File: nftlb.8

package info (click to toggle)
nftlb 0.6-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 4,220 kB
  • sloc: ansic: 8,693; sh: 177; makefile: 30
file content (216 lines) | stat: -rw-r--r-- 6,653 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
 
.\"
.\" (C) Copyright 2018, Arturo Borrero Gonzalez <arturo@debian.org>
.\"
.TH NFTLB 8 "May 9, 2018"

.SH NAME
nftlb \- nftables load balancer

.SH SYNOPSIS
\fBnftlb\fP [option]

.SH DESCRIPTION
\fBnftlb\fP is a \fBnftables(8)\fP rules manager to create virtual services for
load balancing at layer 2, layer 3 and layer 4, minimizing the number of rules
and using structures to match efficiently the packets. It’s also provided with
an easy \fBJSON API\fP service to have the flexibility to interact with
\fBnftlb\fP programmatically and to meet automation. So you can use your
preferred health checker to be integrated with \fBnftlb\fP very easily.

The philosophy of \fBnftlb\fP is to maintain the data path into the kernel, in
order to achieve the most performance possible, but the control plane and heath
checks into user space to have the flexibility to change the behavior easily
but also to be compatible with the rest of the linux stack.

.SH USAGE
These are the options you may use when running \fBnftlb\fP:

.TP
.BI "-h | --help"
Show the command help.
.TP
.BI "-l <LEVEL> | --log <LEVEL>"
Verbosity of the logs. They will be sent to \fBsyslog\fP.
Valid values are from 0 to 7 (default is 5).
.TP
.BI "-c <FILE> | --config <FILE>"
Initial configuration file.
.TP
.BI "-k <KEY> | --key <KEY>"
The authentication key for the web service can be set with this option.
If not specified, it will be automatically generated and printed to stdout.
.TP
.BI "-e | --exit"
This option results in \fBnftlb\fP loading the generated ruleset into
\fBnftables(8)\fP and then exit. The web server won't be available.
.TP
.BI "-6 | --ipv6"
Enable IPv6 support for the web server.
.TP
.BI "-H <HOST> | --host <HOST>"
Set the host for the web service (all interfaces by default).
.TP
.BI "-P <PORT> | --port <PORT>"
Set the TCP port for the web service (5555 by default).

.SH API USAGE
Once \fBnftlb\fP is launched you can manage it through the API:

.TP
.BI "Virtual service listing"

curl -H "Key: <MYKEY>" http://<NFTLB IP>:5555/farms

.TP
.BI "Setup a new virtual service"

curl -H "Key: <MYKEY>" -X POST http://<NFTLB IP>:5555/farms -d "@tests/008_snat_ipv4_all_rr.json"

.TP
.BI "Delete a virtual service"

curl -H "Key: <MYKEY>" -X DELETE http://<NFTLB IP>:5555/farms/lb01

.TP
.BI "Delete a backend of a virtual service"

curl -H "Key: <MYKEY>" -X DELETE http://<NFTLB IP>:5555/farms/lb01/backends/bck1

.SH CONFIGURATION
Configuration files have this format (JSON):

.nf
{
	"farms" : [
		{ <object farm 1> },
		{ <object farm 2> },
		{ ... }
	]
}
.fi

The farm objects have the following attributes:

.nf
{
	"name" : "<string>",				*Name of the service (required)*
	"iface"	: "<interface name>",			*Input interface (only required for DSR)*
	"oface"	: "<interface name>",			*Output interface (only required for DSR)*
	"family": "<ipv4 | ipv6 | dual>",		*Family of the virtual service (ipv4 by default)*
	"ether-addr": "<mac address>",			*Physical address of the virtual service (only required for DSR)*
	"virtual-addr": "<ip address>",			*IP address for the virtual service (required)*
	"virtual-ports": "<port list>",			*Port list separated by commas or ranges separated by a hyphen*
	"mode": "<snat | dnat | dsr>",			*Topology to be implemented (required)*
	"protocol": "<tcp | udp | sctp | all>",		*Protocol to be used by the virtual service (tcp by default)*
	"scheduler": "<weight | rr | hash | symhash>",	*Scheduler to be used (round robin by default)*
	"priority": "<number>",				*Priority availability for backends > 0 (1 by default)*
	"state": "<up | down | off>",			*Set the status of the virtual service (up by default)*
	"backends" : [					*List of backends*
		{<object backend 1>},
		{<object backend 2>},
		{...}
	]
}
.fi

The backend objects have the following attributes:

.nf
{
	"name" : "<string>",				*Name of the backend (required)*
	"ether-addr": "<mac address>",			*Physical address of the backend (only required for DSR)*
	"ip-addr": "<ip address>",			*IP address for the backend (required, except for DSR)*
	"weight": "<number>",				*Weight of the backend (1 by default)*
	"priority": "<number>",				*Priority availability for the backend > 0 (1 by default)*
	"state": "<up | down | off>",			*Set the status of the backend (up by default)*
}
.fi

.SH CONFIG EXAMPLES
TCP IPv4 SNAT with weights:

.nf
{
    "farms" : [
        {
            "name" : "lb01",
            "family" : "ipv4",
            "virtual-addr" : "192.168.0.100",
            "virtual-ports" : "80",
            "mode" : "snat",
            "protocol" : "tcp",
            "scheduler" : "weight",
            "state" : "up",
            "backends" : [
                {
                    "name" : "bck0",
                    "ip-addr" : "192.168.0.10",
                    "weight" : "5",
                    "priority" : "1",
                    "state" : "up"
                },
                {
                    "name" : "bck1",
                    "ip-addr" : "192.168.0.11",
                    "weight" : "5",
                    "priority" : "1",
                    "state" : "up"
                }
            ]
        }
    ]
}
.fi

TCP IPv4 with DSR using symhash:

.nf
{
    "farms" : [
        {
            "name" : "lb01",
            "family" : "ipv4",
            "iface" : "enp0s3",
            "oface" : "enp0s8",
            "virtual-addr" : "192.168.0.100",
            "ether-addr" : "01:01:01:01:01:01",
            "virtual-ports" : "80-88",
            "mode" : "dsr",
            "protocol" : "tcp",
            "scheduler" : "symhash",
            "state" : "up",
            "backends" : [
                {
                    "name" : "bck0",
                    "ip-addr" : "192.168.0.10",
                    "ether-addr" : "02:02:02:02:02:02",
                    "weight" : "5",
                    "priority" : "1",
                    "state" : "up"
                },
                {
                    "name" : "bck1",
                    "ip-addr" : "192.168.0.11",
                    "ether-addr" : "03:03:03:03:03:03",
                    "weight" : "5",
                    "priority" : "1",
                    "state" : "up"
                }
            ]
        }
    ]
}
.fi

.SH SEE ALSO
For \fBnftlb\fP information, please head to
\fBhttps://github.com/zevenet/nftlb\fP.

To get up-to-date information about \fBnftables(8)\fP, please head to
\fBhttp://wiki.nftables.org/\fP.

.SH AUTHORS
\fBnftlb\fP was written by Laura García @ Zevenet (https://www.zevenet.com).

This manual page was written by Arturo Borrero Gonzalez
<arturo@debian.org> for the Debian project (but may be used by others).