首页 发现 帮助
登录
SoftwareDesign
/
csu3_am335x
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: master
分支列表 标签列表
csu3_am335x
/
EVSE
/
GPL
/
iptables-1.4.18
/
extensions
/
libxt_cluster.man

libxt_cluster.man 2.0 KB
永久链接 文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. Allows you to deploy gateway and back-end load-sharing clusters without the
    2. 

  2. need of load-balancers.
    3. 

  3. .PP
    4. 

  4. This match requires that all the nodes see the same packets. Thus, the cluster
    5. 

  5. match decides if this node has to handle a packet given the following options:
    6. 

  6. .TP
    7. 

  7. \fB\-\-cluster\-total\-nodes\fP \fInum\fP
    8. 

  8. Set number of total nodes in cluster.
    9. 

  9. .TP
    10. 

  10. [\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP
    11. 

  11. Set the local node number ID.
    12. 

  12. .TP
    13. 

  13. [\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP
    14. 

  14. Set the local node number ID mask. You can use this option instead
    15. 

  15. of \fB\-\-cluster\-local\-node\fP.
    16. 

  16. .TP
    17. 

  17. \fB\-\-cluster\-hash\-seed\fP \fIvalue\fP
    18. 

  18. Set seed value of the Jenkins hash.
    19. 

  19. .PP
    20. 

  20. Example:
    21. 

  21. .IP
    22. 

  22. iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster
    23. 

  23. \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
    24. 

  24. \-\-cluster\-hash\-seed 0xdeadbeef
    25. 

  25. \-j MARK \-\-set-mark 0xffff
    26. 

  26. .IP
    27. 

  27. iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster
    28. 

  28. \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
    29. 

  29. \-\-cluster\-hash\-seed 0xdeadbeef
    30. 

  30. \-j MARK -\-set\-mark 0xffff
    31. 

  31. .IP
    32. 

  32. iptables \-A PREROUTING \-t mangle \-i eth1
    33. 

  33. \-m mark ! \-\-mark 0xffff \-j DROP
    34. 

  34. .IP
    35. 

  35. iptables \-A PREROUTING \-t mangle \-i eth2
    36. 

  36. \-m mark ! \-\-mark 0xffff \-j DROP
    37. 

  37. .PP
    38. 

  38. And the following commands to make all nodes see the same packets:
    39. 

  39. .IP
    40. 

  40. ip maddr add 01:00:5e:00:01:01 dev eth1
    41. 

  41. .IP
    42. 

  42. ip maddr add 01:00:5e:00:01:02 dev eth2
    43. 

  43. .IP
    44. 

  44. arptables \-A OUTPUT \-o eth1 \-\-h\-length 6
    45. 

  45. \-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01
    46. 

  46. .IP
    47. 

  47. arptables \-A INPUT \-i eth1 \-\-h-length 6
    48. 

  48. \-\-destination-mac 01:00:5e:00:01:01
    49. 

  49. \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
    50. 

  50. .IP
    51. 

  51. arptables \-A OUTPUT \-o eth2 \-\-h\-length 6
    52. 

  52. \-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02
    53. 

  53. .IP
    54. 

  54. arptables \-A INPUT \-i eth2 \-\-h\-length 6
    55. 

  55. \-\-destination\-mac 01:00:5e:00:01:02
    56. 

  56. \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
    57. 

  57. .PP
    58. 

  58. In the case of TCP connections, pickup facility has to be disabled
    59. 

  59. to avoid marking TCP ACK packets coming in the reply direction as
    60. 

  60. valid.
    61. 

  61. .IP
    62. 

  62. echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
    63.