Allows you to deploy gateway and back-end load-sharing clusters without the

need of load-balancers.

.PP

This match requires that all the nodes see the same packets. Thus, the cluster

match decides if this node has to handle a packet given the following options:

.TP

\fB\-\-cluster\-total\-nodes\fP \fInum\fP

Set number of total nodes in cluster.

.TP

[\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP

Set the local node number ID.

.TP

[\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP

Set the local node number ID mask. You can use this option instead

of \fB\-\-cluster\-local\-node\fP.

.TP

\fB\-\-cluster\-hash\-seed\fP \fIvalue\fP

Set seed value of the Jenkins hash.

.PP

Example:

.IP

iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster

\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1

\-\-cluster\-hash\-seed 0xdeadbeef

\-j MARK \-\-set-mark 0xffff

.IP

iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster

\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1

\-\-cluster\-hash\-seed 0xdeadbeef

\-j MARK -\-set\-mark 0xffff

.IP

iptables \-A PREROUTING \-t mangle \-i eth1

\-m mark ! \-\-mark 0xffff \-j DROP

.IP

iptables \-A PREROUTING \-t mangle \-i eth2

\-m mark ! \-\-mark 0xffff \-j DROP

.PP

And the following commands to make all nodes see the same packets:

.IP

ip maddr add 01:00:5e:00:01:01 dev eth1

.IP

ip maddr add 01:00:5e:00:01:02 dev eth2

.IP

arptables \-A OUTPUT \-o eth1 \-\-h\-length 6

\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01

.IP

arptables \-A INPUT \-i eth1 \-\-h-length 6

\-\-destination-mac 01:00:5e:00:01:01

\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27

.IP

arptables \-A OUTPUT \-o eth2 \-\-h\-length 6

\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02

.IP

arptables \-A INPUT \-i eth2 \-\-h\-length 6

\-\-destination\-mac 01:00:5e:00:01:02

\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27

.PP

\fBNOTE\fP: the arptables commands above use mainstream syntax. If you

are using arptables-jf included in some RedHat, CentOS and Fedora

versions, you will hit syntax errors. Therefore, you'll have to adapt

these to the arptables-jf syntax to get them working.

.PP

In the case of TCP connections, pickup facility has to be disabled

to avoid marking TCP ACK packets coming in the reply direction as

valid.

.IP

echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose