Page MenuHomeVyOS Platform

Create additional smoketests for multiwan PBR & load-balanced configurations
Closed, ResolvedPublic

Description

There does not appear to be a dedicated smoke test for multiwan load balancing configurations, or configurations that use policy routing with incoming connections through secondary WANs . The load-balancer is a distinguishing feature for VyOS and increasing its stability would benefit users. In noticing tickets from a few years ago, breaking changes to this feature often go unnoticed and could be reduced with additional unit tests.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

ajgnet triaged this task as Normal priority.Apr 22 2022, 12:19 AM
ajgnet created this task.
ajgnet created this object in space S1 VyOS Public.
ajgnet changed Issue type from Internal change (not visible to end users) to Feature (new functionality).

I agree that having a smoketest for WLB will be great. But, there are certain limitations/considerations:

  • smoketests consists on loading configuration through cli, and then checking in the "backend" if configuration is present as expected.
  • But the problem with WLB, is that the configuration in firewall depends on the status of the WLB. So, in certain manner, it's dynamic.

For example, on a simple WLB configuration:

[email protected]# run show config comm | grep wan
set load-balancing wan interface-health eth0 nexthop '198.51.100.1'
set load-balancing wan interface-health eth1 nexthop '203.0.113.1'
set load-balancing wan rule 10 failover
set load-balancing wan rule 10 inbound-interface 'eth2'
set load-balancing wan rule 10 interface eth0 weight '100'
set load-balancing wan rule 10 interface eth1 weight '10'
set load-balancing wan rule 20 failover
set load-balancing wan rule 20 inbound-interface 'eth3'
set load-balancing wan rule 20 interface eth0 weight '10'
set load-balancing wan rule 20 interface eth1 weight '100'

We have next mangle rules, which differs depending on WLB status:

#### When Both interfaces on WLB are active
[email protected]# sudo nft list table ip mangle
table ip mangle {
	chain WANLOADBALANCE_PRE {
		iifname "eth2" ct state new counter packets 28 bytes 2528 jump ISP_eth0
		iifname "eth2" counter packets 0 bytes 0 meta mark set ct mark
		iifname "eth3" ct state new counter packets 24 bytes 2192 jump ISP_eth1
		iifname "eth3" counter packets 0 bytes 0 meta mark set ct mark

### And when first one is inactive:
[email protected]# sudo nft list table ip mangle
table ip mangle {
	chain WANLOADBALANCE_PRE {
		iifname "eth2" ct state new counter packets 0 bytes 0 jump ISP_eth1
		iifname "eth2" counter packets 0 bytes 0 meta mark set ct mark
		iifname "eth3" ct state new counter packets 0 bytes 0 jump ISP_eth1
		iifname "eth3" counter packets 0 bytes 0 meta mark set ct mark
	}

### And when both are inactive:
table ip mangle {
        chain WANLOADBALANCE_PRE {
        }