概念
- Service可以看作是一組提供相同服務的Pod對外的訪問接口。藉助Service,應
用可以方便地實現服務發現和負載均衡。 - service默認只支持4層負載均衡能力,沒有7層功能。(可以通過Ingress實現)
- service的類型:
- ClusterIP:默認值,k8s系統給service自動分配的虛擬IP,只能在集羣內部訪問。
- NodePort:將Service通過指定的Node上的端口暴露給外部,訪問任意一個
NodeIP:nodePort都將路由到ClusterIP。 - LoadBalancer:在 NodePort 的基礎上,藉助 cloud provider 創建一個外部的負
載均衡器,並將請求轉發到 :NodePort,此模式只能在雲服務器上使用。 - ExternalName:將服務通過 DNS CNAME 記錄方式轉發到指定的域名(通過
spec.externlName 設定)。
我們不設置service的類型時,默認爲clusterIP類型;
service
ClusterIP
[root@server2 manifest]# cat service.yml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports: //這裏並沒有指定service類型
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
[root@server2 manifest]# kubectl apply -f service.yml
kuservice/myservice created
[root@server2 manifest]# kubectl describe svc myservice
Name: myservice
Namespace: default
Labels: <none>
Annotations: Selector: app=myapp
Type: ClusterIP //默認clusterIP類型
NodePort
[root@server2 manifest]# kubectl apply -f pod2.yml
deployment.apps/deployment-example created
[root@server2 manifest]# kubectl describe svc myservice
Name: myservice
Namespace: default
Labels: <none>
Annotations: Selector: app=myapp
Type: ClusterIP
IP: 10.108.247.199
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.83:80,10.244.2.58:80 //加進去了
Session Affinity: None
Events: <none>
[root@server2 manifest]# kubectl edit svc myservice //編輯svc
app: myapp
sessionAffinity: None
type: NodePOrt //這裏原本是ClusterIP
[root@server2 manifest]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8d
myservice NodePort 10.108.247.199 <none> 80:31972/TCP 5m44s //31972端口打開
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deployment-example-5c9fb4c54c-jrb88 1/1 Running 0 2m24s 10.244.1.83 server3 <none> <none>
deployment-example-5c9fb4c54c-q95v6 1/1 Running 0 2m24s 10.244.2.58 server4 <none> <none>
//在server3和4上查看端口
[root@server3 ~]# netstat -tnlp|grep 31972
tcp 0 0 0.0.0.0:31972 0.0.0.0:* LISTEN 4020/kube-proxy
[root@server4 ~]# netstat -tnlp|grep 31972
tcp 0 0 0.0.0.0:31972 0.0.0.0:* LISTEN 4020/kube-proxy
都打開了我們就可以去集羣外部訪問了。
ipvs模式的service
- Service 是由 kube-proxy 組件,加上 iptables 來共同實現的.
- kube-proxy 通過 iptables 處理 Service 的過程,需要在宿主機上設置相當多的
iptables 規則,如果宿主機有大量的Pod,不斷刷新iptables規則,會消耗大量的
CPU資源。
[root@server3 ~]# iptables -t nat -nL
service在各個結點上運用了大量的nat規則。ipvs模式的service可以讓k8s支持更大量級的pod。
開啓kube-proxy的ipvs模式:
[root@server2 manifest]# yum install -y ipvsadm
[root@server3 ~]# yum install -y ipvsadm
[root@server4 ~]# yum install -y ipvsadm
//所有結點安裝ipvsadm
[root@server2 manifest]# lsmod |grep ip_vs
ip_vs_sh 12688 0
ip_vs_wrr 12697 0
ip_vs_rr 12600 0
ip_vs 145497 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack 133095 9 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack
修改ipvs的模式
[root@server2 manifest]# kubectl edit cm kube-proxy -n kube-system
mode: "ipvs" //指定使用ipvs模式
[root@server2 manifest]# kubectl get pod -n kube-system |grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'
pod "kube-proxy-7kn82" deleted
pod "kube-proxy-hww5t" deleted
pod "kube-proxy-wn4h8" deleted
//更新kube-proxy pod,刪除後回進行重啓策略。加載更改內容。
[root@server2 manifest]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.96.0.1:443 rr
-> 172.25.254.2:6443 Masq 1 0 0
TCP 10.96.0.10:53 rr
-> 10.244.0.11:53 Masq 1 0 0
-> 10.244.0.12:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr
-> 10.244.0.11:9153 Masq 1 0 0
-> 10.244.0.12:9153 Masq 1 0 0
TCP 10.103.6.176:80 rr
-> 10.244.1.83:80 Masq 1 0 0
-> 10.244.2.58:80 Masq 1 0 0
UDP 10.96.0.10:53 rr
-> 10.244.0.11:53 Masq 1 0 0
-> 10.244.0.12:53 Masq 1 0 0
//kube-proxy通過linux的IPVS模塊,以rr輪詢方式調度service中的Pod。
IPVS模式下,kube-proxy會在service創建後,在宿主機上添加一個虛擬網卡:
kube-ipvs0,並分配service IP:
[root@server2 manifest]# kubectl apply -f service.yml
service/myservice created
[root@server2 manifest]# ip a
9: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether b2:df:38:0a:cb:02 brd ff:ff:ff:ff:ff:ff
inet 10.96.0.10/32 brd 10.96.0.10 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.96.0.1/32 brd 10.96.0.1 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet `10.103.6.176/32` brd 10.103.6.176 scope global kube-ipvs0
valid_lft forever preferred_lft forever
[root@server2 manifest]# kubectl describe svc myservice
Name: myservice
Namespace: default
Labels: <none>
Annotations: Selector: app=myapp
Type: ClusterIP
IP: `10.103.6.176`
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.83:80,10.244.2.58:80
Session Affinity: None
Events: <none>
並且每個結點上都有。我們就可以實現負載均衡了。
[root@server2 manifest]# kubectl run demo --image=busyboxplus -it --restart=Never
If you don't see a command prompt, try pressing enter.
/ # curl 10.103.6.176:80
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
/ # curl 10.103.6.176:80/hostname.html
deployment-example-5c9fb4c54c-q95v6
/ # curl 10.103.6.176:80/hostname.html
deployment-example-5c9fb4c54c-jrb88
/ # curl 10.103.6.176:80/hostname.html
deployment-example-5c9fb4c54c-q95v6
/ # curl 10.103.6.176:80/hostname.html
deployment-example-5c9fb4c54c-jrb88
[root@server4 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.96.0.1:443 rr
-> 172.25.254.2:6443 Masq 1 0 0
TCP 10.96.0.10:53 rr
-> 10.244.0.11:53 Masq 1 0 0
-> 10.244.0.12:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr
-> 10.244.0.11:9153 Masq 1 0 0
-> 10.244.0.12:9153 Masq 1 0 0
TCP 10.103.6.176:80 rr
-> 10.244.1.83:80 Masq 1 0 3
