lvs(3) - nat和dr模型演示
阿新 • • 發佈:2018-07-19
nor ive director vsa face 請求 art gateway itl 一、lvs-nat
中lvs-nat模型圖.
1.1 環境信息
角色 | IP | 網關 | Service |
---|---|---|---|
director | vip(ens37): 172.29.2.69<br>dip(ens33): 192.168.123.100 | ens37: 172.29.2.1<br>ens33: 192.168.123.2 | lvs-nat |
Real-Server1 | rip: 192.168.123.101 | 192.168.123.100 | httpd |
Real-Server2 | rip: 192.168.123.102 | 192.168.123.100 | httpd |
NOTE: 需要打開核心轉發功能, “net.ipv4.ip_forward = 1”, 拓撲圖參考基礎概念
1.2 配置步驟
- director
$ yum install -y ipvsadm $ ipvsadm -A -t 172.29.2.60:80 -s rr $ ipvsadm -a -t 172.29.2.60:80 -r 192.168.123.101:80 -m $ ipvsadm -a -t 172.29.2.60:80 -r 192.168.123.102:80 -m $ ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.29.2.60:80 rr -> 192.168.123.101:80 Masq 1 0 0 -> 192.168.123.102:80 Masq 1 0 0
- Real-server1
$ yum install -y httpd
$ echo -e "<title>web1</title>\n<h1>webserver1</>\n" > /var/www/html/index.html
$ cat /var/www/html/index.html
<title>web1</title>
<h1>webserver1</>
$ systemctl start httpd
- Real-server2
$ yum install -y httpd $ echo -e "<title>web2</title>\n<h1>webserver2</h1>\n" > /var/www/html/index.html $ cat /var/www/html/index.html <title>web2</title> <h1>webserver2</h1> $ systemct start httpd
- 測試: 通過VIP進行訪問
$ curl http://172.29.2.60
<title>web2</title>
<h1>webserver2</h1>
$ curl http://172.29.2.60
<title>web1</title>
<h1>webserver1</>
也可以用瀏覽器進行訪問測試.
- 查看連接狀態
$ ipvsadm -lnc
二、lvs-dr
2.1 環境信息
角色 | IP | 網關 | service | 內核參數 |
---|---|---|---|---|
direcotr | vip(ens33:0): 192.168.123.110<br>dip(ens33): 192.168.123.100 | 192.168.123.2 | lvs-dr | \ |
Real-Server1 | vip(lo:0): 192.168.123.110<br>rip(ens33): 192.168.123.101 | 192.168.123.2 | httpd | arp_ignore = 1<br>arp_announce=2 |
Real-Server2 | vip(lo:0): 192.168.123.110<br>rip(ens33): 192.168.123.102 | 192.168.123.2 | httpd | arp_ignore = 1<br>arp_announce=2 |
- arp_ignore:
- 0: 響應任意網卡上接受到的對本機IP地址的arp請求(包括回環往卡上的地址), 而不管該目的IP是否在接收往卡上
- 1: 只響應目的IP地址為接收網卡上的本地地址的ARP請求
- 2: 只響應目的IP地址為接收網卡上的本地地址的ARP請求, 並且arp請求的源IP必須和接收網卡同網段
- 3: 如果arp請求數據包所請求的IP地址對應的本地地址其作用域(scope)為主機(host), 則不會因arp響應數據包, 如果作用域為全局(global)或鏈路(link), 則回應arp響應數據包
- 4~7: 保留未使用
- 8: 不回應所有的arp請求
- arp_announce:
- 允許使用任意網卡IP地址作為arp請求的源IP, 通常就是用數據包的源IP
- 盡量避免使用不屬於該發送網卡子網卡的本地地址作為發送arp請求的源IP地址
- 忽略IP數據包的源IP地址, 選擇該發送網卡上最合適的本地地址作為arp請求的源IP地址
2.2 配置步驟
- director
$ ifconfig ens33:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev ens33:0
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens33
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
192.168.123.110 0.0.0.0 255.255.255.255 UH 0 0 0 ens33
$ ipvsadm -A -t 192.168.123.110:80 -s rr
$ ipvsadm -a -t 192.168.123.110:80 -r 192.168.123.101 -g
$ ipvsadm -a -t 192.168.123.110:80 -r 192.168.123.102 -g
$ ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.123.110:80 rr
-> 192.168.123.101:80 Route 1 0 0
-> 192.168.123.102:80 Route 1 0 0
- Real-Server1
$ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
$ echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
$ echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
$ echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
$ ifconfig lo:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev lo:0
- Real-Server2
$ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
$ echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
$ echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
$ echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
$ ifconfig lo:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev lo:0
lvs(3) - nat和dr模型演示