Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / d7282413763b0ba85d512c1cd49174b762ff449c / . / extensions / libxt_cluster.man
blob: 62ad71cc8a3ae6e27d95ce78d7afda0a6c6919d3 [file] [log] [blame]
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]1Allows you to deploy gateway and back-end load-sharing clusters without the
2need of load-balancers.
3.PP
4This match requires that all the nodes see the same packets. Thus, the cluster
5match decides if this node has to handle a packet given the following options:
6.TP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]7\fB\-\-cluster\-total\-nodes\fP \fInum\fP
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]8Set number of total nodes in cluster.
9.TP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]10[\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]11Set the local node number ID.
12.TP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]13[\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]14Set the local node number ID mask. You can use this option instead
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]15of \fB\-\-cluster\-local\-node\fP.
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]16.TP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]17\fB\-\-cluster\-hash\-seed\fP \fIvalue\fP
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]18Set seed value of the Jenkins hash.
19.PP
20Example:
21.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]22iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster
23\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
24\-\-cluster\-hash\-seed 0xdeadbeef
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]25\-j MARK \-\-set-mark 0xffff
26.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]27iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster
28\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1
29\-\-cluster\-hash\-seed 0xdeadbeef
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]30\-j MARK -\-set\-mark 0xffff
31.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]32iptables \-A PREROUTING \-t mangle \-i eth1
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]33\-m mark ! \-\-mark 0xffff \-j DROP
34.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]35iptables \-A PREROUTING \-t mangle \-i eth2
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]36\-m mark ! \-\-mark 0xffff \-j DROP
37.PP
38And the following commands to make all nodes see the same packets:
39.IP
40ip maddr add 01:00:5e:00:01:01 dev eth1
41.IP
42ip maddr add 01:00:5e:00:01:02 dev eth2
43.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]44arptables \-A OUTPUT \-o eth1 \-\-h\-length 6
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]45\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01
46.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]47arptables \-A INPUT \-i eth1 \-\-h-length 6
48\-\-destination-mac 01:00:5e:00:01:01
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]49\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
50.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]51arptables \-A OUTPUT \-o eth2 \-\-h\-length 6
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]52\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02
53.IP
Jan Engelhardt18c475d2009-06-10 20:18:43 +0200[diff] [blame]54arptables \-A INPUT \-i eth2 \-\-h\-length 6
55\-\-destination\-mac 01:00:5e:00:01:02
Pablo Neira Ayusocd958a62009-05-06 13:01:20 +0200[diff] [blame]56\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
57.PP
58In the case of TCP connections, pickup facility has to be disabled
59to avoid marking TCP ACK packets coming in the reply direction as
60valid.
61.IP
62echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose