Symptoms

Provider accidently got lost iptables configuration on NG Web Cluster Load Balancer.

Table 'mangle' is used to mark network packets with number 100 (decimal value 0x64). Marked packets are routed by Load Balancer to Web-cluster member servers.

If iptables configuration gets lost Load Balancing does not work. Provider needs to restore iptables configuration.

Example of table mangle configuration:

# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp-data MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:servexec MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:ssh MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:http MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:webcache MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:hp-sci MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:9113 MARK set 0x64
MARK       tcp  --  anywhere            !10.39.94.41         state NEW tcp dpt:9114 MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpt:https MARK set 0x64
MARK       tcp  --  anywhere             anywhere            state NEW tcp dpts:60000:65535 MARK set 0x64

Resolution

Necessary iptables rules are created by POA during NG Load Balancer initial configuration. It is possible to restore necessary rules here: Infrastructure > Hardware Nodes > tab Web Clusters > <Web_Cluster_Name>

If provider presses 'Switch Load Balancer' and specifies IP-address of current Load Balancer POA performs reconfiguration of the Load Balancer including iptables reconfiguration.

Additional details about NG Web Cluster Load Balancer can be found in KB article #114327

Internal content