LVS DR 模式实现web负载均衡(iptables(DNAT)+lvs(DR) real server 使用内网ip)
http://blog.运维网.com/attachment/201310/182949854.png2.1.1-web基本配置
web1配置
# fdisk /dev/sdb
Command (m for help): n
Command action
eextended
pprimary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-130, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-130, default 130):
Using default value 130
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
# partx /dev/sdb
# mkdir /www/bbs -pv
# mkfs.ext4 /dev/sdb1
# e2label /dev/sdb1 web
# vim /etc/fstabhttp://blog.运维网.com/attachment/201310/182949506.png
# mount -a
# echo "web1" >/www/bbs/test.html
# vim /etc/httpd/conf/httpd.conf
http://blog.运维网.com/attachment/201310/182949967.png
# service httpd start
http://blog.运维网.com/attachment/201310/182949514.png
web2网络配置
http://blog.运维网.com/attachment/201310/182949826.png
# yum -y install httpd php php-mysql
# mkdir -pv /www/bbs
# echo "web2" >/www/bbs/test.html
# vim /etc/httpd/conf/httpd.conf
http://blog.运维网.com/attachment/201310/182950525.png
http://blog.运维网.com/attachment/201310/182950845.png
# service httpd start
# chkconfig httpd on
http://blog.运维网.com/attachment/201310/182950524.png
2.1.2-Director配置
ifconfig eth0:1 172.16.100.80 broadcast 172.16.100.80 netmask 255.255.255.255 up
route add -host 172.16.100.80 dev eth0:1
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -Z
ipvsadm -C
ipvsadm -A -t 172.16.100.80:80 -s wlc
ipvsadm -a -t 172.16.100.80:80 -r 172.16.100.81 -g -w 1
ipvsadm -a -t 172.16.100.80:80 -r 172.16.100.82 -g -w 1
2.1.3-Realserver配置
ifconfig lo down
ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
ifconfig lo:0 172.16.100.80 broadcast 172.16.100.80 netmask 255.255.255.255 up
route add -host 172.16.100.80 dev lo:0
2.1.4-集群服务测试
修改DNS
# sed -i 's/^\/80/' /var/named/innet.100.16.172.in-addr.arpa
# sed -i 's/\$/80/' /var/named/innet.sanyu.com.zone
# service named restart
http://blog.运维网.com/attachment/201310/182950707.png
集群服务内网测试
http://blog.运维网.com/attachment/201310/183034926.png
刷新后
http://blog.运维网.com/attachment/201310/182954853.png
http://blog.运维网.com/attachment/201310/182954716.png
集群服务公网测试
修改防火墙规则
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p tcp --dport 80 -j DNAT --to-destination 172.16.100.80
iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p tcp --dport 80 -j DNAT --to-destination 172.16.100.80
iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p tcp --dport 443 -j DNAT --to-destination 172.16.100.43:443
iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p tcp --dport 443 -j DNAT --to-destination 172.16.100.43:443
iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p tcp --dport 53 -j DNAT --to-destination 172.16.100.53
iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p tcp --dport 53 -j DNAT --to-destination 172.16.100.53
iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p udp --dport 53 -j DNAT --to-destination 172.16.100.53
iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p udp --dport 53 -j DNAT --to-destination 172.16.100.53
guest1网络配置
http://blog.运维网.com/attachment/201310/182954824.png
guest2网络配置
http://blog.运维网.com/attachment/201310/182954936.png
注意:网关未指向R1
测试结果
http://blog.运维网.com/attachment/201310/182954997.png
脚本:
#!/bin/bash
#
# LVS script for VS/DR
#
. /etc/rc.d/init.d/functions
#
VIP=172.16.100.80
RIP1=172.16.100.81
RIP2=172.16.100.82
PORT=80
#
case "$1" in
start)
/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev eth0:1
# Since this is the Director we must be able to forward packets
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clear all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
# Add an IP virtual service for VIP 192.168.0.219 port 80
# In this recipe, we will use the round-robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm -A -t $VIP:80 -s wlc
# Now direct packets for this VIP to
# the real server IP (RIP) inside the cluster
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g -w 1
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g -w 2
/bin/touch /var/lock/subsys/ipvsadm &> /dev/null
;;
stop)
# Stop forwarding packets
echo 0 > /proc/sys/net/ipv4/ip_forward
# Reset ipvsadm
/sbin/ipvsadm -C
# Bring down the VIP interface
/sbin/ifconfig eth0:1 down
/sbin/route del $VIP
/bin/rm -f /var/lock/subsys/ipvsadm
echo "ipvs is stopped..."
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ]; then
echo "ipvsadm is stopped ..."
else
echo "ipvs is running ..."
ipvsadm -L -n
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
;;
esac
页:
[1]