一、lvs-nat
1.1 环境信息
| 角色 | IP | 网关 | Service |
|---|---|---|---|
| director | vip(ens37): 172.29.2.69<br>dip(ens33): 192.168.123.100 | ens37: 172.29.2.1<br>ens33: 192.168.123.2 | lvs-nat |
| Real-Server1 | rip: 192.168.123.101 | 192.168.123.100 | httpd |
| Real-Server2 | rip: 192.168.123.102 | 192.168.123.100 | httpd |
NOTE: 需要打开核心转发功能, “net.ipv4.ip_forward = 1”, 拓扑图参考基础概念中lvs-nat模型图.
1.2 配置步骤
- director
$ yum install -y ipvsadm
$ ipvsadm -A -t 172.29.2.60:80 -s rr
$ ipvsadm -a -t 172.29.2.60:80 -r 192.168.123.101:80 -m
$ ipvsadm -a -t 172.29.2.60:80 -r 192.168.123.102:80 -m
$ ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.29.2.60:80 rr
-> 192.168.123.101:80 Masq 1 0 0
-> 192.168.123.102:80 Masq 1 0 0 - Real-server1
$ yum install -y httpd
$ echo -e "<title>web1</title>\n<h1>webserver1</>\n" > /var/www/html/index.html
$ cat /var/www/html/index.html
<title>web1</title>
<h1>webserver1</>
$ systemctl start httpd- Real-server2
$ yum install -y httpd
$ echo -e "<title>web2</title>\n<h1>webserver2</h1>\n" > /var/www/html/index.html
$ cat /var/www/html/index.html
<title>web2</title>
<h1>webserver2</h1>
$ systemct start httpd- 测试: 通过VIP进行访问
$ curl http://172.29.2.60
<title>web2</title>
<h1>webserver2</h1>
$ curl http://172.29.2.60
<title>web1</title>
<h1>webserver1</>也可以用浏览器进行访问测试.
- 查看连接状态
$ ipvsadm -lnc二、lvs-dr
2.1 环境信息
| 角色 | IP | 网关 | service | 内核参数 |
|---|---|---|---|---|
| direcotr | vip(ens33:0): 192.168.123.110<br>dip(ens33): 192.168.123.100 | 192.168.123.2 | lvs-dr | \ |
| Real-Server1 | vip(lo:0): 192.168.123.110<br>rip(ens33): 192.168.123.101 | 192.168.123.2 | httpd | arp_ignore = 1<br>arp_announce=2 |
| Real-Server2 | vip(lo:0): 192.168.123.110<br>rip(ens33): 192.168.123.102 | 192.168.123.2 | httpd | arp_ignore = 1<br>arp_announce=2 |
- arp_ignore:
- 0: 响应任意网卡上接受到的对本机IP地址的arp请求(包括回环往卡上的地址), 而不管该目的IP是否在接收往卡上
- 1: 只响应目的IP地址为接收网卡上的本地地址的ARP请求
- 2: 只响应目的IP地址为接收网卡上的本地地址的ARP请求, 并且arp请求的源IP必须和接收网卡同网段
- 3: 如果arp请求数据包所请求的IP地址对应的本地地址其作用域(scope)为主机(host), 则不会因arp响应数据包, 如果作用域为全局(global)或链路(link), 则回应arp响应数据包
- 4~7: 保留未使用
- 8: 不回应所有的arp请求
- arp_announce:
- 允许使用任意网卡IP地址作为arp请求的源IP, 通常就是用数据包的源IP
- 尽量避免使用不属于该发送网卡子网卡的本地地址作为发送arp请求的源IP地址
- 忽略IP数据包的源IP地址, 选择该发送网卡上最合适的本地地址作为arp请求的源IP地址
2.2 配置步骤
- director
$ ifconfig ens33:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev ens33:0
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens33
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
192.168.123.110 0.0.0.0 255.255.255.255 UH 0 0 0 ens33
$ ipvsadm -A -t 192.168.123.110:80 -s rr
$ ipvsadm -a -t 192.168.123.110:80 -r 192.168.123.101 -g
$ ipvsadm -a -t 192.168.123.110:80 -r 192.168.123.102 -g
$ ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.123.110:80 rr
-> 192.168.123.101:80 Route 1 0 0
-> 192.168.123.102:80 Route 1 0 0 - Real-Server1
$ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
$ echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
$ echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
$ echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
$ ifconfig lo:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev lo:0- Real-Server2
$ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
$ echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
$ echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
$ echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
$ ifconfig lo:0 192.168.123.110/32 broadcast 192.168.123.110 up
$ route add -host 192.168.123.110 dev lo:0