On 2019-12-26, Thomas Huber <miracu...@gmail.com> wrote: > I just tried to get a little deeper into load-balancing and try > to use relayd(8) in a dynamic (translate to microservices) environment > where I´l like to add and remove hosts on the fly. > After some reading I thought I should use tables for this purpose. > > relayctl(8) only allows to enable or disable complete tables but not > to alter a table. > > So I checked out > > 'pfctl -t <table> -T add ' > > which should do exactly what I want.
That manipulates tables in PF not in relayd. > But unfortunatelly the tables (to relay or redirect) are not > present in 'pfctl -s Table' relayd *uses* PF tables for redirect (but not relay). They are added under PF "anchors". See the list of relayd's anchors with pfctl -sA -a relayd. See the list of tables attached to an anchor with pfctl -sT -a relayd/RDR_someanchor. See table contents with pfctl -a RDR_someanchor -t RDR_sometable -Ts. But changing PF tables doesn't feed back to relayd. It won't start doing health checks for added hosts, etc. > I just hava a small setup to play, no real hosts or serverices attached > but before growing bigger I wanted to ask here if this should be > possible how I try it or another idea how to alter realyd(8) tables > without updating relay.conf(5) and reload. You need to update the config and reload. This is probably easier if you use a short file containing just the table definition and use "include". If you want something with more dynamic runtime configuration, haproxy is in ports, runs ok on OpenBSD and maybe a better fit. relayd has lower overhead in cases where packets are sent unmodified (it uses SO_SPLICE for simple TCP relays to hand-off packet shuffling to the kernel; haproxy can do this on Linux using splice(2) on Linux but doesn't use SO_SPLICE) but that's irrelevant in other cases (e.g. if the load-balancer terminates TLS connections) and might otherwise be a better fit for microservices.
