libxt_cluster.man 2.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. Allows you to deploy gateway and back-end load-sharing clusters without the
  2. need of load-balancers.
  3. .PP
  4. This match requires that all the nodes see the same packets. Thus, the cluster
  5. match decides if this node has to handle a packet given the following options:
  6. .TP
  7. \fB\-\-cluster\-total\-nodes\fP \fInum\fP
  8. Set number of total nodes in cluster.
  9. .TP
  10. [\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP
  11. Set the local node number ID.
  12. .TP
  13. [\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP
  14. Set the local node number ID mask. You can use this option instead
  15. of \fB\-\-cluster\-local\-node\fP.
  16. .TP
  17. \fB\-\-cluster\-hash\-seed\fP \fIvalue\fP
  18. Set seed value of the Jenkins hash.
  19. .PP
  20. Example:
  21. .IP
  22. iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster
  23. \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
  24. \-\-cluster\-hash\-seed 0xdeadbeef
  25. \-j MARK \-\-set-mark 0xffff
  26. .IP
  27. iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster
  28. \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
  29. \-\-cluster\-hash\-seed 0xdeadbeef
  30. \-j MARK -\-set\-mark 0xffff
  31. .IP
  32. iptables \-A PREROUTING \-t mangle \-i eth1
  33. \-m mark ! \-\-mark 0xffff \-j DROP
  34. .IP
  35. iptables \-A PREROUTING \-t mangle \-i eth2
  36. \-m mark ! \-\-mark 0xffff \-j DROP
  37. .PP
  38. And the following commands to make all nodes see the same packets:
  39. .IP
  40. ip maddr add 01:00:5e:00:01:01 dev eth1
  41. .IP
  42. ip maddr add 01:00:5e:00:01:02 dev eth2
  43. .IP
  44. arptables \-A OUTPUT \-o eth1 \-\-h\-length 6
  45. \-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01
  46. .IP
  47. arptables \-A INPUT \-i eth1 \-\-h-length 6
  48. \-\-destination-mac 01:00:5e:00:01:01
  49. \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
  50. .IP
  51. arptables \-A OUTPUT \-o eth2 \-\-h\-length 6
  52. \-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02
  53. .IP
  54. arptables \-A INPUT \-i eth2 \-\-h\-length 6
  55. \-\-destination\-mac 01:00:5e:00:01:02
  56. \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
  57. .PP
  58. In the case of TCP connections, pickup facility has to be disabled
  59. to avoid marking TCP ACK packets coming in the reply direction as
  60. valid.
  61. .IP
  62. echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose