Home | History | Annotate | Download | only in extensions 
      1 Allows you to deploy gateway and back-end load-sharing clusters without the
      2 need of load-balancers.
      3 .PP
      4 This match requires that all the nodes see the same packets. Thus, the cluster
      5 match decides if this node has to handle a packet given the following options:
      6 .TP
      7 \fB\-\-cluster\-total\-nodes\fP \fInum\fP
      8 Set number of total nodes in cluster.
      9 .TP
     10 [\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP
     11 Set the local node number ID.
     12 .TP
     13 [\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP
     14 Set the local node number ID mask. You can use this option instead
     15 of \fB\-\-cluster\-local\-node\fP.
     16 .TP
     17 \fB\-\-cluster\-hash\-seed\fP \fIvalue\fP
     18 Set seed value of the Jenkins hash.
     19 .PP
     20 Example:
     21 .IP
     22 iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster
     23 \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
     24 \-\-cluster\-hash\-seed 0xdeadbeef
     25 \-j MARK \-\-set-mark 0xffff
     26 .IP
     27 iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster
     28 \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
     29 \-\-cluster\-hash\-seed 0xdeadbeef
     30 \-j MARK -\-set\-mark 0xffff
     31 .IP
     32 iptables \-A PREROUTING \-t mangle \-i eth1
     33 \-m mark ! \-\-mark 0xffff \-j DROP
     34 .IP
     35 iptables \-A PREROUTING \-t mangle \-i eth2
     36 \-m mark ! \-\-mark 0xffff \-j DROP
     37 .PP
     38 And the following commands to make all nodes see the same packets:
     39 .IP
     40 ip maddr add 01:00:5e:00:01:01 dev eth1
     41 .IP
     42 ip maddr add 01:00:5e:00:01:02 dev eth2
     43 .IP
     44 arptables \-A OUTPUT \-o eth1 \-\-h\-length 6
     45 \-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01
     46 .IP
     47 arptables \-A INPUT \-i eth1 \-\-h-length 6
     48 \-\-destination-mac 01:00:5e:00:01:01
     49 \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
     50 .IP
     51 arptables \-A OUTPUT \-o eth2 \-\-h\-length 6
     52 \-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02
     53 .IP
     54 arptables \-A INPUT \-i eth2 \-\-h\-length 6
     55 \-\-destination\-mac 01:00:5e:00:01:02
     56 \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
     57 .PP
     58 In the case of TCP connections, pickup facility has to be disabled
     59 to avoid marking TCP ACK packets coming in the reply direction as
     60 valid.
     61 .IP
     62 echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
     63