負載均衡叢集LVS-NAT模型
LVS/NAT
LVS-NAT基於cisco的LocalDirector。VS/NAT不需要在RealServer上做任何設定,其只要能提供一個tcp/ip的協議棧即可,甚至其無論基於什麼OS。基於VS/NAT,所有的入站資料包均由Director進行目標地址轉換後轉發至內部的RealServer,RealServer響應的資料包再由Director轉換源地址後發回客戶端。
LVS/NAT模式不能與netfilter相容,因此,不能將LVS/NAT模式的Director執行在netfilter的保護範圍之中。現在已經有補丁可以解決此問題,但尚未被整合進ip_vs code。
實驗模型
實驗平臺:
1、本次實驗在虛擬機器vm上完成,使用系統為RHEL 5.8,
2、在director主機上,eth0網絡卡使用橋接模式,eth1網絡卡使用僅主機模式;real server全部使用僅主機模式。
實驗步驟如下:
這裡以web服務為例
1、director配置如下:
##開啟路由轉發功能
#echo 1 > /proc/sys/net/ipv4/ip_forward
# ifconfig eth0 172.16.1.1/24 up
# ifconfig eth1 192.168.0.1/24 up
##新增規則
#ipvsadm -A -t 172.16.1.1:80 -s rr
#ipvsadm -a -t 172.16.1.1:80 -r 192.168.0.100 -m -w 1
#ipvsadm -a -t 172.16.1.1:80 -r 192.168.0.200 -m -w 1
2、real server1配置如下:
#ifconfig eth0 192.168.0.100/24 up
#route add default gw 192.168.0.1 dev eth0
3、real server2配置如下:
#ifconfig eth0 192.168.0.200/24 up
#route add default gw 192.168.0.1 dev eth0
LVS/NAT服務控制指令碼如下:
#!/bin/bash
#
# chkconfig: - 88 12
# description: LVS script for VS/NAT
#
. /etc/rc.d/init.d/functions
#
VIP=172.16.1.1
DIP=192.168.0.1
RIP1=192.168.0.100
RIP2=192.168.0.200
#
case "$1" in
start)
/sbin/ifconfig eth0 $VIP netmask 255.255.255.0 up
/sbin/ifconfig eth1$DIP netmask 255.255.255.0 up
# Since this is the Director we must be able to forward packets
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clear all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
# Add an IP virtual service for VIP 192.168.0.219 port 80
# In this recipe, we will use the round-robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm -A -t $VIP:80 -s rr
# Now direct packets for this VIP to
# the real server IP (RIP) inside the cluster
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -m
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -m
/bin/touch /var/lock/subsys/ipvsadm.lock
;;
stop)
# Stop forwarding packets
echo 0 > /proc/sys/net/ipv4/ip_forward
# Reset ipvsadm
/sbin/ipvsadm -C
# Bring down the VIP interface
ifconfig eth0 down
rm -rf /var/lock/subsys/ipvsadm.lock
;;
status)
[ -e /var/lock/subsys/ipvsadm.lock ] && echo "ipvs is running..." || echo "ipvsadm is stopped..."
;;
*)
echo "Usage: $0 {start|stop}"
;;
esac
轉載於:https://blog.51cto.com/xslwahaha/1591976