Testing the nftables NAT load balancer with lxd containers

28th April 2021 at 6:56pm
containers lxc nftables

  • We have 5 lxd containers ( tw1-ct, tw2-ct, etc ) built with our tinyzfs small linux: https://www.bollati.info/tiny/.
  • The containers are running a tiny http/s server with the haserl program to serve some simple scripts.
  • The script simply queries and provides the containers status via the LXC cli, adding the output of uname -n to identify which container is actually being accessed by the load balancer that is running on the gatewa
  • The root of the http server that is running on the 5 containers is common and it is an LXD shared volume on a nvme device::
...
devices:
  www:
    path: /var/www
    pool: nvme-ct
    source: www
    type: disk
...
  • The containers' storage are on some zfs datasets.

While refreshing the web page it can be clearly seen on top of the page that the load is distributed across the containers with the Round Robin protocol in this case.

Then we switched to Grafana monitoring to check the containers' cpu load and add some load to the system generating 3 x 3000 request through the load balancer that is running on the gateway.

for i in {1..3000};do elinks -dump -dump-color-mode 3 https://srv.bollati.uk.:4430//cgi-bin/env.cgi|/bin/grep Logged; done

X 3

  • The output of those requests were filtered down to contain only the container name.

Here a short screencast:

https://www.bollati.info/tiny/screencasts/lxd_nftables_lb.webm