• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1Allows you to deploy gateway and back-end load-sharing clusters without the
2need of load-balancers.
3.PP
4This match requires that all the nodes see the same packets. Thus, the cluster
5match decides if this node has to handle a packet given the following options:
6.TP
7\fB\-\-cluster\-total\-nodes\fP \fInum\fP
8Set number of total nodes in cluster.
9.TP
10[\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP
11Set the local node number ID.
12.TP
13[\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP
14Set the local node number ID mask. You can use this option instead
15of \fB\-\-cluster\-local\-node\fP.
16.TP
17\fB\-\-cluster\-hash\-seed\fP \fIvalue\fP
18Set seed value of the Jenkins hash.
19.PP
20Example:
21.IP
22iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster
23\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
24\-\-cluster\-hash\-seed 0xdeadbeef
25\-j MARK \-\-set-mark 0xffff
26.IP
27iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster
28\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
29\-\-cluster\-hash\-seed 0xdeadbeef
30\-j MARK -\-set\-mark 0xffff
31.IP
32iptables \-A PREROUTING \-t mangle \-i eth1
33\-m mark ! \-\-mark 0xffff \-j DROP
34.IP
35iptables \-A PREROUTING \-t mangle \-i eth2
36\-m mark ! \-\-mark 0xffff \-j DROP
37.PP
38And the following commands to make all nodes see the same packets:
39.IP
40ip maddr add 01:00:5e:00:01:01 dev eth1
41.IP
42ip maddr add 01:00:5e:00:01:02 dev eth2
43.IP
44arptables \-A OUTPUT \-o eth1 \-\-h\-length 6
45\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01
46.IP
47arptables \-A INPUT \-i eth1 \-\-h-length 6
48\-\-destination-mac 01:00:5e:00:01:01
49\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
50.IP
51arptables \-A OUTPUT \-o eth2 \-\-h\-length 6
52\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02
53.IP
54arptables \-A INPUT \-i eth2 \-\-h\-length 6
55\-\-destination\-mac 01:00:5e:00:01:02
56\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
57.PP
58\fBNOTE\fP: the arptables commands above use mainstream syntax. If you
59are using arptables-jf included in some RedHat, CentOS and Fedora
60versions, you will hit syntax errors. Therefore, you'll have to adapt
61these to the arptables-jf syntax to get them working.
62.PP
63In the case of TCP connections, pickup facility has to be disabled
64to avoid marking TCP ACK packets coming in the reply direction as
65valid.
66.IP
67echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
68