lvs(3)
一、lvs-nat1.1 环境信息
角色
IP
网关
Service
director
vip(ens37): 172.29.2.69dip(ens33): 192.168.123.100
ens37: 172.29.2.1ens33: 192.168.123.2
lvs-nat
Real-Server1
rip: 192.168.123.101
192.168.123.100
httpd
Real-Server2
rip: 192.168.123.102
192.168.123.100
httpd
NOTE: 需要打开核心转发功能, “net.ipv4.ip_forward = 1”, 拓扑图参考基础概念中lvs-nat模型图.
1.2 配置步骤
[*]director
$ yum install -y ipvsadm
$ ipvsadm -A -t 172.29.2.60:80 -s rr
$ ipvsadm -a -t 172.29.2.60:80 -r 192.168.123.101:80 -m
$ ipvsadm -a -t 172.29.2.60:80 -r 192.168.123.102:80 -m
$ ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP172.29.2.60:80 rr
-> 192.168.123.101:80 Masq 1 0 0
-> 192.168.123.102:80 Masq 1 0 0
[*]Real-server1
$ yum install -y httpd
$ echo -e "web1\nwebserver1\n" > /var/www/html/index.html
$ cat /var/www/html/index.html
web1
webserver1
$ systemctl start httpd
[*]Real-server2
$ yum install -y httpd
$ echo -e "web2\nwebserver2\n" > /var/www/html/index.html
$ cat /var/www/html/index.html
web2
webserver2
$ systemct start httpd
[*]测试: 通过VIP进行访问
$ curl http://172.29.2.60
web2
webserver2
$ curl http://172.29.2.60
web1
webserver1
也可以用浏览器进行访问测试.
[*]查看连接状态
$ ipvsadm -lnc
二、lvs-dr
2.1 环境信息
角色
IP
网关
service
内核参数
direcotr
vip(ens33:0): 192.168.123.110dip(ens33): 192.168.123.100
192.168.123.2
lvs-dr
\
Real-Server1
vip(lo:0): 192.168.123.110rip(ens33): 192.168.123.101
192.168.123.2
httpd
arp_ignore = 1arp_announce=2
Real-Server2
vip(lo:0): 192.168.123.110rip(ens33): 192.168.123.102
192.168.123.2
httpd
arp_ignore = 1arp_announce=2
[*]arp_ignore:
[*]0: 响应任意网卡上接受到的对本机IP地址的arp请求(包括回环往卡上的地址), 而不管该目的IP是否在接收往卡上
[*]1: 只响应目的IP地址为接收网卡上的本地地址的ARP请求
[*]2: 只响应目的IP地址为接收网卡上的本地地址的ARP请求, 并且arp请求的源IP必须和接收网卡同网段
[*]3: 如果arp请求数据包所请求的IP地址对应的本地地址其作用域(scope)为主机(host), 则不会因arp响应数据包, 如果作用域为全局(global)或链路(link), 则回应arp响应数据包
[*]4~7: 保留未使用
[*]8: 不回应所有的arp请求
[*]arp_announce:
[*]允许使用任意网卡IP地址作为arp请求的源IP, 通常就是用数据包的源IP
[*]尽量避免使用不属于该发送网卡子网卡的本地地址作为发送arp请求的源IP地址
[*]忽略IP数据包的源IP地址, 选择该发送网卡上最合适的本地地址作为arp请求的源IP地址
2.2 配置步骤
[*]director
$ ifconfig ens33:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev ens33:0
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens33
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
192.168.123.110 0.0.0.0 255.255.255.255 UH 0 0 0 ens33
$ ipvsadm -A -t 192.168.123.110:80 -s rr
$ ipvsadm -a -t 192.168.123.110:80 -r 192.168.123.101 -g
$ ipvsadm -a -t 192.168.123.110:80 -r 192.168.123.102 -g
$ ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP192.168.123.110:80 rr
-> 192.168.123.101:80 Route 1 0 0
-> 192.168.123.102:80 Route 1 0 0
[*]Real-Server1
$ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
$ echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
$ echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
$ echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
$ ifconfig lo:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev lo:0
[*]Real-Server2
$ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
$ echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
$ echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
$ echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
$ ifconfig lo:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev lo:0
页:
[1]