一、配置DR模式---角色定義
DIP:192.168.8.233
VIP:192.168.6.66
Realserver1:192.168.6.42
Realserver2:192.168.6.46
ps:測試環境中的掩碼是255.255.240.0
二、配置VIP步驟
1、調度器配置
ifconfig eth0:0 192.168.6.66 broadcast 192.168.6.66 netmask 255.255.255.255
route add -host 192.168.6.66 dev eth0:0
2、realserver配置
ifconfig lo:0 192.168.6.66 broadcast 192.168.6.66 netmask 255.255.255.255 up
route add -host 192.168.6.66 dev lo:0
iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to :15080(端口轉發)
三、arp抑制(realserver配置)
echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p 生效
net.ipv4.ip_forward = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
四、調度器配置
1、安裝基礎軟件包
yum install gcc gcc-c++ bzip2 libssl-dev openssl libpopt-dev libnl-dev daemon net-tools bind-utils -y
2、安裝ipvsadm
yum install -y ipvsadm
3、配置規則
3.1、池子1
ipvsadm -At 192.168.6.66:80 -s wrr
ipvsadm -at 192.168.6.66:80 -r 192.168.6.42 -g -w 1
ipvsadm -at 192.168.6.66:80 -r 192.168.6.46 -g -w 1
3.2、池子2
ipvsadm -At 192.168.6.66:15080 -s wrr
ipvsadm -at 192.168.6.66:15080 -r 192.168.6.42:15080 -g -w 1
ipvsadm -at 192.168.6.66:15080 -r 192.168.6.46:15080 -g -w 1
4、規則查看
root@localhost:~
# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.6.66:80 wrr
-> 192.168.6.42:80 Route 1 0 0
-> 192.168.6.46:80 Route 1 0 0
TCP 192.168.6.66:15080 wrr
-> 192.168.6.42:15080 Route 1 0 0
-> 192.168.6.46:15080 Route 1 0 0
五、驗證
在瀏覽器中分別訪問 http://192.168.6.66:15080(池子1) http://192.168.6.66(池子2) 具體如下面截圖
池子1
池子2
服務端查看連接
root@localhost:~
# ipvsadm -lc
IPVS connection entries
pro expire state source virtual destination
TCP 00:25 FIN_WAIT 10.10.0.113:51326 192.168.6.66:http 192.168.6.46:http
TCP 00:21 FIN_WAIT 10.10.0.113:51320 192.168.6.66:http 192.168.6.46:http
TCP 01:54 FIN_WAIT 10.10.0.113:51360 192.168.6.66:15080 192.168.6.46:15080
TCP 00:24 FIN_WAIT 10.10.0.113:51324 192.168.6.66:http 192.168.6.46:http
TCP 01:55 FIN_WAIT 10.10.0.113:51361 192.168.6.66:15080 192.168.6.42:15080
TCP 00:26 FIN_WAIT 10.10.0.113:51325 192.168.6.66:http 192.168.6.42:http
TCP 14:56 ESTABLISHED 10.10.0.113:51363 192.168.6.66:15080 192.168.6.42:15080
TCP 00:28 FIN_WAIT 10.10.0.113:51329 192.168.6.66:http 192.168.6.46:http
TCP 00:27 FIN_WAIT 10.10.0.113:51327 192.168.6.66:http 192.168.6.42:http
TCP 00:21 FIN_WAIT 10.10.0.113:51319 192.168.6.66:http 192.168.6.42:http
TCP 00:28 FIN_WAIT 10.10.0.113:51331 192.168.6.66:http 192.168.6.42:http
TCP 00:29 FIN_WAIT 10.10.0.113:51333 192.168.6.66:http 192.168.6.46:http
六、總結
1、名詞解釋
調度器: Director、Load Balancer
後端主機: RealServer
RealServer 的IP: RIP
Director 的IP: DIP
客戶端:CIP
其工作流程的走向:CIP<-->CIP<-->DIP<-->RIP
2、DR模式工作流程
·用戶通過訪問其域名解析到其IP地址(VIP)
·用戶向目標VIP發送請求,這是Director接收到請求,此時源IP是用戶的IP地址,其目標MAC是Director的MAC地址
·LVS會根據其相關算法選擇一臺active的服務器,將此RIP所在網卡的MAC地址作爲目標的MAC地址,此時源MAC地址是Director的MAC地址,目標MAC地址是realserver的MAC地址
·realserver收到了數據包,並且分析數據包,如果發現目標IP地址(VIP)與本地的lo(環回接口)匹配,於是就會處理這個報文,廣播到LAN中,此時源MAC地址是realserver的MAC地址,目標IP地址是用戶的IP
·DR模式限定了主機必須在同一個物理網絡內。
·realserver必須綁定lo地址
3、ipvs常用命令參數
#man ipvsadm
ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]] [-M netmask]
-A: 添加、新建
-E:編輯
-t: 指定tcp協議
-u:指定UDP協議
-f:firewal mark
-s: 指定調度算法
ipvsadm -D -t|u|fservice-address
-D:刪除
ipvsadm -a|e -t|u|fservice-address -r server-address [-g|i|m] [-w weight] [-x upper] [-y lower]
-a:添加realserver
-r:指定realserver地址,一般ip+端口,只在端口映射的時候才指端口
-g:指定lvs默認的模型,dr模型
-i:tun模型
-m:nat模型
-w:定義權重
添加集羣
ipvsadm -a -t ip:80-r getwaryip -m
刪除ip
ipvsadm -d -t ip:80-r server-address
ipvsadm -d -t ip:80-r dip
保存規則
server ipvsadm save
默認路徑在/etc/sysconfig/ipvsadm
保存指定路徑
ipvsadm -S >/path/to/xxx.txt
ipvsadm -R >/path/to/xxx.txt
開啓轉發
sysctl -wnet.ipv4.ip_forward=1
統計數據
ipvsadm -L -n--stats