0.1
                ttl-limit 1
            }
        }
        interface-health eth2 {
            nexthop dhcp
            test 0 {
                resp-time 5
                target 4.2.2.2
                ttl-limit 1
                type ping
            }
            test 1 {
                resp-time 5
                target 4.2.2.1
                ttl-limit 1
            }
        }
        rule 5 {
            destination {
                address 0.0.0.0/0
            }
            inbound-interface !eth7
            failover
            interface eth0 {
                weight 10
            }
            interface eth1 {
                weight 20
            }
            interface eth2 {
                weight 30
            }
            protocol all
        }
        rule 10 {
            destination {
                address 0.0.0.0/0
            }
            inbound-interface eth7
            interface eth0 {
                weight 10
            }
            interface eth1 {
                weight 10
            }
            interface eth2 {
                weight 10
            }
            protocol all
            source {
                address 10.0.0.0/16
            }
        }
        sticky-connections {
            inbound
        }
    }
}

Details

Difficulty level
Normal (likely a few hours)
Version
1.3-rolling-202007300117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

ajgnet updated the task description. (Show Details)

Could you please provide full configuration or at least protocol section configuration?

Sure thing. Note my configuration contains some table maps that I have set up to route VPN traffic, and certain source IPs through specific interfaces. But there is no effect on the load-balancer when these sections are removed. Thank you.

protocols {
    static {
        interface-route 1.0.0.1/32 {
            next-hop-interface eth1 {
                distance 5
            }
        }
        interface-route 1.1.1.1/32 {
            next-hop-interface eth1 {
                distance 5
            }
        }
        interface-route 4.2.2.1/32 {
            next-hop-interface eth2 {
                distance 5
            }
        }
        interface-route 4.2.2.2/32 {
            next-hop-interface eth2 {
                distance 5
            }
        }
        interface-route 8.8.4.4/32 {
            next-hop-interface eth0 {
                distance 5
            }
        }
        interface-route 8.8.8.8/32 {
            next-hop-interface eth0 {
                distance 5
            }
        }
        table 1 {
            interface-route 0.0.0.0/0 {
                next-hop-interface vtun0 {
                }
            }
        }
        table 2 {
            interface-route 0.0.0.0/0 {
                next-hop-interface eth0 {
                }
            }
        }
        table 3 {
            interface-route 0.0.0.0/0 {
                next-hop-interface eth1 {
                }
            }
        }
        table 4 {
            interface-route 0.0.0.0/0 {
                next-hop-interface eth2 {
                }
            }
        }
    }
}

policy {
    route src-route {
        rule 10 {
            destination {
                address 0.0.0.0/0
            }
            protocol all
            set {
                table 1
            }
            source {
                address 10.0.128.115/32
            }
        }
    }
}


Workaround

set protocols static table 100 interface-route 0.0.0.0/0 next-hop-interface eth0
set protocols static table 102 interface-route 0.0.0.0/0 next-hop-interface eth2

And script

#!/usr/bin/env bash

my_eth0_ip=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)
my_eth2_ip=$(ip addr show eth2 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)

ip rule add from $my_eth0_ip lookup 100
ip rule add from $my_eth2_ip lookup 102

+1 for T439 and T2196

I can confirm this bug is still present in the latest 1.3-rolling-202101 snapshot as well as the latest stable release. (1.2.6-S1)

i have additional notes about this in the following forum post: wan-load-balance-failover-trouble-with-dhcp

Viacheslav added a subscriber: ronie.