实践环境
主机名 | 系统 | IP地址 | 作用 |
---|---|---|---|
vmhost | rhel7.5 | 192.168.12.7/24 | 真机,提供虚拟机node1-3进行实践练习环境,同时进行测试 |
node1 | rhel7.5 | 192.168.12.11/24 192.168.27.11/24 | 虚拟机node1,安装ipvadm软件,模拟LVS调度服务器 同时node1是双网卡:一个IP地址(外网地址)用来模拟VIP与真机在同一网段,方便测试;一个IP地址(内网地址)是与后端服务器在同一网段进行通信的 |
node2 | rhel7.5 | 192.168.27.12/24 | 虚拟机node2,安装httpd服务,模拟后端服务器 |
node3 | rhel7.5 | 192.168.27.13/24 | 虚拟机ndoe3,安装httpd服务,模拟后端服务器 |
测试将192.168.12.X看为外网地址,192.168.27.X看为内网地址
操作步骤
- 检测node1服务器内核是否有IPVS功能
[root@node1 ~]# cat /boot/config-3.10.0-862.el7.x86_64 | grep -i ipvs -A 10
CONFIG_NETFILTER_XT_MATCH_IPVS=m
--
# IPVS transport protocol load balancing support
#
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
#
# IPVS scheduler
#
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
--
# IPVS SH scheduler
#
CONFIG_IP_VS_SH_TAB_BITS=8
#
# IPVS application helper
#
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_NFCT=y
CONFIG_IP_VS_PE_SIP=m
- node1服务器安装ipvsadm软件
[root@node1 ~]# yum install -y ipvsadm
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
HighAvailability | 4.3 kB 00:00
ResilientStorage | 4.3 kB 00:00
rhel7.5 | 4.3 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package ipvsadm.x86_64 0:1.27-7.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
ipvsadm x86_64 1.27-7.el7 rhel7.5 45 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 45 k
Installed size: 75 k
Downloading packages:
ipvsadm-1.27-7.el7.x86_64.rpm | 45 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ipvsadm-1.27-7.el7.x86_64 1/1
Verifying : ipvsadm-1.27-7.el7.x86_64 1/1
Installed:
ipvsadm.x86_64 0:1.27-7.el7
Complete!
- node1服务器配置VS/NAT策略
#先清空ipvsadm配置,保持环境纯净
[root@node1 ~]# ipvsadm -C
#添加规则VS/NAT策略
[root@node1 ~]# ipvsadm -A -t 192.168.12.11:80 -s rr
[root@node1 ~]# ipvsadm -a -t 192.168.12.11:80 -r 192.168.27.12:80 -m
[root@node1 ~]# ipvsadm -a -t 192.168.12.11:80 -r 192.168.27.13:80 -m
#查看策略是否添加成功
[root@node1 network-scripts]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.12.11:80 rr
-> 192.168.27.12:80 Masq 1 0 0
-> 192.168.27.13:80 Masq 1 0 0
- 由于是模拟NAT,所有node1服务器需要开启内核地址转换功能
#查看node1是否开启内核地址转换,0表示没有开启,1表示开启
[root@node1 network-scripts]# cat /proc/sys/net/ipv4/ip_forward
0
#修改配置文件,永久开启内核地址转换方式
[root@node1 network-scripts]# vim /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1
#开启内核路由转换功能,并查看
[root@node1 network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
[root@node1 network-scripts]# cat /proc/sys/net/ipv4/ip_forward
1
- node2、node3服务器安装httpd
后端服务正常情况下应该是提供一样的服务内容,本次为了在测试时,显示轮询rr调度策略,将访问页面建立为不一样的
#配置后端服务器 node2 与 node3
[root@node2 ~]# yum install httpd -y
[root@node2 ~]# systemctl start httpd
[root@node2 ~]echo node2 > /var/www/html/index.html
[root@node2 ~]# curl 192.168.27.12
node2
[root@node3 ~]# yum install httpd -y
[root@node3 ~]# systemctl start httpd
[root@node3 ~]echo node3 > /var/www/html/index.html
[root@node3 ~]# curl 192.168.27.13
node3
- node2和node3服务的网关设置为node1内网地址192.168.27.11
VS/NAT模型要求每台内部的节点服务器的网关地址必须是调度器LB的内网地址
[root@node2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.27.11 0.0.0.0 UG 100 0 0 eth0
192.168.27.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@node3 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.27.11 0.0.0.0 UG 100 0 0 eth0
192.168.27.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
测试结果
使用真机的外网地址192.168.12.7,访问192.168.12.11VIP进行测试
[root@vmhost images]# curl 192.168.12.11
node2
[root@vmhost images]# curl 192.168.12.11
node3
[root@vmhost images]# curl 192.168.12.11
node2
[root@vmhost images]# curl 192.168.12.11
node3
#有轮巡调度效果