Article ID: 121835, created on May 30, 2014, last review on May 30, 2014

  • Applies to:
  • Operations Automation 5.5

Symptoms

Provider accidently got lost iptables configuration on NG Web Cluster Load Balancer.

Table 'mangle' is used to mark network packets with number 100 (decimal value 0x64). Marked packets are routed by Load Balancer to Web-cluster member servers.

If iptables configuration gets lost Load Balancing does not work. Provider needs to restore iptables configuration.

Example of table mangle configuration:

# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp-data MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:servexec MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:ssh MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:http MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:webcache MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:hp-sci MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:9113 MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:9114 MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:https MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpts:60000:65535 MARK set 0x64

Resolution

Necessary iptables rules are created by POA during NG Load Balancer initial configuration. It is possible to restore necessary rules here: Infrastructure > Hardware Nodes > tab Web Clusters > <Web_Cluster_Name>

If provider presses 'Switch Load Balancer' and specifies IP-address of current Load Balancer POA performs reconfiguration of the Load Balancer including iptables reconfiguration.

Additional details about NG Web Cluster Load Balancer can be found in KB article #114327

5b048d9bddf8048a00aba7e0bdadef37 caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF