Allow multiple ports for high-availability virtual-server
Request from the forum
The current implementation allows using only one "virtual" port and several real servers ports
set high-availability virtual-server 203.0.113.1 port '8888' set high-availability virtual-server 203.0.113.1 protocol 'tcp' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '80' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.12 port '80'
The syntax can be with rules:
set high-availability virtual-server 203.0.113.1 rule 10 port '8280' set high-availability virtual-server 203.0.113.1 rule 10 protocol 'tcp' set high-availability virtual-server 203.0.113.1 rule 10 real-server 192.0.2.11 port '80' set high-availability virtual-server 203.0.113.1 rule 10 real-server 192.0.2.12 port '80' set high-availability virtual-server 203.0.113.1 rule 20 port '443' set high-availability virtual-server 203.0.113.1 rule 20 protocol 'tcp' set high-availability virtual-server 203.0.113.1 rule 20 real-server 192.0.2.11 port '443' set high-availability virtual-server 203.0.113.1 rule 20 real-server 192.0.2.12 port '443'
keepalive config
# Virtual-server configuration virtual_server 203.0.113.1 8280 { delay_loop 10 lb_algo lc lb_kind NAT persistence_timeout 300 protocol TCP real_server 192.0.2.11 80 { weight 1 TCP_CHECK { } } real_server 192.0.2.12 80 { weight 1 TCP_CHECK { } } } virtual_server 203.0.113.1 443 { delay_loop 10 lb_algo lc lb_kind NAT persistence_timeout 300 protocol TCP real_server 192.0.2.11 443 { weight 1 TCP_CHECK { } } real_server 192.0.2.12 443 { weight 1 TCP_CHECK { } } }
Other options that can be improved:
- all ports (port 0)
- fwmark
virtual_server 1.2.3.11 0 { delay_loop 6 lb_algo wlc lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 0 protocol TCP real_server 1.2.3.5 0 { weight 1 inhibit_on_failure MISC_CHECK { misc_path /usr/local/bin/check_both_http_and_http.sh 1.2.3.5 } } } Or : virtual_server fwmark 14 { delay_loop 6 lb_algo wlc lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 0 protocol TCP real_server 1.2.3.5 0 { weight 1 inhibit_on_failure MISC_CHECK { misc_path /usr/local/bin/check_both_http_and_http.sh 1.2.3.5 } } }
For packet marking:
set policy route PR interface 'eth0' set policy route PR rule 10 destination address '203.0.113.1' set policy route PR rule 10 destination port '80,8080,443,8888' set policy route PR rule 10 protocol 'tcp' set policy route PR rule 10 set mark '111' set high-availability virtual-server 203.0.113.1 fwmark 111 set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'