应用
| IP地址
| 网关
| Vip
| 公网地址
| Virtual IP
|
|
| 10.0.1.100
| 119.188.13x.x(网通nat)
218.98.3x.20x(电信nat)
| Lvs(master)
| 10.0.1.101 eth0
| 10.0.1.254
|
|
| Lv(slave)
| 10.0.1.102 eth0
| 10.0.1.254
|
|
| Real-server
| 10.0.1.103 eth0
| 10.0.1.254
| 10.0.1.100 lo:0
|
| Real-server
| 10.0.1.104 eth0
| 10.0.1.254
| 10.0.1.100 lo:0
|
|
|
|
|
|
| Virtual IP
|
|
| 10.0.1.200
| 119.188.13x.4(网通nat)
218.98.3x.201(电信nat)
| Real-server
| 10.0.1.105 eth0
| 10.0.1.254
| 10.0.1.200 lo:0
|
| Real-server
| 10.0.1.106 eth0
| 10.0.1.254
| 10.0.1.200 lo:0
|
|
1、安装LVS
rpm -ivh ipvsadm-1.24-13.el5.x86_64
2、ipvsadm检查安装
3、lsmod |grep ip_vs检查是否加装ip_vs模块
4、realserver真实节点服务器配置(103、104配置相同)
vi/etc/init.d/lvsrsdr
#!/bin/bash
#description : start realserver DR
VIP=10.0.1.100
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo "start LVS of RealServer DR"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
;;
Stop)
/sbin/ifconfig lo:0 down
echo "close LVS of RealServer DR"
echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 {start|stop}"
exit 1
esac
脚本可执行模式
chmod +x /etc/init.d/lvsrsdr
启动脚本(以服务方式启动)
service lvsrsdr start
5、realserver真实节点服务器配置(105、106配置相同不同于103、104vip地址不同)
vi/etc/init.d/lvsrsdr
#!/bin/bash
#description : start realserver DR
VIP=10.0.1.200
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo "start LVS of RealServer DR"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
;;
Stop)
/sbin/ifconfig lo:0 down
echo "close LVS of RealServer DR"
echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 {start|stop}"
exit 1
esac
LVS高可用配置
1、下载安装(Master和Backup都必须安装Keepalive)
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
tar zxvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure
make
make install
2、将Keepalived以服务启动(Master和Backup同时配置)
cp /usr/local/etc/rc.d/init.d/keepalived/etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived/etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf/etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
chkconfig --add keepalived
service keepalived start|stop
3、配置MASTER
cp /etc/keepalived/keepalived.conf/etc/keepalived/keepalived.conf.bak
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.1.100
10.0.1.200
}
}
virtual_server 10.0.1.100 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server10.0.1.103 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server10.0.1.104 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.0.1.200 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server10.0.1.105 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server10.0.1.106 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
3、配置BACKUP
vrrp_instance VI_1 {
state BACKUP
interfaceeth0
virtual_router_id 51
priority 99
总结:
一个公网IP映射给内部vip(既vip和web集群为一个网段),VS/DR 通过改写请求报文的MAC地址(改为选出服务器的MAC地址),再将修改后的数据帧发送给选出的web服务器。因为数据帧的MAC地址是选出的服务器,所以服务器肯定可以收到这个数据帧,从中可以获得该IP报文。当服务器发现报文的目标地址VIP是在本地的网络设备上(lo:0口),服务器处理这个报文,然后根据路由表将响应报文直接返回给客户,既应用服务器执行相应操作后,通过lo:0口(也就是vip的地址已经通过nat可出访外网),将结果返回给客户,这也就是为什么整个的架构中,仅需vip有公网IP,然后通过防火墙将公网IP做映射到私网vip即可.
客户端抓包:
客户端IP在通信过程一直是vip(实际是vip中的一台realserver!),所以这台realserver依旧通过vip的地址将请求转给客户端!如果vip是公网IP,那realserver也会通过这个公网IP将请求发给客户!
tcpdump -i eth0 tcp port 80
tcpdump |grep http
web服务器抓包:
客户端IP一直与vip通信,realserver也是将自己当成vip来处理数据。
DR模式,注意DR模式不支持端口重定向,VIP监听的port必须与rs服务监听的port一致
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2018-12-30 13:30:00
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