-> 10.244.2.58:80 Masq 1 0 3 //這裏
UDP 10.96.0.10:53 rr
-> 10.244.0.11:53 Masq 1 0 0
-> 10.244.0.12:53 Masq 1 0 0
擴容:
[root@server2 manifest]# vim pod2.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-example
spec:
replicas: 4 //改成4個
[root@server2 manifest]# kubectl apply -f pod2.yml
deployment.apps/deployment-example configured
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deployment-example-5c9fb4c54c-jrb88 1/1 Running 0 125m 10.244.1.83 server3 <none> <none>
deployment-example-5c9fb4c54c-pwjv5 1/1 Running 0 9s 10.244.2.63 server4 <none> <none>
deployment-example-5c9fb4c54c-q95v6 1/1 Running 0 125m 10.244.2.58 server4 <none> <none>
deployment-example-5c9fb4c54c-zkj2h 1/1 Running 0 8s 10.244.1.87 server3 <none> <none>
[root@server4 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.96.0.1:443 rr
-> 172.25.254.2:6443 Masq 1 0 0
TCP 10.96.0.10:53 rr
-> 10.244.0.11:53 Masq 1 0 0
-> 10.244.0.12:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr
-> 10.244.0.11:9153 Masq 1 0 0
-> 10.244.0.12:9153 Masq 1 0 0
TCP 10.103.6.176:80 rr
-> 10.244.1.83:80 Masq 1 0 0
-> 10.244.1.87:80 Masq 1 0 0
-> 10.244.2.58:80 Masq 1 0 0
-> 10.244.2.63:80 Masq 1 0 0 //生效了
UDP 10.96.0.10:53 rr
-> 10.244.0.11:53 Masq 1 0 0
-> 10.244.0.12:53 Masq 1 0 0
這樣來看比iptables確實簡潔清爽的多。
Kubernetes 提供了一個 DNS 插件 Service:
[root@server2 manifest]# kubectl describe svc myservice
Name: myservice
Namespace: default
Labels: <none>
Annotations: Selector: app=myapp
Type: ClusterIP
IP: 10.103.6.176
[root@server2 manifest]# kubectl run demo --image=busyboxplus -it --restart=Never
/ # nslookup myservice.default.svc.cluster.local
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: myservice.default.svc.cluster.local
Address 1: 10.103.6.176 myservice.default.svc.cluster.local
// 會解析到service的ip
[root@server4 ~]# ipvsadm -ln
...
TCP 10.103.6.176:80 rr
-> 10.244.1.83:80 Masq 1 0 0
-> 10.244.1.87:80 Masq 1 0 0
-> 10.244.2.58:80 Masq 1 0 0
-> 10.244.2.63:80 Masq 1 0 0
回收重啓:
[root@server2 manifest]# kubectl delete -f service.yml
service "myservice" deleted
[root@server2 manifest]# kubectl apply -f service.yml
service/myservice created
[root@server2 manifest]# kubectl describe svc myservice
Name: myservice
Namespace: default
Labels: <none>
Annotations: Selector: app=myapp
Type: ClusterIP
IP: 10.109.129.13 //地址改變
[root@server4 ~]# ipvsadm -ln
TCP 10.109.129.13:80 rr
-> 10.244.1.83:80 Masq 1 0 0
-> 10.244.1.87:80 Masq 1 0 0
-> 10.244.2.58:80 Masq 1 0 0
-> 10.244.2.63:80 Masq 1 0 0
結點上也會進行更新,整個集羣都會變化。
[root@server2 manifest]# kubectl run demo --image=busyboxplus -it --restart=Never
If you don't see a command prompt, try pressing enter.
/ # nslookup myservice.default.svc.cluster.local
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: myservice.default.svc.cluster.local
Address 1: 10.109.129.13 myservice.default.svc.cluster.local //解析也變了
/ # curl myservice.default.svc.cluster.local //我們也可以直接使用域名進行訪問
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
/ # curl myservice.default.svc.cluster.local/hostname.html
deployment-example-5c9fb4c54c-zkj2h
/ # curl myservice.default.svc.cluster.local/hostname.html
deployment-example-5c9fb4c54c-jrb88
/ # curl myservice.default.svc.cluster.local/hostname.html
deployment-example-5c9fb4c54c-pwjv5
/ # curl myservice.default.svc.cluster.local/hostname.html
deployment-example-5c9fb4c54c-q95v6 //負載均衡
這樣的話vip改變我們也不用去改變了,直接訪問域名就可以自動解析,獲取服務了。
簡化:
/ # curl myservice
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
/ # curl myservice
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
/ # nslookup myservice
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: myservice
Address 1: 10.109.129.13 myservice.default.svc.cluster.local //默認會解析到後面
/ # curl myservice/hostname.html
deployment-example-5c9fb4c54c-pwjv5
/ # curl myservice/hostname.html
deployment-example-5c9fb4c54c-q95v6
/ # curl myservice/hostname.html
deployment-example-5c9fb4c54c-zkj2h
/ # curl myservice/hostname.html
deployment-example-5c9fb4c54c-jrb88
直接這樣訪問就行了。
我們還可以使用nodeport的模式:
[root@server2 manifest]# kubectl edit svc myservice
type: NodePort
[root@server2 manifest]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d
myservice NodePort 10.109.129.13 <none> 80:31635/TCP 17h /暴露端口
[root@server3 ~]# ipvsadm -ln |grep 31635
TCP 10.244.1.0:31635 rr
TCP 127.0.0.1:31635 rr
TCP 172.17.0.1:31635 rr
TCP 172.25.254.3:31635 rr
TCP 10.244.1.1:31635 rr
/ 其它的結點上也暴露了端口,我們可以在集羣外部進行訪問了。
root@rhel7host ~]# curl 172.25.254.3:31635/hostname.html
deployment-example-5c9fb4c54c-srkz9
[root@rhel7host ~]# curl 172.25.254.3:31635/hostname.html
deployment-example-5c9fb4c54c-kpwwm
[root@rhel7host ~]# curl 172.25.254.3:31635/hostname.html
deployment-example-5c9fb4c54c-ljsjf
service的"無頭服務"
- Headless Service “無頭服務”
Headless Service不需要分配一個VIP,而是直接以DNS記錄的方式解析出被代理
Pod的IP地址。 - 域名格式:(namespace).svc.cluster.local
我們最好安裝bing-utils工具:
bind是linux系統下的一個DNS服務程序.bind-utils是bind軟件提供的一組DNS工具包,
裏面有一些DNS相關的工具.主要有:dig,host,nslookup,nsupdate.使用這些工具可以
進行域名解析和DNS調試工作.
[root@server2 manifest]# yum install bind-utils -y
然後我們就可以使用dig命令:
[root@server2 manifest]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d
myservice NodePort 10.109.129.13 <none> 80:31635/TCP 17h /myservice地址
[root@server2 manifest]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 9d /dns地址
[root@server2 manifest]# dig myservice.default.svc.cluster.local @10.96.0.1 /@後接dns地址
;; ANSWER SECTION:
myservice.default.svc.cluster.local. 30 IN A 10.109.129.13 /解析到了
我們當前有兩個dns服務:
[root@server2 manifest]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-5fd54d7f56-k5jb9 1/1 Running 5 9d 10.244.0.13 server2 <none> <none>
coredns-5fd54d7f56-xb5m4 1/1 Running 6 9d 10.244.0.14 server2 <none> <none>
當我們的訪問量過大時,我們還可以對dns服務pod進行拉伸,因爲它是以deployment控制器控制的:
[root@server2 manifest]# kubectl -n kube-system get all
NAME READY STATUS RESTARTS AGE
...
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/coredns 2/2 2 2 9d
NAME DESIRED CURRENT READY AGE
replicaset.apps/coredns-5fd54d7f56 2 2 2 9d
那我們的無頭服務怎麼設置哪?
[root@server2 manifest]# vim service.yml
[root@server2 manifest]# cat service.yml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
clusterIP: None //不設置clusterip
[root@server2 manifest]# kubectl describe svc myservice
Name: myservice
Namespace: default
Labels: <none>
Annotations: Selector: app=myapp
Type: ClusterIP
IP: None
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.91:80,10.244.1.92:80,10.244.2.67:80 + 1 more...
