Re: [chrony-dev] Chrony behind load balancer doing DSR

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Apr 28, 2022, 3:12 AM -0400, Miroslav Lichvar <mlichvar@xxxxxxxxxx>, wrote:
On Wed, Apr 27, 2022 at 02:59:42PM -0400, Bryan Seitz wrote:
Chrony devs,

  We’d like to migrate to a load balancer using direct server return with Chrony. The VIP address is assigned to the LO interface and we are using an IPIP tunnel.  The problem is that Chrony receives the packet on the tunl0 (pip) interface and sends the reply (DSR with real client IP destination) back out the tunl0 interface.  The packet needs to go out eth0 since that is how things are routed properly.  ISC Kea has an option to do this however I cannot find an equivalent with Chrony.  Is there a solution or is it possible to add similar functionality to Chrony?

What version of chrony are you using?

In 4.0 there was this change:
* Don't set interface for NTP responses to allow asymmetric routing

which was intended for cases like you describe.

Miroslav,

    I upgraded to v4 from 3.5 (Ubuntu Focal) and it works. Thank you!


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/