环境:一台网关(两块网卡:内网:外网) ,一台调度器(两块网卡:内网:内网),两台web(分别一块网卡:内网:虚拟回环接口lo:0/32)
部署步骤:
web1
vim /etc/sysconfig/network-scripts/ifcfg-eth0(内网)
GATEWAY=192.168.1.1
vim /etc/sysconfig/network-scripts/ifcfg-lo:0(虚拟接口,响应arp以真实地址回应网关)
1 DEVICE=lo:0
2 IPADDR=192.168.1.254
3 NETMASK=255.255.255.255
4 ONBOOT=yes
路由添加(看情况增加,与调度器在同一网段则不需要增加)
route add -host 192.168.1.254 dev lo:0
echo “route add -host 192.168.1.254 dev lo:0” >>/etc/rc.local
注:1.254IP为调度器连接后端web响应IP(网关防火墙DNAT跳转此处)
响应arp配置参数添加
vim /etc/sysctl.conf
8 net.ipv4.conf.all.arp_ignore = 1
9 net.ipv4.conf.all.arp_announce = 2
sysctl -p
yum -y install httpd //可测试
/etc/init.d/httpd start
web2
vim /etc/sysconfig/network-scripts/ifcfg-eth0(内网)
GATEWAY=192.168.1.1
vim /etc/sysconfig/network-scripts/ifcfg-lo:0(虚拟接口,响应arp以真实地址回应网关)
1 DEVICE=lo:0
2 IPADDR=192.168.1.254
3 NETMASK=255.255.255.255
4 ONBOOT=yes
路由添加(看情况增加,与调度器在同一网段则不需要增加)
route add -host 192.168.1.254 dev lo:0
echo “route add -host 192.168.1.254 dev lo:0” >>/etc/rc.local
注:1.254IP为调度器连接后端web响应IP(网关防火墙DNAT跳转此处)
响应arp配置参数添加
vim /etc/sysctl.conf
8 net.ipv4.conf.all.arp_ignore = 1
9 net.ipv4.conf.all.arp_announce = 2
sysctl -p
yum -y install httpd //可测试
/etc/init.d/httpd start
注:两个或多个web部署时,lo回环接口IP相同且都是/32
调度器lvs_dr
cp /etc/sysconfig/network-scripts/ifcfg-eth0(内网:用于本地连接)
GATEWAY=192.168.1.1
cp /etc/sysconfig/network-scripts/ifcfg-eth1(内网:响应后端web)
GATEWAY=192.168.1.1
yum -y install ipvsadm
modprobe ip_vs
lsmod | grep ip_vs
负载策略编写
1)/etc/init.d/iptables stop
2)/etc/init.d/ipvsadm stop
3)ipvsadm -A -t 192.168.1.254:80 -s rr
4)ipvsadm -a -t 192.168.1.254:80 -r 192.168.1.10:80 -g -w 1
5)ipvsadm -a -t 192.168.1.254:80 -r 192.168.1.20:80 -g -w 1
6)/etc/init.d/ipvsadm save && chkconfig --level 35 ipvsadm on
注:-m为nat模式,-g为dr模式,-w为优先级
网关
vim /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR=192.168.1.1
vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO=dhcp
开启路由转发
vim /etc/sysctl.conf
7 net.ipv4.ip_forward = 1
sysctl -p
编写防火墙规则
1)/etc/init.d/iptables stop
2)iptables -t nat -I PREROUTING -d 192.168.10.139 -i eth1(公网接口) -p tcp --dport 80 -j DNAT --to-destination 192.168.1.254:80
3)/etc/init.d/iptables save && chkconfig --level 35 iptables on
测试即可 https://mp.csdn.net/