diff options
| author | Jinkun Jang <jinkun.jang@samsung.com> | 2013-03-13 01:42:55 +0900 |
|---|---|---|
| committer | Jinkun Jang <jinkun.jang@samsung.com> | 2013-03-13 01:42:55 +0900 |
| commit | cb06be6ecc10920c73293799689ce9803262a922 (patch) | |
| tree | 5d21c5f26a156067e733c9faa79782ecc26196e9 /extensions/libxt_cluster.man | |
| parent | dbc5ef4889caa206f4d47d83345357780ceef73e (diff) | |
| download | iptables-tizen_2.1.tar.gz iptables-tizen_2.1.tar.bz2 iptables-tizen_2.1.zip | |
Tizen 2.1 basesubmit/tizen_2.2/20130714.145952submit/tizen_2.1/20130424.225212accepted/tizen_2.1/20130425.0251492.2_release2.1b_releasetizen_2.1
Diffstat (limited to 'extensions/libxt_cluster.man')
| -rw-r--r-- | extensions/libxt_cluster.man | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/extensions/libxt_cluster.man b/extensions/libxt_cluster.man new file mode 100644 index 0000000..62ad71c --- /dev/null +++ b/extensions/libxt_cluster.man @@ -0,0 +1,62 @@ +Allows you to deploy gateway and back-end load-sharing clusters without the +need of load-balancers. +.PP +This match requires that all the nodes see the same packets. Thus, the cluster +match decides if this node has to handle a packet given the following options: +.TP +\fB\-\-cluster\-total\-nodes\fP \fInum\fP +Set number of total nodes in cluster. +.TP +[\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP +Set the local node number ID. +.TP +[\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP +Set the local node number ID mask. You can use this option instead +of \fB\-\-cluster\-local\-node\fP. +.TP +\fB\-\-cluster\-hash\-seed\fP \fIvalue\fP +Set seed value of the Jenkins hash. +.PP +Example: +.IP +iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster +\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1 +\-\-cluster\-hash\-seed 0xdeadbeef +\-j MARK \-\-set-mark 0xffff +.IP +iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster +\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1 +\-\-cluster\-hash\-seed 0xdeadbeef +\-j MARK -\-set\-mark 0xffff +.IP +iptables \-A PREROUTING \-t mangle \-i eth1 +\-m mark ! \-\-mark 0xffff \-j DROP +.IP +iptables \-A PREROUTING \-t mangle \-i eth2 +\-m mark ! \-\-mark 0xffff \-j DROP +.PP +And the following commands to make all nodes see the same packets: +.IP +ip maddr add 01:00:5e:00:01:01 dev eth1 +.IP +ip maddr add 01:00:5e:00:01:02 dev eth2 +.IP +arptables \-A OUTPUT \-o eth1 \-\-h\-length 6 +\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01 +.IP +arptables \-A INPUT \-i eth1 \-\-h-length 6 +\-\-destination-mac 01:00:5e:00:01:01 +\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 +.IP +arptables \-A OUTPUT \-o eth2 \-\-h\-length 6 +\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02 +.IP +arptables \-A INPUT \-i eth2 \-\-h\-length 6 +\-\-destination\-mac 01:00:5e:00:01:02 +\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 +.PP +In the case of TCP connections, pickup facility has to be disabled +to avoid marking TCP ACK packets coming in the reply direction as +valid. +.IP +echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose |