Hi all,
there seem to be issues with NAT farm session handling. After one or multiple backends go down all or some clients are not able to connect anymore, even after backends come up again. Only a farm restart helps.
My config:
– RELIANOID CE version 7.6.1
– l4xnat farm, TCP, NAT, source IP persistence, farmguardian check_tcp (cut connections), multiple backends
Some things I found out:
a) /usr/share/perl5/Relianoid/Farm/L4xNAT/Backend.pm in setL4FarmBackendsSessionsRemove:
line 307: ‘if ($value eq $value_check)’ never works, e.g. “80000201” eq “201”
b) Removing sessions does not work reliably when multiple backends go down simultaneously (after quick-fixing the above line by removing 80000 from $value)
Example output from “nft list map ip nftlb persist-myfarm”:
All three backends up:
table ip nftlb {
map persist-myfarm {
type ipv4_addr : mark
size 65535
timeout 12h
elements = { 192.168.1.11 timeout 12h expires 11h59m56s208ms : 0x80000200, 192.168.1.12 timeout 12h expires 11h59m51s32ms : 0x80000201,
192.168.1.10 timeout 12h expires 11h59m54s508ms : 0x80000202 }
}
}
Shutdown backends 201 and 202 simultaneously, the session of source IP 192.168.1.12 was not removed:
table ip nftlb {
map persist-myfarm {
type ipv4_addr : mark
size 65535
timeout 12h
elements = { 192.168.1.11 timeout 12h expires 11h59m59s412ms : 0x80000200, 192.168.1.12 timeout 12h expires 11h59m47s92ms : 0x80000201 }
}
}
Best Regards,
Stefan
Hi Stefan!
Thank you for your report, we were able to reproduce the issue. We’ll analyze it thoroughly and we’ll back to you soon with a proper solution.
Cheers.
Hi nevola,
great, thanks for looking into this!
Best Regards,
Stefan