Session Affinity: None
Events: <none>
這個服務就沒有分配到IP了,但是後端仍然存在
那我們怎樣去訪問哪?通過dns解析訪問域名就行了。
[root@server2 manifest]# dig myservice.default.svc.cluster.local. @10.96.0.10
;; ANSWER SECTION:
myservice.default.svc.cluster.local. 30 IN A 10.244.1.91
myservice.default.svc.cluster.local. 30 IN A 10.244.1.92
myservice.default.svc.cluster.local. 30 IN A 10.244.2.67
myservice.default.svc.cluster.local. 30 IN A 10.244.2.68
//正好對應了四個後端的IP
滾動更新後解析到的地址也會改變:
loadbalancer類型的svc
從外部訪問 Service 的第二種方式,適用於公有云上的 Kubernetes 服務。這
時候,你可以指定一個 LoadBalancer 類型的 Service。
[root@server2 manifest]# vim service.yml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
type: LoadBalancer /設置爲lodabalancer類型
[root@server2 manifest]# kubectl apply -f service.yml
service/myservice created
[root@server2 manifest]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d
myservice LoadBalancer 10.103.172.225 <pending> 80:32752/TCP 5s
/pending是正在調用外部共有云
在service提交後,Kubernetes就會調用 CloudProvider 在公有云上爲你創建一個負載均衡服務,並且把被代理的 Pod 的 IP地址配置給負載均衡服務做後端。
ExternalName
外部訪問的第三種方式叫做ExternalName。在及集羣中也可能需要去訪問外部的網站,但是外部的資源是不可控的,當外部域名改變時,我們想要不影響我們的集羣內部的訪問,我們就需要指定一個ExternalName類型的service,當域名改變時,我們只在service中更改就行了,後端的訪問效果不變。
[root@server2 manifest]# vim service.yml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
type: ExternalName
externalName: www.baidu.com /指定一個域名
[root@server2 manifest]# kubectl apply -f service.yml
service/myservice created
[root@server2 manifest]# kubectl get svc myservice
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice ExternalName <none> www.baidu.com 80/TCP 13s
[root@server2 manifest]# dig myservice.default.svc.cluster.local. @10.244.0.13
;; ANSWER SECTION:
myservice.default.svc.cluster.local. 30 IN CNAME www.baidu.com.
www.baidu.com. 30 IN CNAME www.a.shifen.com.
www.a.shifen.com. 30 IN A 36.152.44.95
www.a.shifen.com. 30 IN A 36.152.44.96 //解析到了
我們變更一下域名。
[root@server2 manifest]# vim service.yml
externalName: www.baidu.com //改變
[root@server2 manifest]# kubectl apply -f service.yml
service/myservice configured
[root@server2 manifest]# kubectl get svc myservice
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice ExternalName <none> www.qq.com 80/TCP 110s
[root@server2 manifest]# dig myservice.default.svc.cluster.local. @10.244.0.13
;; ANSWER SECTION:
myservice.default.svc.cluster.local. 30 IN CNAME www.qq.com.
www.qq.com. 30 IN CNAME public-v6.sparta.mig.tencent-cloud.net.
public-v6.sparta.mig.tencent-cloud.net. 30 IN A 117.184.242.202
public-v6.sparta.mig.tencent-cloud.net. 30 IN A 183.192.170.139
public-v6.sparta.mig.tencent-cloud.net. 30 IN A 183.192.170.170
同樣也解析到了,我們訪問的地址並沒有改變,一直都是myservice.default.svc.cluster.local.
,但是我們能解析到不同的域名。
爲service分配一個公有IP
[root@server2 manifest]# vim service.yml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
externalIPs:
- 172.25.254.100 //指定一個外部的合法IP
[root@server2 manifest]# kubectl apply -f service.yml
service/myservice created
[root@server2 manifest]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d
myservice ClusterIP 10.110.224.207 172.25.0.100 80/TCP 11s
// 它會把這個ip直接和service的ip綁定
[root@server2 manifest]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 rr //也綁定到了ipvs上
-> 10.244.1.93:80 Masq 1 0 0
-> 10.244.1.94:80 Masq 1 0 0
-> 10.244.1.95:80 Masq 1 0 0
[root@server1 harbor]# curl 172.25.254.100 /可以直接訪問了
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@server3 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 rr
-> 10.244.1.93:80 Masq 1 0 4
-> 10.244.1.94:80 Masq 1 0 4
-> 10.244.1.95:80 Masq 1 0 4
-> 10.244.2.69:80 Masq 1 0 5