1*a71a9546SAutomerger Merge WorkerAllows you to deploy gateway and back-end load-sharing clusters without the 2*a71a9546SAutomerger Merge Workerneed of load-balancers. 3*a71a9546SAutomerger Merge Worker.PP 4*a71a9546SAutomerger Merge WorkerThis match requires that all the nodes see the same packets. Thus, the cluster 5*a71a9546SAutomerger Merge Workermatch decides if this node has to handle a packet given the following options: 6*a71a9546SAutomerger Merge Worker.TP 7*a71a9546SAutomerger Merge Worker\fB\-\-cluster\-total\-nodes\fP \fInum\fP 8*a71a9546SAutomerger Merge WorkerSet number of total nodes in cluster. 9*a71a9546SAutomerger Merge Worker.TP 10*a71a9546SAutomerger Merge Worker[\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP 11*a71a9546SAutomerger Merge WorkerSet the local node number ID. 12*a71a9546SAutomerger Merge Worker.TP 13*a71a9546SAutomerger Merge Worker[\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP 14*a71a9546SAutomerger Merge WorkerSet the local node number ID mask. You can use this option instead 15*a71a9546SAutomerger Merge Workerof \fB\-\-cluster\-local\-node\fP. 16*a71a9546SAutomerger Merge Worker.TP 17*a71a9546SAutomerger Merge Worker\fB\-\-cluster\-hash\-seed\fP \fIvalue\fP 18*a71a9546SAutomerger Merge WorkerSet seed value of the Jenkins hash. 19*a71a9546SAutomerger Merge Worker.PP 20*a71a9546SAutomerger Merge WorkerExample: 21*a71a9546SAutomerger Merge Worker.IP 22*a71a9546SAutomerger Merge Workeriptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster 23*a71a9546SAutomerger Merge Worker\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1 24*a71a9546SAutomerger Merge Worker\-\-cluster\-hash\-seed 0xdeadbeef 25*a71a9546SAutomerger Merge Worker\-j MARK \-\-set-mark 0xffff 26*a71a9546SAutomerger Merge Worker.IP 27*a71a9546SAutomerger Merge Workeriptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster 28*a71a9546SAutomerger Merge Worker\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1 29*a71a9546SAutomerger Merge Worker\-\-cluster\-hash\-seed 0xdeadbeef 30*a71a9546SAutomerger Merge Worker\-j MARK \-\-set\-mark 0xffff 31*a71a9546SAutomerger Merge Worker.IP 32*a71a9546SAutomerger Merge Workeriptables \-A PREROUTING \-t mangle \-i eth1 33*a71a9546SAutomerger Merge Worker\-m mark ! \-\-mark 0xffff \-j DROP 34*a71a9546SAutomerger Merge Worker.IP 35*a71a9546SAutomerger Merge Workeriptables \-A PREROUTING \-t mangle \-i eth2 36*a71a9546SAutomerger Merge Worker\-m mark ! \-\-mark 0xffff \-j DROP 37*a71a9546SAutomerger Merge Worker.PP 38*a71a9546SAutomerger Merge WorkerAnd the following commands to make all nodes see the same packets: 39*a71a9546SAutomerger Merge Worker.IP 40*a71a9546SAutomerger Merge Workerip maddr add 01:00:5e:00:01:01 dev eth1 41*a71a9546SAutomerger Merge Worker.IP 42*a71a9546SAutomerger Merge Workerip maddr add 01:00:5e:00:01:02 dev eth2 43*a71a9546SAutomerger Merge Worker.IP 44*a71a9546SAutomerger Merge Workerarptables \-A OUTPUT \-o eth1 \-\-h\-length 6 45*a71a9546SAutomerger Merge Worker\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01 46*a71a9546SAutomerger Merge Worker.IP 47*a71a9546SAutomerger Merge Workerarptables \-A INPUT \-i eth1 \-\-h-length 6 48*a71a9546SAutomerger Merge Worker\-\-destination-mac 01:00:5e:00:01:01 49*a71a9546SAutomerger Merge Worker\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 50*a71a9546SAutomerger Merge Worker.IP 51*a71a9546SAutomerger Merge Workerarptables \-A OUTPUT \-o eth2 \-\-h\-length 6 52*a71a9546SAutomerger Merge Worker\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02 53*a71a9546SAutomerger Merge Worker.IP 54*a71a9546SAutomerger Merge Workerarptables \-A INPUT \-i eth2 \-\-h\-length 6 55*a71a9546SAutomerger Merge Worker\-\-destination\-mac 01:00:5e:00:01:02 56*a71a9546SAutomerger Merge Worker\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 57*a71a9546SAutomerger Merge Worker.PP 58*a71a9546SAutomerger Merge Worker\fBNOTE\fP: the arptables commands above use mainstream syntax. If you 59*a71a9546SAutomerger Merge Workerare using arptables-jf included in some RedHat, CentOS and Fedora 60*a71a9546SAutomerger Merge Workerversions, you will hit syntax errors. Therefore, you'll have to adapt 61*a71a9546SAutomerger Merge Workerthese to the arptables-jf syntax to get them working. 62*a71a9546SAutomerger Merge Worker.PP 63*a71a9546SAutomerger Merge WorkerIn the case of TCP connections, pickup facility has to be disabled 64*a71a9546SAutomerger Merge Workerto avoid marking TCP ACK packets coming in the reply direction as 65*a71a9546SAutomerger Merge Workervalid. 66*a71a9546SAutomerger Merge Worker.IP 67*a71a9546SAutomerger Merge Workerecho 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose 68