|
Packit Service |
d1fe03 |
Allows you to deploy gateway and back-end load-sharing clusters without the
|
|
Packit Service |
d1fe03 |
need of load-balancers.
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
This match requires that all the nodes see the same packets. Thus, the cluster
|
|
Packit Service |
d1fe03 |
match decides if this node has to handle a packet given the following options:
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-\-cluster\-total\-nodes\fP \fInum\fP
|
|
Packit Service |
d1fe03 |
Set number of total nodes in cluster.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP
|
|
Packit Service |
d1fe03 |
Set the local node number ID.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP
|
|
Packit Service |
d1fe03 |
Set the local node number ID mask. You can use this option instead
|
|
Packit Service |
d1fe03 |
of \fB\-\-cluster\-local\-node\fP.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-\-cluster\-hash\-seed\fP \fIvalue\fP
|
|
Packit Service |
d1fe03 |
Set seed value of the Jenkins hash.
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
Example:
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster
|
|
Packit Service |
d1fe03 |
\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
|
|
Packit Service |
d1fe03 |
\-\-cluster\-hash\-seed 0xdeadbeef
|
|
Packit Service |
d1fe03 |
\-j MARK \-\-set-mark 0xffff
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster
|
|
Packit Service |
d1fe03 |
\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
|
|
Packit Service |
d1fe03 |
\-\-cluster\-hash\-seed 0xdeadbeef
|
|
Packit Service |
d1fe03 |
\-j MARK -\-set\-mark 0xffff
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
iptables \-A PREROUTING \-t mangle \-i eth1
|
|
Packit Service |
d1fe03 |
\-m mark ! \-\-mark 0xffff \-j DROP
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
iptables \-A PREROUTING \-t mangle \-i eth2
|
|
Packit Service |
d1fe03 |
\-m mark ! \-\-mark 0xffff \-j DROP
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
And the following commands to make all nodes see the same packets:
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
ip maddr add 01:00:5e:00:01:01 dev eth1
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
ip maddr add 01:00:5e:00:01:02 dev eth2
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
arptables \-A OUTPUT \-o eth1 \-\-h\-length 6
|
|
Packit Service |
d1fe03 |
\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
arptables \-A INPUT \-i eth1 \-\-h-length 6
|
|
Packit Service |
d1fe03 |
\-\-destination-mac 01:00:5e:00:01:01
|
|
Packit Service |
d1fe03 |
\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
arptables \-A OUTPUT \-o eth2 \-\-h\-length 6
|
|
Packit Service |
d1fe03 |
\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
arptables \-A INPUT \-i eth2 \-\-h\-length 6
|
|
Packit Service |
d1fe03 |
\-\-destination\-mac 01:00:5e:00:01:02
|
|
Packit Service |
d1fe03 |
\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
\fBNOTE\fP: the arptables commands above use mainstream syntax. If you
|
|
Packit Service |
d1fe03 |
are using arptables-jf included in some RedHat, CentOS and Fedora
|
|
Packit Service |
d1fe03 |
versions, you will hit syntax errors. Therefore, you'll have to adapt
|
|
Packit Service |
d1fe03 |
these to the arptables-jf syntax to get them working.
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
In the case of TCP connections, pickup facility has to be disabled
|
|
Packit Service |
d1fe03 |
to avoid marking TCP ACK packets coming in the reply direction as
|
|
Packit Service |
d1fe03 |
valid.
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
|