Home | History | Annotate | Download | only in extensions 
      1 Allows you to deploy gateway and back-end load-sharing clusters without the
      2 need of load-balancers.
      3 .PP
      4 This match requires that all the nodes see the same packets. Thus, the cluster
      5 match decides if this node has to handle a packet given the following options:
      6 .TP
      7 \fB\-\-cluster\-total\-nodes\fP \fInum\fP
      8 Set number of total nodes in cluster.
      9 .TP
     10 [\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP
     11 Set the local node number ID.
     12 .TP
     13 [\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP
     14 Set the local node number ID mask. You can use this option instead
     15 of \fB\-\-cluster\-local\-node\fP.
     16 .TP
     17 \fB\-\-cluster\-hash\-seed\fP \fIvalue\fP
     18 Set seed value of the Jenkins hash.
     19 .PP
     20 Example:
     21 .IP
     22 iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster
     23 \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
     24 \-\-cluster\-hash\-seed 0xdeadbeef
     25 \-j MARK \-\-set-mark 0xffff
     26 .IP
     27 iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster
     28 \-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
     29 \-\-cluster\-hash\-seed 0xdeadbeef
     30 \-j MARK -\-set\-mark 0xffff
     31 .IP
     32 iptables \-A PREROUTING \-t mangle \-i eth1
     33 \-m mark ! \-\-mark 0xffff \-j DROP
     34 .IP
     35 iptables \-A PREROUTING \-t mangle \-i eth2
     36 \-m mark ! \-\-mark 0xffff \-j DROP
     37 .PP
     38 And the following commands to make all nodes see the same packets:
     39 .IP
     40 ip maddr add 01:00:5e:00:01:01 dev eth1
     41 .IP
     42 ip maddr add 01:00:5e:00:01:02 dev eth2
     43 .IP
     44 arptables \-A OUTPUT \-o eth1 \-\-h\-length 6
     45 \-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01
     46 .IP
     47 arptables \-A INPUT \-i eth1 \-\-h-length 6
     48 \-\-destination-mac 01:00:5e:00:01:01
     49 \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
     50 .IP
     51 arptables \-A OUTPUT \-o eth2 \-\-h\-length 6
     52 \-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02
     53 .IP
     54 arptables \-A INPUT \-i eth2 \-\-h\-length 6
     55 \-\-destination\-mac 01:00:5e:00:01:02
     56 \-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
     57 .PP
     58 \fBNOTE\fP: the arptables commands above use mainstream syntax. If you
     59 are using arptables-jf included in some RedHat, CentOS and Fedora
     60 versions, you will hit syntax errors. Therefore, you'll have to adapt
     61 these to the arptables-jf syntax to get them working.
     62 .PP
     63 In the case of TCP connections, pickup facility has to be disabled
     64 to avoid marking TCP ACK packets coming in the reply direction as
     65 valid.
     66 .IP
     67 echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
     68