Hi all,
I’ve just discovered a routing issue with HAproxy Aloha that I’d like some help with. We use a remote detection service that sends ICMP packets to our public facing VIP to check if its up or not.
Currently the behaviour of the Aloha device is to accept the icmp request through the eth1.3XX vlan interface (which is the VLAN interface of our VIP)
root@XXXX-X-1:~# tcpdump -i eth1.382 icmp -nn
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1.382, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:24:00.750681 IP 12.XXX.XXX.55 > 11.XXX.XXX.59: ICMP echo request, id 2, seq 480, length 64
16:24:01.774585 IP 12.XXX.XXX.55 > 11.XXX.XXX.59: ICMP echo request, id 2, seq 481, length 64
but to send the replies through the interface eth0 creating an asymmetric path back to the client.
root@lb23-p-1:~# tcpdump -i eth0 icmp -nn
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:27:12.232212 IP 11.XXX.XXX.59 > 12.XXX.XXX.55: ICMP echo reply, id 2, seq 667, length 64
16:27:13.256317 IP 11.XXX.XXX.59 > 12.XXX.XXX.55: ICMP echo reply, id 2, seq 668, length 64
The VLAN interface is configured to have a default gateway for returning traffic to clients
ip route default 11.XXX.XXX.57 metric 27
…but this does not seem to apply to ICMP traffic for some reason.
Can anyone explain this and potentially a workaround. Preferably one that doesn’t involve Flows as they are highly unstable in our setup.
Thanks in advance.