CLUSTERIP

Load-balancer Less Load Balancing

There's not a lot of information on CLUSTERIP on the Internet for some reason. It's an implementation of an older technique, made easier by an IPTables target extension.


The way CLUSTERIP works is fairly simple.

  1. Every member of the cluster is attached to the same [broadcast domain];
  2. Every member of the cluster is configured with the same multicast MAC address;
  3. Each member of the cluster then filters out incoming packets they don't think they should handle:
    1. In an exclusive manner with respect to other nodes (i.e., no other member of the cluster will handle the packet);
    2. And in an inclusive manner with respect to packets (i.e., when all the nodes of the cluster are up every packet will get handled by a node); also
    3. Using the following criteria normally:
      1. Based on source IP; or
      2. Based on source IP and source port; or
      3. Based on source IP and source port and dest port
    4. If a node is down, another node can notice and assume responsibility for its share of the incoming packets
  4. Outgoing packets are sent with the source IP and MAC address of the cluster, but the destination IP of the target and destination MAC address of the next-hop router (gateway)

From the above description, the major weakness of CLUSTERIP is shown. Incoming packets are replicated N times (for every member of the cluster), thus CLUSTERIP (when used alone, other higher layer techniques can sometimes mitigate this) cannot be used to load-balance incoming traffic bandwidth effectively. Outgoing traffic is unaffected and will be split as evenly as the load-balancing scheme permits.