LVS是什么?以及LVS-NAT以及DR模式实验

已于 2024-08-08 14:46:10 修改
阅读量612 收藏 8
点赞数 17
分类专栏: RHCE 文章标签: lvs 网络 服务器
于 2024-08-07 21:56:59 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Tai_hua/article/details/141001179
版权

目录

NAT

LVS

LVS集群的类型:

LVS-NAT模式实验

环境准备:

实验步骤: 

LVS-DR模式实验

题目: 

环境准备:

实验步骤:

LVS-防火墙标签解决轮询调度问题

环境准备:

实验步骤:

NAT

NAT:网络地址转换。是将IP数据包头中的IP地址转换为另一个IP地址的过程。在实际的应用中,NAT主要用于实现私有网络访问公共网络的功能。NAT可分为SNAT和DNAT:

SNAT:源网络地址转换。内部地址要访问公网上的服务时,内部地址会主动发起连接,将内部地址转换为公网IP。

DNAT:目标网络地址转换。内部需要对外提供服务时,外部主动发起连接,路由器或者防火墙的网络接收到这个连接,然后将连接转换到内部,此过程是由带公网ip的网关代替内部服务来接收外部的连接,然后在内部做地址转换。作为单点的网络地址转换,只能指向一台主机服务器。

DNAT不能实现同时指向两台主机服务器,所以有了调度器。

LVS

LVS(Linux Virtual Server):负载调度器,是内核集成的。四层负载(可改变MAC地址、ip、端口)

负载均衡:四层(物理层、数据链路层(MAC)、网络层(ip)、传输层)和七层。

VS:调度器,负责调度

RS:负责真实处理业务的主机,负责真正提供服务

CIP:客户IP

VIP:客户访问LVS的IP,对客户开放的

DIP:LVS访问内部主机的IP

RIP:RS真实主机上的IP

流程:CIP <---> (VIP === DIP) <---> RIP

LVS集群的类型:

lvs-nat:修改请求报文的目标IP,多目标IP的DNAT(即将原本请求到VIP,在LVS内部做转换,将其指向SIP;客户主机IP不变,变客户要到达的目的地)
lvs-dr:操纵封装新的MAC地址
lvs-tun:在原请求IP报文之外新加一个IP首部(即请求发送到LVS时,加一段报文,当请求返回时删掉加的报文)
lvs-fullnat:修改请求报文的源和目标IP(即客户主机IP变为DIP,客户要到达的目的地变为RIP)

LVS-NAT模式实验

环境准备:

1. rhel9克隆,LVS 添加网络适配器(仅主机模式)

2. rhel9克隆,webserver1(网络适配器:仅主机)

3. rhel9克隆,webserver2(网络适配器:仅主机)

实验步骤: 

以下的vmset.sh为设置IP及解析

[root@haproxy ~]# cat /bin/vmset.sh
#!/bin/bash
rm -fr /etc/NetworkManager/system-connections/$1.nmconnection
cat > /etc/NetworkManager/system-connections/$1.nmconnection <<EOF
[connection]
id=$1
type=ethernet
interface-name=$1

[ipv4]
address1=$2/24,172.25.254.2
method=manual
dns=114.114.114.114;
EOF

chmod 600 /etc/NetworkManager/system-connections/$1.nmconnection
nmcli connection reload
nmcli connection up $1

hostnamectl hostname $3

cat > /etc/hosts <<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
$2	$3
EOF

LVS部分

# LVS部分

#设置网卡IP信息
[root@lvs ~]# vmset.sh eth0 172.25.254.100 lvs.company.org
[root@lvs ~]# vmset.sh eth1 192.168.0.100 lvs.company.org
[root@lvs ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.100  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::e9d9:e029:7f5a:84bf  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a6:46:7f  txqueuelen 1000  (Ethernet)
        RX packets 131  bytes 15879 (15.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 159  bytes 17606 (17.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.100  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::6ac0:a367:3ffc:d505  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a6:46:89  txqueuelen 1000  (Ethernet)
        RX packets 206  bytes 13419 (13.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 83  bytes 11170 (10.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@lvs ~]# vim /etc/NetworkManager/system-connections/eth1.nmconnection 
[root@lvs ~]# vim /etc/NetworkManager/system-connections/eth0.nmconnection 
[root@lvs ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
address1=172.25.254.100/24,172.25.254.2
method=manual
dns=114.114.114.114;
[root@lvs ~]# cat /etc/NetworkManager/system-connections/eth1.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1

[ipv4]
address1=192.168.0.100/24
method=manual

[root@lvs ~]# nmcli connection reload 
[root@lvs ~]# nmcli connection up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12)
[root@lvs ~]# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13)

# net.ipv4.ip_forward = 1 使其作为路由器
# LVS中打开内核路由功能
[root@lvs ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@lvs ~]# vim /etc/sysctl.conf        #在文件最后编写:net.ipv4.ip_forward = 1
[root@lvs ~]# sysctl -p
net.ipv4.ip_forward = 1

webserver1部分

# webserver1部分
[root@webserver1 ~]# vmset.sh eth0 192.168.0.10 webserver1.company.org
[root@webserver1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::e9d9:e029:7f5a:84bf  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:03:5f:47  txqueuelen 1000  (Ethernet)
        RX packets 162  bytes 17779 (17.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 153  bytes 11247 (10.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 72  bytes 6984 (6.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 72  bytes 6984 (6.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@webserver1 ~]# vim /etc/NetworkManager/system-connections/eth0.nmconnection 
[root@webserver1 ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection 
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
address1=192.168.0.10/24,192.168.0.100
method=manual

[root@webserver1 ~]# nmcli connection reload 
[root@webserver1 ~]# nmcli connection up eth0 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@webserver1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@webserver1 ~]# 
[root@webserver1 ~]# dnf install httpd -y
[root@webserver1 ~]# echo webserver1 - 192.168.0.10 > /var/www/html/index.html
[root@webserver1 ~]# systemctl  enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

webserver2部分

# webserver2部分
[root@webserver1 ~]# vmset.sh eth0 192.168.0.20 webserver2.company.org
[root@webserver2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.20  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::b947:4cf:357d:b67e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:f6:d1:9e  txqueuelen 1000  (Ethernet)
        RX packets 148  bytes 16617 (16.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 155  bytes 11559 (11.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 72  bytes 6984 (6.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 72  bytes 6984 (6.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@webserver2 ~]# vim /etc/NetworkManager/system-connections/eth0.nmconnection 
[root@webserver2 ~]# nmcli connection reload 
[root@webserver2 ~]# nmcli connection up eth0 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@webserver2 ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection 
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
address1=192.168.0.20/24,192.168.0.100
method=manual
dns=114.114.114.114;
[root@webserver2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@webserver2 ~]# 
[root@webserver2 ~]# dnf install httpd -y
[root@webserver2 ~]# echo webserver2 - 192.168.0.20 > /var/www/html/index.html
[root@webserver2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

LVS策略部分 

-A:增加虚拟server

-t:增加的调度协议(TCP/UDP)

-s:指定调度算法(rr:轮询,静态算法)

-r:real server

-m:LVS模式

-g:直连路由

-i:隧道

-w:指定权重

# 再次LVS部分中操作
[root@lvs ~]# curl 192.168.0.10
webserver1 - 192.168.0.10
[root@lvs ~]# curl 192.168.0.20
webserver2 - 192.168.0.20

#安装负载均衡工具:ipvsadm是管理IP虚拟服务器(IPVS)功能不可或缺的工具。IPVS是内核级负载均衡技术,支持多种负载均衡算法
[root@lvs ~]# dnf install ipvsadm -y
#查看策略
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@lvs ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 rr
[root@lvs ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.10:80 -m
[root@lvs ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.20:80 -m
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 rr
  -> 192.168.0.10:80              Masq    1      0          0         
  -> 192.168.0.20:80              Masq    1      0          0

测试

# 测试部分:
[root@lvs ~]# for i in {1..10}
> do
> curl 172.25.254.100
> done
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10

LVS-DR模式实验

题目: 

环境准备:

需要准备 5 台虚拟机,皆使用 rhel9 的备份

从左往右,第一个为client,第二个作为路由,第三个作为lvs,第四个为webserver1(rs1),第五个为webserver2(rs2)  

注意:该实验紧接着上个实验操作。

实验步骤:

lvs部分

#lvs部分:
[root@lvs ~]# nmcli connection delete eth0
[root@lvs ~]# vmset.sh eth1 192.168.0.50 lvs.company.org
[root@lvs ~]# cat /etc/NetworkManager/system-connections/eth1.nmconnection 
[connection]
id=eth1
type=ethernet
interface-name=eth1

[ipv4]
address1=192.168.0.50/24,192.168.0.100
method=manual
[root@lvs ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth1
[root@lvs ~]# 
[root@lvs ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:a6:46:7f  txqueuelen 1000  (Ethernet)
        RX packets 7939  bytes 589584 (575.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8168  bytes 798939 (780.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.50  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::6ac0:a367:3ffc:d505  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a6:46:89  txqueuelen 1000  (Ethernet)
        RX packets 924  bytes 105858 (103.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 805  bytes 68911 (67.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 72  bytes 7464 (7.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 72  bytes 7464 (7.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@lvs ~]# 
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:7f brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:89 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname ens224
    inet 192.168.0.50/24 brd 192.168.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::6ac0:a367:3ffc:d505/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
 
#添加环回
[root@lvs ~]# ip a a 192.168.0.200/32 dev lo
[root@lvs ~]# nmcli connection reload 
[root@lvs ~]# nmcli connection up lo
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.0.200/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:7f brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:89 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname ens224
    inet 192.168.0.50/24 brd 192.168.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::6ac0:a367:3ffc:d505/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#配置策略
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr
  -> 192.168.0.10:80              Masq    2      0          0         
  -> 192.168.0.20:80              Masq    1      0          0         
[root@lvs ~]# ipvsadm -C
[root@lvs ~]# ipvsadm -A -t 192.168.0.200:80 -s wrr
[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.10:80 -g -w 1
[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.20:80 -g -w 2
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.200:80 wrr
  -> 192.168.0.10:80              Route   1      0          0         
  -> 192.168.0.20:80              Route   2      0          0

webserver1部分

#webserver1部分:
[root@webserver1 ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::e9d9:e029:7f5a:84bf  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:03:5f:47  txqueuelen 1000  (Ethernet)
        RX packets 2089  bytes 181324 (177.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1766  bytes 157952 (154.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 248  bytes 22424 (21.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 248  bytes 22424 (21.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

#rs主机中使vip不对外相应
# arp_ignore    1:仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时,才给予响应
# arp_announce  2:必须避免将接口信息向非本网络进行通告
[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 
[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore 
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce 
[root@webserver1 ~]# 
[root@webserver1 ~]# vim /etc/NetworkManager/system-connections/eth0.nmconnection
[root@webserver1 ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection 
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
address1=192.168.0.10/24,192.168.0.100
method=manual
[root@webserver1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@webserver1 ~]# sysctl -a | grep arp_ignore
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 1
[root@webserver1 ~]# 
#添加环回ip
[root@webserver1 ~]# ip a a 192.168.0.200/32 dev lo

webserver2部分

#webserver2部分:
#rs主机中使vip不对外相应
# arp_ignore    1:仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时,才给予响应
# arp_announce  2:必须避免将接口信息向非本网络进行通告
[root@webserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@webserver2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@webserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@webserver2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@webserver2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@webserver2 ~]# 
#添加环回ip
[root@webserver2 ~]# ip a a 192.168.0.200/32 dev lo

router部分

#router部分:
[root@router ~]# vim /etc/NetworkManager/system-connections/eth1.nmconnection 
[root@router ~]# nmcli connection reload 
[root@router ~]# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@router ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection 
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
address1=172.25.254.100/24,172.25.254.2
method=manual
dns=114.114.114.114;
[root@router ~]# cat /etc/NetworkManager/system-connections/eth1.nmconnection 
[connection]
id=eth1
type=ethernet
interface-name=eth1

[ipv4]
address1=192.168.0.100/24
method=manual
[root@router ~]# 
[root@router ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0

#编辑配置文件,使其主机作为路由器使用(net.ipv4.ip_forward = 1)
[root@router ~]# vim /etc/sysctl.conf 
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@router ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0

client部分

#client部分:
[root@client ~]# vim /etc/NetworkManager/system-connections/eth0.nmconnection 
[root@client ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection 
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
address1=172.25.254.200/24,172.25.254.100
method=manual

[root@client ~]# nmcli connection reload 
[root@client ~]# nmcli connection up eth0 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@client ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.254.100  0.0.0.0         UG    100    0        0 eth0
172.25.254.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@client ~]# 
[root@client ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.200  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::b947:4cf:357d:b67e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:9a:63:75  txqueuelen 1000  (Ethernet)
        RX packets 390  bytes 34551 (33.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 400  bytes 41933 (40.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@client ~]# 
[root@client ~]# for i in {1..10}
> do
> curl 192.168.0.200
> done
^C							#之所以不成功,是因为webserver1和webserver2没有添加环回IP

#添加环回后再次测试
[root@client ~]# for i in {1..10}
> do
> curl 192.168.0.200
> done
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
[root@client ~]#

LVS-防火墙标签解决轮询调度问题

环境准备:

在 LVS-DR 模式的实验基础上完成此次实验操作

注意检查环回IP,sysctl -a | grep arp_ignore

实验步骤:

LVS部分

#LVS部分
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@lvs ~]# cat /etc/sysconfig/ipvsadm
-A -t 172.25.254.100:80 -s rr
-a -t 172.25.254.100:80 -r 192.168.0.10:80 -m -w 1
-a -t 172.25.254.100:80 -r 192.168.0.20:80 -m -w 2
[root@lvs ~]# systemctl stop ipvsadm
[root@lvs ~]# systemctl restart ipvsadm
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 rr
  -> 192.168.0.10:80              Masq    1      0          0         
  -> 192.168.0.20:80              Masq    2      0          0        

#或者
#[root@lvs ~]# ipvsadm -A -t 192.168.0.200:80 -s rr
#[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.10:80 -g -w 1
#[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.20:80 -g -w 2
     
  
#防火墙标签解决轮询调度(错误)问题      
[root@lvs ~]# ipvsadm -A -t 192.168.0.200:443 -s rr
[root@lvs ~]# ipvsadm -a -t 192.168.0.200:443 -r 192.168.0.10:443 -g
[root@lvs ~]# ipvsadm -a -t 192.168.0.200:443 -r 192.168.0.20:443 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.200:80 rr
  -> 192.168.0.10:80              Route   1      0          0         
  -> 192.168.0.20:80              Route   2      0          0         
TCP  192.168.0.200:443 rr
  -> 192.168.0.10:443             Route   1      0          0         
  -> 192.168.0.20:443             Route   1      0          0         
[root@lvs ~]# 
[root@lvs ~]# 
[root@lvs ~]# 
[root@lvs ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    101    0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     101    0        0 eth1
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:7f brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet6 fe80::1f9:ac64:1bc5:7e43/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:89 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname ens224
    inet 192.168.0.50/24 brd 192.168.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::6ac0:a367:3ffc:d505/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@lvs ~]# ip a a 192.168.0.200/32 dev lo
[root@lvs ~]# nmcli connection reload 
[root@lvs ~]# nmcli connection up lo
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.0.200/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:7f brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet6 fe80::1f9:ac64:1bc5:7e43/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:a6:46:89 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname ens224
    inet 192.168.0.50/24 brd 192.168.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::6ac0:a367:3ffc:d505/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever


[root@lvs ~]# iptables -t mangle -nL
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
[root@lvs ~]# iptables -t mangle -A PREROUTING -d 192.168.0.200 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 66
[root@lvs ~]# iptables -t mangle -nL
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
MARK       tcp  --  0.0.0.0/0            192.168.0.200        multiport dports 80,443 MARK set 0x42

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
[root@lvs ~]# 
[root@lvs ~]# ipvsadm -C
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@lvs ~]# ipvsadm -A -f 66 -s rr
[root@lvs ~]# ipvsadm -a -f 66 -r 192.168.0.10 -g
[root@lvs ~]# ipvsadm -a -f 66 -r 192.168.0.20 -g

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  66 rr
  -> 192.168.0.10:0               Route   1      0          0         
  -> 192.168.0.20:0               Route   1      0          0

webserver1部分

#webserver1部分
[root@webserver1 ~]# yum install mod_ssl -y
Complete!
[root@webserver1 ~]# 
[root@webserver1 ~]# systemctl restart httpd

#以下是解决: [root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
#			curl: (7) Failed to connect to 192.168.0.200 port 80: No route to host
#			curl: (7) Failed to connect to 192.168.0.200 port 443: No route to host
[root@webserver1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@webserver1 ~]# sysctl -a | grep arp_ignore
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 0
[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@webserver1 ~]# sysctl -a | grep arp_ignore
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 1
[root@webserver1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:03:5f:47 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::e9d9:e029:7f5a:84bf/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@webserver1 ~]# ip a a 192.168.0.200/32 dev lo
[root@webserver1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.0.200/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:03:5f:47 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::e9d9:e029:7f5a:84bf/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

webserver2部分

#webserver2部分
[root@webserver2 ~]# yum install mod_ssl -y
Complete!
[root@webserver2 ~]# 
[root@webserver2 ~]# systemctl restart httpd
[root@webserver2 ~]# 
[root@webserver2 ~]# 
[root@webserver2 ~]# 以下是解决 ‘No route to host’ 问题。因为没有环回地址,使其client不能访问
[root@webserver2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@webserver2 ~]# sysctl -a | grep arp_ignore
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 0
[root@webserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@webserver2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@webserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@webserver2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@webserver2 ~]# sysctl -a | grep arp_ignore
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 1
[root@webserver2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:f6:d1:9e brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.20/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::b947:4cf:357d:b67e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@webserver2 ~]# ip a a 192.168.0.200/32 dev lo
[root@webserver2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.0.200/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:f6:d1:9e brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.20/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::b947:4cf:357d:b67e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

client部分

#client部分
#这是因为,在上一次实验中,虚拟机关机后,之前设置的 '环回IP' 以及 'rs主机中使vip不对外相应' 
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
curl: (7) Failed to connect to 192.168.0.200 port 80: No route to host
curl: (7) Failed to connect to 192.168.0.200 port 443: No route to host

#这是因为防火墙标签解决轮询调度(错误)问题
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
webserver1 - 192.168.0.10
webserver1 - 192.168.0.10
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
[root@client ~]# 

