Operation of nftables on cluster nodes

nftables is a Linux kernel subsystem for filtering and classifying network packets, datagrams and frames. nftables is used on cluster nodes with AlmaLinux 8 and Ubuntu 20.04 operating systems.

VMmanager creates its own nftables configuration when working with a cluster node. Changing the system configuration of nftables will not affect the operation of the platform.

Main configuration files:

• /etc/sysconfig/nftables.conf — nftables system config file;
• /etc/nftables/vmmgr.nft — nftables config file for VMmanager;
• /etc/nftables/vm_list.nft — general nftables config file for virtual machines (VMs);
• /etc/nftables/vm/<id_VM name>.nft — nftables rules for a specific VM;
• /etc/nftables/sets/dc_ips.nft — list of networks with internal traffic. The traffic of these networks is not taken into account by the connected billing systems. Used only in clusters with IP-fabric network configuration type.

The relationship between the config files is shown in the diagram. Arrows indicate the inclusion of one file in another through the include operator.

Relationship between configuration files

Useful tips

Related topics:

• Cluster network configurations
• Creating a cluster
• IP fabric