There does not appear to be a dedicated smoke test for multiwan load balancing configurations, or configurations that use policy routing with incoming connections through secondary WANs . The load-balancer is a distinguishing feature for VyOS and increasing its stability would benefit users. In noticing tickets from a few years ago, breaking changes to this feature often go unnoticed and could be reduced with additional unit tests.
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Feature (new functionality)
Event Timeline
Comment Actions
I agree that having a smoketest for WLB will be great. But, there are certain limitations/considerations:
- smoketests consists on loading configuration through cli, and then checking in the "backend" if configuration is present as expected.
- But the problem with WLB, is that the configuration in firewall depends on the status of the WLB. So, in certain manner, it's dynamic.
For example, on a simple WLB configuration:
vyos@vyos# run show config comm | grep wan set load-balancing wan interface-health eth0 nexthop '198.51.100.1' set load-balancing wan interface-health eth1 nexthop '203.0.113.1' set load-balancing wan rule 10 failover set load-balancing wan rule 10 inbound-interface 'eth2' set load-balancing wan rule 10 interface eth0 weight '100' set load-balancing wan rule 10 interface eth1 weight '10' set load-balancing wan rule 20 failover set load-balancing wan rule 20 inbound-interface 'eth3' set load-balancing wan rule 20 interface eth0 weight '10' set load-balancing wan rule 20 interface eth1 weight '100'
We have next mangle rules, which differs depending on WLB status:
#### When Both interfaces on WLB are active vyos@vyos# sudo nft list table ip mangle table ip mangle { chain WANLOADBALANCE_PRE { iifname "eth2" ct state new counter packets 28 bytes 2528 jump ISP_eth0 iifname "eth2" counter packets 0 bytes 0 meta mark set ct mark iifname "eth3" ct state new counter packets 24 bytes 2192 jump ISP_eth1 iifname "eth3" counter packets 0 bytes 0 meta mark set ct mark ### And when first one is inactive: vyos@vyos# sudo nft list table ip mangle table ip mangle { chain WANLOADBALANCE_PRE { iifname "eth2" ct state new counter packets 0 bytes 0 jump ISP_eth1 iifname "eth2" counter packets 0 bytes 0 meta mark set ct mark iifname "eth3" ct state new counter packets 0 bytes 0 jump ISP_eth1 iifname "eth3" counter packets 0 bytes 0 meta mark set ct mark } ### And when both are inactive: table ip mangle { chain WANLOADBALANCE_PRE { }