upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-05 00:59:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
haproxy/doc
History
KOVACS Krisztian b3e54fe387 MAJOR: namespace: add Linux network namespace support 
This patch makes it possible to create binds and servers in separate
namespaces.  This can be used to proxy between multiple completely independent
virtual networks (with possibly overlapping IP addresses) and a
non-namespace-aware proxy implementation that supports the proxy protocol (v2).

The setup is something like this:

net1 on VLAN 1 (namespace 1) -\
net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0)
net3 on VLAN 3 (namespace 3) -/

The proxy is configured to make server connections through haproxy and sending
the expected source/target addresses to haproxy using the proxy protocol.

The network namespace setup on the haproxy node is something like this:

= 8< =
$ cat setup.sh
ip netns add 1
ip link add link eth1 type vlan id 1
ip link set eth1.1 netns 1
ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1
ip netns exec 1 ip link set eth1.$id up
...
= 8< =

= 8< =
$ cat haproxy.cfg
frontend clients
  bind 127.0.0.1:50022 namespace 1 transparent
  default_backend scb

backend server
  mode tcp
  server server1 192.168.122.4:2222 namespace 2 send-proxy-v2
= 8< =

A bind line creates the listener in the specified namespace, and connections
originating from that listener also have their network namespace set to
that of the listener.

A server line either forces the connection to be made in a specified
namespace or may use the namespace from the client-side connection if that
was set.

For more documentation please read the documentation included in the patch
itself.

Signed-off-by: KOVACS Tamas <ktamas@balabit.com>
Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com>
Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-21 07:51:57 +01:00
..
design-thoughts DOC: commit a few old design thoughts files 2014-06-19 21:02:32 +02:00
internals BUG/MAJOR: http: correctly rewind the request body after start of forwarding 2014-07-10 19:29:45 +02:00
acl.fig [DOC] add diagrams of queuing and future ACL design 2009-02-22 16:46:38 +01:00
architecture.txt MINOR: patch for minor typo (ressources/resources) 2012-03-21 07:54:41 +01:00
close-options.txt [DOC] add a few old and uncommitted docs 2011-09-05 01:04:44 +02:00
coding-style.txt DOC: add a coding-style file 2011-12-30 17:33:27 +01:00
configuration.txt MINOR: ssl: add statement to force some ssl options in global. 2014-10-30 17:06:29 +01:00
cookie-options.txt [DOC] add a few old and uncommitted docs 2011-09-05 01:04:44 +02:00
gpl.txt [LICENSE] licensing clarifications 2006-06-15 21:48:13 +02:00
haproxy-en.txt MEDIUM: New cli option -Ds for systemd compatibility 2013-02-13 10:47:49 +01:00
haproxy-fr.txt MEDIUM: New cli option -Ds for systemd compatibility 2013-02-13 10:47:49 +01:00
haproxy.1 DOC: fix a few config typos. 2014-04-14 14:03:08 +02:00
lgpl.txt [LICENSE] licensing clarifications 2006-06-15 21:48:13 +02:00
network-namespaces.txt MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
proxy-protocol.txt DOC: mention that Squid correctly responds 400 to PPv2 header 2014-07-12 17:31:07 +02:00
queuing.fig [DOC] add diagrams of queuing and future ACL design 2009-02-22 16:46:38 +01:00