CLUSTERIP
Load-balancer Less Load Balancing
There's not a lot of information on CLUSTERIP on the Internet for some reason. It's an implementation of an older technique, made easier by an IPTables target extension.
- Flavio's Technotalk on CLUSTERIP [1] [2]
- "Load Sharing with IPtables and Linux-HA"
- Microsoft calls this technique "Network Load Balancing"
- LARTC has a longer explanation of the underlying mechanism in their article "How to do simple load-balancing with Linux without a single point of failure"
The way CLUSTERIP works is fairly simple.
- Every member of the cluster is attached to the same [broadcast domain];
- Every member of the cluster is configured with the same multicast MAC address;
- Each member of the cluster then filters out incoming packets they don't think they should handle:
- In an exclusive manner with respect to other nodes (i.e., no other member of the cluster will handle the packet);
- And in an inclusive manner with respect to packets (i.e., when all the nodes of the cluster are up every packet will get handled by a node); also
- Using the following criteria normally:
- Based on source IP; or
- Based on source IP and source port; or
- Based on source IP and source port and dest port
- If a node is down, another node can notice and assume responsibility for its share of the incoming packets
- Outgoing packets are sent with the source IP and MAC address of the cluster, but the destination IP of the target and destination MAC address of the next-hop router (gateway)
From the above description, the major weakness of CLUSTERIP is shown. Incoming packets are replicated N times (for every member of the cluster), thus CLUSTERIP (when used alone, other higher layer techniques can sometimes mitigate this) cannot be used to load-balance incoming traffic bandwidth effectively. Outgoing traffic is unaffected and will be split as evenly as the load-balancing scheme permits.