Open
Conversation
Add BalancerConfig, LbAlgorithm, LbProtocol, and SessionAffinity types for configuring L4 load balancers on routers. The balancer creates a VIP on the router's downstream bridge and generates nftables DNAT rules that distribute connections across backend devices using numgen (matching kube-proxy nftables mode). The implementation is self-contained in balancer.rs with split impl blocks on Router and RouterBuilder. External glue is limited to a balancers field on RouterData (core.rs), a setup hook (wiring.rs), and module registration (lib.rs). Includes integration tests for round-robin distribution, backend add/remove, and UDP balancing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix the UDP echo server closures to avoid returning Result from fire-and-forget spawn calls, and remove an unused intermediate VIP variable. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add meta l4proto prefix to DNAT rules so nftables has transport protocol context for the inet_service (port) mapping. Add a postrouting masquerade chain with ct status dnat to handle same-subnet backends where the response would otherwise bypass conntrack and miss the reverse DNAT. Also fix test compilation issues and adjust unit test assertions for the updated rule format. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CI environments may not have the conntrack binary installed. The flush is a performance optimization, not a correctness requirement. Log and continue instead of returning an error. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Frando
force-pushed
the
feat/load-balancer
branch
from
39c06eb to
7990829
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds L4 load balancing to routers using nftables DNAT, matching kube-proxy nftables mode behavior. A balancer creates a virtual IP on a router that distributes incoming connections across backend devices using round-robin or random selection.
The implementation lives in a self-contained
balancer.rsmodule (~500 LOC) following the split-impl pattern. Router and RouterBuilder methods are defined inside balancer.rs via split impl blocks. The glue outside the module is ~10 lines total: one field on RouterData, one setup call in wiring.rs, and re-exports in lib.rs.Under the hood, each balancer generates a
table ip lbwith per-balancer chains usingnumgen inc mod N(round-robin) ornumgen random mod N(random). Session affinity uses nftables dynamic maps with configurable timeouts. A postrouting masquerade rule handles same-subnet return traffic so backends reply through the router's conntrack rather than directly to the client at L2.Supports TCP, UDP, and both. Conntrack flush is best-effort (works when
conntrackbinary is available, silently skips otherwise). 7 tests cover round-robin distribution, backend add/remove, and UDP balancing.