Virtual Server is very useful, but currently only supports a single port (in CLI). The virtual server seems to be a huge improvement on NAT, and being able to add multiple ports would be incredibly helpful.
Something along the lines of:
set high-availability virtual-server 203.0.113.1 algorithm 'source-hashing'
set high-availability virtual-server 203.0.113.1 delay-loop '10'
set high-availability virtual-server 203.0.113.1 forward-method 'nat'
set high-availability virtual-server 203.0.113.1 persistence-timeout '180'
set high-availability virtual-server 203.0.113.1 rule 10 port '8280'
set high-availability virtual-server 203.0.113.1 rule 10 protocol 'tcp'
set high-availability virtual-server 203.0.113.1 rule 10 real-server 192.0.2.11 port '80'
set high-availability virtual-server 203.0.113.1 rule 10 real-server 192.0.2.12 port '80'
set high-availability virtual-server 203.0.113.1 rule 20 port '443'
set high-availability virtual-server 203.0.113.1 rule 20 protocol 'tcp'
set high-availability virtual-server 203.0.113.1 rule 20 real-server 192.0.2.11 port '443'
set high-availability virtual-server 203.0.113.1 rule 20 real-server 192.0.2.12 port '443'
Perhaps even support for port groups i.e.
set high-availability virtual-server 203.0.113.1 rule 10 group port-group 'http_https'
set high-availability virtual-server 203.0.113.1 rule 10 protocol 'tcp'
set high-availability virtual-server 203.0.113.1 rule 10 real-server 192.0.2.11 group port-group 'http_https'
As far as I can understand, keepalived does support multiple ports, and the configuration is exactly the same as for a single port - just another block with the new port and config i.e.:
Port groups might be slightly more difficult, and I would assume looping through the ports in the group and adding groups for each of them - which may for all I know be exactly how groups are treated in other parts of the system.
Does it not solve with fwmark for different ports?
Virtual server it just any name in this case and all decision will be match mark and real server configs
set high-availability virtual-server foo rule 20 fwmark ‘111’
set high-availability virtual-server bar rule 20 fwmark ‘112’