From owner-freebsd-stable@freebsd.org Tue Jan 15 14:48:47 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3389A148CDCE for ; Tue, 15 Jan 2019 14:48:47 +0000 (UTC) (envelope-from matt.garber@gmail.com) Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BB0808A2A4 for ; Tue, 15 Jan 2019 14:48:45 +0000 (UTC) (envelope-from matt.garber@gmail.com) Received: by mail-qk1-x72a.google.com with SMTP id y78so1640120qka.12 for ; Tue, 15 Jan 2019 06:48:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UYfyeYbPmZUaCejC2612Qww+Qrwt/p0rfD+Mzr8A+78=; b=nw7nO/UAee4mHL0+uXEookkE6inBR9YU7BGpNTFbvd5rVy+yA/3TQj5+H3dGoVs6l3 mtN2Ux4bhvzYBt3iR5Ihm0+4Ia/F5+w5vLHDUKKfXlHToBNt8IJU87YTEVaINZaPEOh5 pYlit5HUUH8g64wbOzEBTiOFTq70umXYuBH6dtx6q8LGxV8Y1v1ZZHsPRDIb2C2ee5fw JZ32SUMS7hF6esn7IRcP2AQnxuhY15a8japACd9jJVkmDZOwcVkgUBSjea5M/yyWsan5 V3jTtWr4qBhAYENLf+LMOVl5Hx8DereqxN4L/doLbG0ofxoVV+q8ThDdLfIKHru/7zjI EOhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UYfyeYbPmZUaCejC2612Qww+Qrwt/p0rfD+Mzr8A+78=; b=dED+pu5Eo+vuLL5kkJeY4lzX4DuNuyeflXEip6JsnSOemNGgfaw0gDUxbNg9L0uU99 Zcqxwe0aO4WezldwzxG4DuB1O2uNiC6macDu0EFirBOV0x7rQk85N8KCwFSYuw9EyG67 jn4CPLzPp8uK9FHi30sT2gW0VNblRVYNgh7fwJpm9kVAlsGDfbXvpng5Hjdr2YtLPf2U Hu8x/7JCqwo5D5QnSvhXY9vDw7Um6NgWlE6Y16ux3cr8aH5h73JA3gSFxyvK0Z8HEv+l WXYQFQGTBwISB32IcYPwzJpu4+YtiWVY0tfjYUPDO/JkrLjaIFmwyOssZFmDgN4uotpW pH8Q== X-Gm-Message-State: AJcUuket0PDMQxzQR94ZISTkuYgyKImNDMaak9sMLrNs1vhAs68vExTI +7oL9pBsmxICxraMEsYGpxmgeIMv X-Google-Smtp-Source: ALg8bN7yx2ymHQkf20W3soTIJxwtxLZV48gvPbU79dr697ZK7zGDmjaxv39pGawOrYvnClGkjkhKYg== X-Received: by 2002:a37:96c2:: with SMTP id y185mr2814343qkd.239.1547563725144; Tue, 15 Jan 2019 06:48:45 -0800 (PST) Received: from ?IPv6:2603:3007:701:f200:963:1719:6e82:ea40? ([2603:3007:701:f200:963:1719:6e82:ea40]) by smtp.gmail.com with ESMTPSA id b20sm58481668qkb.17.2019.01.15.06.48.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jan 2019 06:48:44 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: Any suggestions for a layer 3 load ablancer for 12, as relayd doesnt work anymore From: Matt Garber In-Reply-To: Date: Tue, 15 Jan 2019 09:48:43 -0500 Cc: freebsd-stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <0EAFBB2F-859A-4B3D-9CF4-F4343A97285D@gmail.com> References: <1547491459.1113392.1634330440.3BE6B9CF@webmail.messagingengine.com> <3CD6B22B-B35C-4B9C-BDBA-D2E928435F91@exonetric.com> To: Pete French X-Mailer: Apple Mail (2.3445.102.3) X-Rspamd-Queue-Id: BB0808A2A4 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=nw7nO/UA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of mattgarber@gmail.com designates 2607:f8b0:4864:20::72a as permitted sender) smtp.mailfrom=mattgarber@gmail.com X-Spamd-Result: default: False [-6.22 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.99)[-0.994,0]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-2.71)[ip: (-9.35), ipnet: 2607:f8b0::/32(-2.35), asn: 15169(-1.78), country: US(-0.08)]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[a.2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2019 14:48:47 -0000 > On Jan 15, 2019, at 9:43 AM, Pete French = wrote: >=20 > Thanks for the suggestions - unfortunately both of those (unless I > misread them) terminate the TCP connection and make a new one to > the backends. I was after something where I can see the original IP > address on the socket. Though I could put a procy in front and add > the headers I suppse, but thats a biut more work as it involves = changing > the code. >=20 > Interested in the apache traffic manager - I hadnt come across that > one before, tahnks, Pete, For what it=E2=80=99s worth, HAProxy has the PROXY protocol for exactly = the scenario you=E2=80=99re describing; I=E2=80=99ve heard it=E2=80=99s = very straightforward and powerful to use, although haven=E2=80=99t had = to use it on any of my HAProxy instances which are primarily doing L7. = https://www.haproxy.com/blog/preserve-source-ip-address-despite-reverse-pr= oxies/ Thanks, =E2=80=94 Matt Garber