1Allows you to deploy gateway and back-end load-sharing clusters without the 2need of load-balancers. 3.PP 4This match requires that all the nodes see the same packets. Thus, the cluster 5match decides if this node has to handle a packet given the following options: 6.TP 7\fB\-\-cluster\-total\-nodes\fP \fInum\fP 8Set number of total nodes in cluster. 9.TP 10[\fB!\fP] \fB\-\-cluster\-local\-node\fP \fInum\fP 11Set the local node number ID. 12.TP 13[\fB!\fP] \fB\-\-cluster\-local\-nodemask\fP \fImask\fP 14Set the local node number ID mask. You can use this option instead 15of \fB\-\-cluster\-local\-node\fP. 16.TP 17\fB\-\-cluster\-hash\-seed\fP \fIvalue\fP 18Set seed value of the Jenkins hash. 19.PP 20Example: 21.IP 22iptables \-A PREROUTING \-t mangle \-i eth1 \-m cluster 23\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1 24\-\-cluster\-hash\-seed 0xdeadbeef 25\-j MARK \-\-set-mark 0xffff 26.IP 27iptables \-A PREROUTING \-t mangle \-i eth2 \-m cluster 28\-\-cluster\-total\-nodes 2 \-\-cluster\-local\-node 1 29\-\-cluster\-hash\-seed 0xdeadbeef 30\-j MARK -\-set\-mark 0xffff 31.IP 32iptables \-A PREROUTING \-t mangle \-i eth1 33\-m mark ! \-\-mark 0xffff \-j DROP 34.IP 35iptables \-A PREROUTING \-t mangle \-i eth2 36\-m mark ! \-\-mark 0xffff \-j DROP 37.PP 38And the following commands to make all nodes see the same packets: 39.IP 40ip maddr add 01:00:5e:00:01:01 dev eth1 41.IP 42ip maddr add 01:00:5e:00:01:02 dev eth2 43.IP 44arptables \-A OUTPUT \-o eth1 \-\-h\-length 6 45\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01 46.IP 47arptables \-A INPUT \-i eth1 \-\-h-length 6 48\-\-destination-mac 01:00:5e:00:01:01 49\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 50.IP 51arptables \-A OUTPUT \-o eth2 \-\-h\-length 6 52\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02 53.IP 54arptables \-A INPUT \-i eth2 \-\-h\-length 6 55\-\-destination\-mac 01:00:5e:00:01:02 56\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 57.PP 58In the case of TCP connections, pickup facility has to be disabled 59to avoid marking TCP ACK packets coming in the reply direction as 60valid. 61.IP 62echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose 63