[Firehol-support] better understanding link-balancer and PBR

Spike spike at drba.org
Wed Dec 7 05:02:26 GMT 2016

Dear all,

I'm new to firehol and this list and I hope you can help me understand
 (link-balancer) l-b's inner workings a little better as I'm trying to
debug some problem and find myself stuck.

Q1) why does l-b copy over the main routing table to all the custom chains?
Or at least, in a common/default scenario where main just contains a couple
of local routes, what's the benefit of it?

Q2) l-b generates a nexthop default route using the GWs I configured as
default . When the packet encounters that do they go back to look at the
rules and then match Table1 for GW1 or Table2 for GW2 depending on nexthop
selected? If not, then what are those tables set up for? the main table
would already know how to reach those destinations since they are local.

Q3) my understanding is that routes are cached, so even after a link has
gone down a client will still make the same choice in terms of routing a
certain ip. Is that correct? ie it won't look at the rule or tables and
just pick the cached route. So for example if when 2 GWs were up, and
packets were routed through GW1, with Table1 having GW1 as its default
route, and then GW1 went down, subsequent packets would still route through
GW1 until the cached route expired. Is that correct? If that's true, then
what's the point of changing the default route in Table1 to use GW2 when
the rule that pointed to GW1 is removed anyway?

Q4) for some reason I'm not understanding, two subsequent runs of l-b give
opposite results regarding a failed GW: the first run detects it as FAILED,
but it then adjusts the routes for that GW's table which seems the reason
why the second run succeeds, even tho the GW is still in failed mode.

thanks for your patience in looking through this and your help.


More information about the Firehol-support mailing list