0:不作任何限制。將所有本機的ip地址都響應給對應請求。
1:當請求的ip就配置在本接口上時,才予以響應。換句話說,就是隻響應當前接口的ip地址。
0:不作任何限制。從任意接口通告所有ip地址。
1:儘可能避免通告非本接口上的ip。
2:只通知本接口的ip。非本接口的ip不予通告。
配置示例:
1)實驗環境
lvs負載調度器:eth0:172.16.16.173/24,VIP eth0:0 172.16.16.172
web服務器池:節點1-節點2:172.16.16.177-178/24
2)配置負載調度器
a.配置虛擬IP地址(VIP)
ifconfig eth0:0 172.16.16.172 broadcast 172.16.16.172 netmask 255.255.255.0 up #在eth0上配置並啓動VIP
route add -host 172.16.16.172 dev eth0:0 #特殊路由,當客戶端請求的ip爲vip時,則由eth0:0響應。
b.調整/proc響應參數
echo 1 > /proc/sys/net/ipv4/ip_forward #開啓路由轉發
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
send_redirects:icmp發送重定向。經查閱相關資料,開啓此選項有一定的危險性,容易被人僞造icmp重定向包發起***。若當前director並非充當路由或網關,建議關閉。默認爲開啓,0爲關閉。
c.配置負載分配策略
service ipvsadm stop
ipvsadm -A -t 172.16.16.172:80 -s wlc
ipvsadm -a -t 172.16.16.172:80 -r 172.16.16.177 -g -w 1
ipvsadm -a -t 172.16.16.172:80 -r 172.16.16.178 -g -w 1
service ipvsadm save
chkconfig ipvsadm on
3)配置節點服務器
a.配置虛擬IP地址
ifconfig lo:0 172.16.16.172 broadcast 172.16.16.172 netmask 255.255.255.255 up
/sbin/route add -host 172.16.16.172 dev lo:0
b.調整/proc響應參數
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/default/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/default/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
此幾項配置即是用於限制arp請求及arp通告
c.安裝httpd,進行測試。
可將整個lvs dr模型下的director和realserver上的配置寫成腳本,如下:
director啓動腳本:
#/bin/bash # #LVS for VS/DR . /etc/rc.d/init.d/functions # VIP=172.16.16.172 RIP1=172.16.16.177 RIP2=172.16.16.178 PORT=80 # case $1 in start) #clear all iptables policy /sbin/iptables -F /sbin/iptables -X /sbin/iptables -Z #configure VIP /sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask=255.255.255.0 /sbin/route add -host $VIP dev eth0:1 #enalbe ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects #clear all ipvsadm rules/services. /sbin/ipvsadm -C #Add an IP virtual service for VIP 172.16.16.172port 80 /sbin/ipvsadm -A -t $VIP:$PORT -s wlc /sbin/ipvsadm -a -t $VIP:$PORT -r $RIP1 -g -w 1 /sbin/ipvsadm -a -t $VIP:$PORT -r $RIP2 -g -w 1 /bin/touch /var/lock/subsys/ipvsadm > /dev/null ;; stop) #Reset ipvsadm /sbin/ipvsadm -C /sbin/ifconfig eth0:1 down /bin/rm -f /var/lock/subsys/ipvsadm > /dev/null ;; status) if [ ! -e /var/lock/subsys/ipvsadm ];then echo "ipvs is stopped..." else echo "ipvs is running..." /sbin/ipvsadm -L -n fi ;; *) echo "Usage: $0 {start|stop|status}" exit 1 ;; esac |
case $1 in start) #start LVS-DR on this real server machine. /sbin/ifconfig lo down /sbin/ifconfig lo up echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.0 up /sbin/route add -host $VIP dev lo:0 ;; stop) #stop LVS-DR on this real server machine. /sbin/ifconfig lo:0 down echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce ;; status) #Sstatus of LVS-DR real server. islothere=`/sbin/ifconfig lo:0 | grep $VIP` isrothere=`netstat -rn | grep "lo:0" | grep $VIP` if [ !"islothere" -o !"isrothere" ]; then echo "LVS-DR real server Stopped." else echo "LVS-DR real server Running" fi ;; *) # Invalid entry. echo "Usage: $0 (start|stop|status)" exit 1 ;; esac |