Network

Policy-based routing

On this page

Available since

  • HAProxy ALOHA 16.5

Policy-based routing allows you to route traffic by information other than just the destination IP address. It lets you route packets differently depending on the source IP and port, destination IP and port, and protocol. For example, you could match UDP or ICMP traffic and route it to a different network, or you could ensure that traffic exits via the same gateway where it arrived.

Flows and outflows

You can also use flows and outflows to accomplish custom routing.

Use a custom routing table Jump to heading

Normally, routing rules are grouped together into a default collection called the main routing table. To route IP packets differently depending on the source address, destination address, and/or protocol, you’ll create a custom routing table. By defining a selector that matches the traffic you want to affect, you can apply your custom routing table and the rules it contains only to matching packets.

  1. In the Services tab, click network setup to display the current configuration of your network interfaces.

    Interface Setup Bonding

  2. Add a rule through the following syntax:

    text
    ip rule <selector> <action>
    text
    ip rule <selector> <action>

    For example, to have traffic exit by the same default gateway where it entered:

    text
    service network eth1
      ip address       10.20.10.15/24
      ip rule  from    10.20.10.0/24  table 10
      ip route default 10.20.10.1     table 10
    text
    service network eth1
      ip address       10.20.10.15/24
      ip rule  from    10.20.10.0/24  table 10
      ip route default 10.20.10.1     table 10

    where:

    • The ip address line sets a static IP address for the interface.
    • The ip rule line uses the from argument to indicate that traffic that has a source IP in the range 10.20.10.0/24, including your application’s VIP, will use the rules defined in the custom routing table 10.
    • The ip route line adds a single rule to that table, which sets the default route to 10.20.10.1.

    Note that you do not need to specify an add argument to add a rule, such as ip rule add, but just ip rule, since adding the line implies adding it, and deleting the line removes it.

    In a custom routing table, you can also add IP static routes. And you can add policy-based routing to VLAN and bonded interfaces.

  3. Click OK and Close.

  4. On the Services tab, click Apply.

  5. To make your changes persistent after a reboot, click the Setup tab. Then click Save under Configuration.

Verify your setup Jump to heading

To verify that your changes took effect:

  1. Go to the Tools tab and click Launch terminal.

  2. Check that the rule exists:

    nix
    ip rule list
    nix
    ip rule list
    output
    text
    0:      from all lookup local
    32765:  from 10.20.10.0/24 iif eth1 lookup 10
    32766:  from all lookup main
    32767:  from all lookup default
    output
    text
    0:      from all lookup local
    32765:  from 10.20.10.0/24 iif eth1 lookup 10
    32766:  from all lookup main
    32767:  from all lookup default

  3. Check that the custom routing table contains the route. Here we are checking table 10:

    nix
    ip route show table 10
    nix
    ip route show table 10
    output
    text
    default via 10.20.10.1 dev eth1
    output
    text
    default via 10.20.10.1 dev eth1

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?

Previous page NTP Next page VLAN
© 2024 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences