Loading... <p>前言</p> <p> 由于lvs的基础知识已经在第一篇lvs中讲解了,所以在这里只做实验,包括lvs-nat,lvs-dr,以及基于Freiwall标记和实现会话绑定实验。</p> <p></p> <p>一、lvs-nat:也是MASQERADING,简称为m(masquerading) </p> <p> 实验图: <img src="//cto.wang/usr/uploads/2016/07/20160703180352-88.png" title="1434860248559262.png" alt="2015-06-21_122212.png" /></p> <p> 地址规划:</p> <p> VIP: 172.16.2.13/24</p> <p> DIP: 192.168.10.203/24</p> <p> RIP1:192.168.10.120/24</p> <p> RIP2:192.168.10.103/24</p> <p> CIP: 172.16.2.176/24</p> <p> </p> <p> 实验步骤:</p> <p> (1)在Director上配置ntp服务,RS同步Director时间;</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# date Sun Jun 21 12:46:46 CST 2015 [root@RS1 ~]# date Sun Jun 21 12:46:50 CST 2015 [root@RS2 ~]# date Sun Jun 21 12:46:53 CST 2015</pre> <p> (2)开启Director的转发功能,清空iptables的filter,nat规则</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# vim /etc/sysctl.conf net.ipv4.ip_forward = 1 \\修改为1 [root@Director ~]# sysctl -p \\重新读取systcl.conf配置文件 [root@Director ~]# iptables -F;iptables -F -t nat \\清除防火墙规则</pre> <p> (3)将RS的网关指向Director的DIP</p> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# route add default gw 192.168.10.203 [root@RS1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.10.203 0.0.0.0 UG 0 0 0 eth0</pre> <pre class="brush:bash;toolbar:false">[root@RS2 ~]# route add default gw 192.168.10.203 [root@RS2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.10.203 0.0.0.0 UG 0 0 0 eth0</pre> <p> (4)在Director上创建集群服务</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# ipvsadm -A -t 172.16.2.13:80 -s rr [root@Director ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.2.13:80 rr</pre> <p> (5)在Director创建的集群服务添加RS</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# ipvsadm -a -t 172.16.2.13:80 -r 192.168.10.120:80 -m -w 1 [root@Director ~]# ipvsadm -a -t 172.16.2.13:80 -r 192.168.10.103:80 -m -w 1 [root@Director ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.2.13:80 rr -> 192.168.10.103:80 Masq 1 0 0 -> 192.168.10.120:80 Masq 1 0 0</pre> <p> (6)在RS中添加默认网页</p> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# echo "<h1>RS1</h1>" > /var/www/html/index.html [root@RS2 ~]# echo "<h1>RS2</h1>" > /var/www/html/index.html</pre> <p> (7)启动httpd服务</p> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# service httpd start Starting httpd: [ OK ] [root@RS2 ~]# service httpd start Starting httpd: [ OK ]</pre> <p> (7)打开浏览器,输入地址:http://172.16.2.13 刷新网页,查看测试结果</p> <p></p> <p> <img src="//cto.wang/usr/uploads/2016/07/20160703180353-98.png" title="1434863222124223.png" alt="3.png" /> <img src="//cto.wang/usr/uploads/2016/07/20160703180353-24.png" title="1434863227665996.png" alt="2.png" /></p> <p> (8)到此lvs-nat类型已经搭建完成,可以自己更改调度方法,查看状态</p> <p></p> <p></p> <p></p> <p></p> <p></p> <p></p> <p>二、lvs-dr类型:也称direct routing,简称为g(gatewaying)</p> <p> 实验图:</p> <p><img src="//cto.wang/usr/uploads/2016/07/20160703180353-24-1.png" title="1434863660111491.png" alt="1.png" /></p> <p> 地址规划:</p> <p> VIP: 172.16.2.100</p> <p> DIP: 172.16.2.13</p> <p> RIP1:172.16.2.12</p> <p> RIP2:172.16.2.14</p> <p> 配置步骤</p> <p> (1)同步时间,以Director为时间服务器,RS以Director为时间服务器,同步时间</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# date Sun Jun 21 13:24:02 CST 2015 [root@RS1 htdocs]# date Sun Jun 21 13:24:06 CST 2015 [root@RS2 html]# date Sun Jun 21 13:24:08 CST 2015</pre> <p> (2)修改RS的内核参数,禁止响应路由器查询VIP的arp请求</p> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore</pre> <pre class="brush:bash;toolbar:false">[root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore</pre> <p> (3)修改Director的防火墙规则,开启转发功能</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# iptables -F;iptables -F -t nat [root@Director ~]# vim /etc/sysctl.conf net.ipv4.ip_forward = 1 [root@Director ~]# sysctl -p</pre> <p> (4)在Director、RS服务器上配置VIP地址</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# ifconfig eth1:0 172.16.2.100 broadcast 172.16.2.100 netmask 255.255.255.255 [root@Director ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:5A:4F:52 inet addr:172.16.2.13 Bcast:172.16.