#LVS解决后,成功实现
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
Tai_hua
关注
  • 17
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
4.LVS--NAT模式+DR模式.docx
06-30
本文将详细介绍 LVS 的两种主要工作模式——NAT 模式和 DR 模式,以及这两种模式下的具体操作流程。 #### 二、LVS 架构 LVS 主要包括三个组成部分: 1. **负载调度层**:由一台或多台调度器组成,负责接收来自...
LVS/NATLVS/DR模式集群的概述与配置
10-11
### LVS/NATLVS/DR模式集群的概述与配置 #### 一、集群及其重要性 **集群**的概念是指一组通过高速网络互连的计算单元,它们以单一系统的模式进行管理,对外提供一致的服务体验。集群技术的核心优势在于其能够...
LVS集群---NAT模式与DR模式部署
秃头改变生活
11-21 685
LVS集群(Linux Virtual server) 集群概念 lvs模型 lvs调度算法 lvs实现 lvs高可用性,负载均衡
LVS负载均衡群集之NAT与DR模式
MCB134的博客
03-06 1100
LVS:Linux Virtual Server,负载调度器,内核集成,章文嵩(花名正明), 阿里的四层SLB(Server Load Balance)是基于LVS+keepalived实现LVS 官网:http://www.linuxvirtualserver.org/阿里SLB和LVS:整个SLB系统由3部分构成: 四层负载均衡,七层负载均衡 和 控制系统,如下图所示;①四层负载均衡,采用开源软件LVS (linux virtual server) ,并根据云计算需求对其进行了定制化。
(一)lvs负载均衡详解--lvs-DR模式配置
W1124824402的博客
01-27 1954
LVS 介绍 (1)LVS 是Linux Virtual Server的简称,也就是 Linux 虚拟服务器, 是一个由章文嵩博士发起的自由软件项目,它的官方站点是www.linuxvirtualserver.org。现在LVS已经是 Linux标准内核的一部分,因此性能较高。 (2)LVS软件作用:通过LVS提供的负载均衡技术实现一个高性能、高可用的服务器群集,它具有良好可靠性、可扩展性和可操作性。从而以低廉的成本实现最优的服务性能。 2、LVS 优势与不足 1、优势 高并发连接:LVS基于
LVS负载均衡-NAT模式-DR模式
ibertine_P的博客
07-15 638
lvs的三种工作模式NATDRTUN优点地址转换,配置简单性能最好AWN,可以实现较远距离的数据包传送缺点性能瓶颈不支持跨网段专用的通道,必须开通vpn(花钱)RS的要求无限制必须要禁止非物理接口的ARP响应支持隧道模式RS的数量10-20台100台100台。
LVS的三种工作模式---(DR/TUN/NAT)
m0_72656276的博客
05-11 781
节点在局域网中收到这个帧,拆开后发现目标IP(VIP)与本地匹配,于是处理这个报文.随后重新封装报文,发送到局域网.此时IP包的目标ip是客户端,源ip是自己的vip地址。在整个过程中,负载调度作为NAT设备,负责将请求数据包的源IP从客户端IP转换为负载调度器的VIP(虚拟IP),并将响应数据包的源IP从真实服务器的私有IP转换回VIP。来处理,RS处理完成后把数据交给经过负载均衡器,负载均衡器再把数据包的原IP地址改为自己的IP,将目的地址改为客户端IP地址即可。相同权值的RS得到相。
LVS-NAT模式部署
桂安俊@KylinOS
11-19 1556
(下图IP并非本次实验实际IP,仅供模式介绍参考)NAT模式实际是将LVS当成路由器(linux系统本身也是软路由),将外网IP请求转换成内网IP,并按照指定算法(比如轮询),将请求转发给Real Server。其中web服务器收到请求的source源地址和destination目的地址不是一个网段,所以要配网关,web服务器的网关就是LVS服务器的地址,LVS有两个网段地址,web网关地址应选择与自己同网段的那个IP。
LVS 负载均衡 ------ NAT模式
weixin_45409371的博客
11-29 416
一、企业群集应用概述: 在互联网应用中,随着站点对硬件性能、响应速度、服务稳定性、数据可靠性等要求越来越高,单台服务器远不能满足需求,此时就需要多台服务器组成一个集群,但是对外仍表现的是一个整体,类似于一个“代表”。 何为群集: Cluster ,集群 ,群集 由多台主机构成,但对外只表现为一个整体 二、企业群集分类: 根据群集所针对的目标差异,可分为三种类型: 负载均衡群集; 高可用群集;...
部署LVS-DR模式(附带详细实验
F12138X的博客
06-11 947
盛年不重来,一日难再晨
LVS-DR模式
qq_61843057的博客
10-23 1247
LVS-DR模式,也是最常用的Ivs负载方式,DR DIRECT ROUTING 直接路由模式 负载均衡lvs调度器,只负责请求和转发到后端的真实服务器,响应结果由后端服务器直接转发给客户端,不需要经过调度器的处理。减轻了LVS的负担,提高性能和稳定性。1、客户端发送请求到vip 2、LVS的调度器接受请求之后,根据算法选择一台后端真实的服务器,请求转发到后端的RS,请求报文的目的MAC地址,修改成后端真实服务器的MAC地址。转发 3、后端真实服务器接受请求,处理完成之后,由于后端服务器直接把响应结果转发
LB群集--lvs-nat模型
08-10
LVS通过不同的工作模式,包括VS/NAT、VS/TUN和VS/DR,实现了负载均衡功能,其中VS/NAT模型是其一种常见的工作方式。 **LVS-NAT模型原理** 在LVS-NAT模型中,LVS调度器(Director)通过修改IP包的源或目标IP地址,...
8.1: 集群及LVS简介 、 LVS-NAT集群 、 LVS-DR集群 、 总结与答疑.docx
03-05
本文档主要讲解了Linux虚拟服务器LVS)的基本概念和实现方法,涵盖了LVS的集群模式LVS-NAT集群、LVS-DR集群等内容。同时,文档还提供了一些实际的案例,包括使用ipvsadm命令实现集群服务、部署LVS-NAT集群和部署...
关于linux的综合实验lvs-nginx-dns-tomcat-httpd-nfs
05-24
- 将`192.168.1.254`作为LVS的VIP地址,并配置LVS的DR模式以实现更高效的流量调度。 **五、Nginx 设置 (服务器一和二)** - 配置Nginx以实现Tomcat负载均衡。 1. **创建 tomcat_server 服务器组**,包含两台...
保姆级教程,一文了解LVS
最新发布
weixin_64373152的博客
08-08 444
一.什么是LVSLVS(Linux Virtual Server)是一种基于Linux内核的高性能、高可用的负载均衡软件,它可以将网络流量分发到多个服务器上,提高系统的可用性和性能。LVS的负载均衡功能实现在Linux内核中,通过对网络数据包的转发和调度,将来自客户端的请求分发到多台服务器上,从而实现负载均衡。LVS支持多种负载均衡算法:轮询、加权轮询、最小链接数等,同时还支持多种会话保持方法:IP散列、基于源 IP 端口的哈希、基于 Cookie 的会话保持等。
lvs的防火墙标记解决轮询调度问题
luohailin_的博客
08-07 179
错误结果。
LVS-DR集群的部署
可笑
08-05 631
LVS-DR(Linux Virtual Server Director Server)工作模式,是生产环境中最常用的一种工作模式
LVS原理及实例
luohailin_的博客
08-08 569
LVS(Linux Virtual Server)的 DR(Direct Routing,直接路由)模式,这种模式适用于非ARP设备的Real Server,Real Server网络是局域网,同样支持大量Real Server(高达100个),Real Server有自己的路由器。在NAT模式中,Director Server(DS)充当所有服务器节点的网关,既是客户端请求的入口,也是Real Server响应客户端的出口。Real Server 接收到数据包后,解封装得到原始的请求数据包,并进行处理。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值