06-08-2014 01:25 PM
I am having an issue deploying vyatta load balancing among a primary (fast) and backup (slow) ISP connections and also allowing inbound port fowarded server traffic to an internal server from the backup ISP.
It appears for outbound connections, the load balancing works as intended. But for inbound connections coming in on the 'backup' internet connection, the session reply packets are being sent back out the primary ISP link *after* being SNAT'ed with the 'backup' links IP address... obviously the primary provider is dropping these packets as they don't belong on their net.
Everything I read says the vyatta kernel should maintain a connections original inbound interface within the load balancing code but it just doesn't seem to be working and I don't know what I am doing wrong. It acts like it is perfoming the final SNAT on the reply packet and *then* going through the load balancer which chooses the wrong interface.
I've tried Source Routing to force the internal servers to always use the backup route for it's outbound traffic but that is being ignored as well.
Any help or insight would be greatly appreciated!