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe5a:4f52/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:34718 errors:0 dropped:0 overruns:0 frame:0 TX packets:12253 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14209969 (13.5 MiB) TX bytes:1351338 (1.2 MiB) eth1:0 Link encap:Ethernet HWaddr 00:0C:29:5A:4F:52 inet addr:172.16.2.100 Bcast:172.16.2.100 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:80 errors:0 dropped:0 overruns:0 frame:0 TX packets:80 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7266 (7.0 KiB) TX bytes:7266 (7.0 KiB)</pre> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# ifconfig lo:0 172.16.2.100 broadcast 172.16.2.100 netmask 255.255.255.255 [root@RS1 ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:0E:C4:33 inet addr:172.16.2.12 Bcast:172.16.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe0e:c433/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9328 errors:0 dropped:0 overruns:0 frame:0 TX packets:3795 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8278339 (7.8 MiB) TX bytes:337391 (329.4 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:59 errors:0 dropped:0 overruns:0 frame:0 TX packets:59 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5699 (5.5 KiB) TX bytes:5699 (5.5 KiB) lo:0 Link encap:Local Loopback inet addr:172.16.2.100 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:16436 Metric:1</pre> <pre class="brush:bash;toolbar:false">[root@RS2 ~]# ifconfig lo:0 172.16.2.100 broadcast 172.16.2.100 netmask 255.255.255.255 [root@RS2 ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:F8:D4:92 inet addr:172.16.2.14 Bcast:172.16.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fef8:d492/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:161326 errors:0 dropped:0 overruns:0 frame:0 TX packets:132169 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25610678 (24.4 MiB) TX bytes:16331857 (15.5 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:1935 errors:0 dropped:0 overruns:0 frame:0 TX packets:1935 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:197004 (192.3 KiB) TX bytes:197004 (192.3 KiB) lo:0 Link encap:Local Loopback inet addr:172.16.2.100 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:65536 Metric:1</pre> <p> (5)在Director、RS上添加去往172.16.2.100的主机路由(目的是RS构建响应报文的时候以VIP为源IP封装数据包)</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# route add -host 172.16.2.100 dev eth1:0 [root@Director ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.2.100 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 172.16.2.1 0.0.0.0 UG 0 0 0 eth1</pre> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# route add -host 172.16.2.100 dev lo:0 [root@RS1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.2.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo 172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 172.16.2.1 0.0.0.0 UG 0 0 0 eth1</pre> <pre class="brush:bash;toolbar:false">[root@RS2 ~]# route add -host 172.16.2.100 dev lo:0 [root@RS2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.2.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo 172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 172.16.2.1 0.0.0.0 UG 0 0 0 eth1</pre> <p> (6)在Director上创建服务集群</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# ipvsadm -A -t 172.16.2.100:80 -s rr [root@Director ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.2.100:80 rr</pre> <p> (7)在Director创建的集群中添加RS</p> <pre class="brush:bash;toolbar:false">[root@Director ~]# ipvsadm -a -t 172.16.2.100:80 -r 172.16.2.12:80 -g -w 1 [root@Director ~]# ipvsadm -a -t 172.16.2.100:80 -r 172.16.2.14:80 -g -w 1 [root@Director ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.2.100:80 rr -> 172.16.2.12:80 Route 1 0 0 -> 172.16.2.14:80 Route 1 0 0</pre> <p> (8)在RS上添加默认网页</p> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# echo "<h1>RS1</h1>" > /var/www/html/index.html [root@RS2 ~]# echo "<h1>RS2</h1>" > /var/www/html/index.html</pre> <p> (9)启动httpd服务</p> <pre class="brush:bash;toolbar:false">[root@RS1 ~]# service httpd start Starting httpd: [ OK ] [root@RS2 ~]# service httpd start Starting httpd: [ OK ]</pre> <p> (10)打开浏览器,输入地址:http://172.16.2.100,刷新页面查看变化 </p> <p><img src="//cto.wang/usr/uploads/2016/07/20160703180354-20.png" title="1434866449751273.png" alt="4.png" /> <img src="//cto.wang/usr/uploads/2016/07/20160703180354-31.png" title="1434866454126377.png" alt="5.png" /> </p> <p> (11)到此lvs-dr类型搭建完成,可以更改调度算法查看页面变化。</p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信