LVS—TUN模式

一.简介:

1.特点

优点:负载均衡器只负责将请求包分发给后端节点服务器,而RS将应答包直接发给用户。所以,减少了负载均衡器的大量数据流动,负载均衡器不再是系统的瓶颈,就能处理很巨大的请求量,这种方式,一台负载均衡器能够为很多RS进行分发。而且跑在公网上就能进行不同地域的分发。

 

缺点:隧道模式的RS节点需要合法IP,这种方式需要所有的服务器支持”IP Tunneling”(IP Encapsulation)协议,服务器可能只局限在部分Linux系统上。

2.数据传输过程

 

1)客户请求数据包,目标地址VIP发送到LB上。

2)LB接收到客户请求包,进行IP Tunnel封装。即在原有的包头加上IP Tunnel的包头。然后发送出去。

3)RS节点服务器根据IP Tunnel包头信息(此时就有一种逻辑上的隐形隧道,只有LB和RS之间懂)收到请求包,然后解开IP Tunnel包头信息,得到客户的请求包并进行响应处理。

4)响应处理完毕之后,RS服务器使用自己的出公网的线路,将这个响应数据包发送给客户端。源IP地址还是VIP地址。

 

二.环境:

主机名ip组成部分
server1172.25.14.1负载调度器LB
server2172.25.14.2RealServer
server3172.25.14.3RealServer
  • rhel6.5
  • iptables and selinux  disabled
  • VIP:172.25.14.100  
  • 网络yum源http://172.25.14.250/rhel6.5
  • server2,server3开启httpd服务

 

三.配置步骤:

1)server1(调度器):

[root@server1 ~]# modprobe ipip
[root@server1 ~]# ip addr add 172.25.14.100/24 dev tunl0    ##添加ipip模块,ip addr show 可以查看到多出隧道接口tunl0
[root@server1 ~]# ip addr show tunl0
3: tunl0: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN 
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 172.25.14.100/24 scope global tunl0
[root@server1 ~]# ip link set up tunl0    ##激活隧道接口
[root@server1 ~]# ipvsadm -A -t 172.25.14.100:80 -s rr       ##添加调度策略
[root@server1 ~]# ipvsadm -a -t 172.25.14.100:80 -r 172.25.14.2:80 -i    ##添加轮询工作的服务器
[root@server1 ~]# ipvsadm -a -t 172.25.14.100:80 -r 172.25.14.3:80 -i

2)server2(realserver):

[root@server2 ~]# modprobe ipip      ##添加ipip模块,ip addr show 可以查看到多出隧道接口tunl0
[root@server1 ~]# ip addr show tunl0
3: tunl0: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN 
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 172.25.14.100/24 scope global tunl0
[root@server2 ~]# ip addr add 172.25.14.100/24 dev tunl0    ##在隧道接口上添加虚拟ip
[root@server2 ~]# ip link set up tunl0   ##激活隧道接口
[root@server2 ~]# sysctl -a | grep rp_filter    ##将所有参数为1的设置为0,关闭反向过滤,影响实验结果(linux系统反向路径过滤计数,设计原意在于防止网络欺骗,即系统在接受到一个IP后,检查该IP是不是合乎要求,不和要求的IP宝会被系统丢弃。该技术称为方向过滤技术)
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.tunl0.rp_filter = 1
net.ipv4.conf.tunl0.arp_filter = 0
[root@server2 ~]# sysctl -w net.ipv4.conf.default.rp_filter=0   
net.ipv4.conf.default.rp_filter = 0
[root@server2 ~]# sysctl -w net.ipv4.conf.lo.rp_filter=0
net.ipv4.conf.lo.rp_filter = 0
[root@server2 ~]# sysctl -w net.ipv4.conf.eth0.rp_filter=0
net.ipv4.conf.eth0.rp_filter = 0
[root@server2 ~]# sysctl -w net.ipv4.conf.tunl0.rp_filter=0
net.ipv4.conf.tunl0.rp_filter = 0
[root@server2 ~]# vim /etc/sysctl.conf 
 10 net.ipv4.conf.default.rp_filter = 0      ##此参数只能在文件中设置关闭状态
[root@server2 ~]# sysctl -p     ##重新加载配置
[root@server2 ~]# sysctl -a | grep rp_filter   ##再次查看,反向过滤关闭
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_filter = 0

3)server3(realserver):

所有操作同server2

[root@server3 ~]# modprobe ipip
[root@server3 ~]# ip addr add 172.25.14.100/24 dev tunl0
[root@server3 ~]# ip link set up tunl0
[root@server3 ~]# sysctl -a | grep rp_filter
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.tunl0.rp_filter = 1
net.ipv4.conf.tunl0.arp_filter = 0
[root@server3 ~]# sysctl -w net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.rp_filter = 0
[root@server3 ~]# sysctl -w net.ipv4.conf.lo.rp_filter=0
net.ipv4.conf.lo.rp_filter = 0
[root@server3 ~]# sysctl -w net.ipv4.conf.eth0.rp_filter=0
net.ipv4.conf.eth0.rp_filter = 0
[root@server3 ~]#  sysctl -w net.ipv4.conf.tunl0.rp_filter=0
net.ipv4.conf.tunl0.rp_filter = 0
[root@server3 ~]# vim /etc/sysctl.conf 
10 net.ipv4.conf.default.rp_filter = 0
[root@server3 ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
[root@server3 ~]#  sysctl -a | grep rp_filter
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_filter = 0

四.测试:

server1作为调度器,server2与server3轮询工作

[root@foundation14 kiosk]# curl 172.25.14.100
<h1> 172.25.14.3--server3</h1>
[root@foundation14 kiosk]# curl 172.25.14.100
<h1>172.25.14.2--server2</h1>
[root@foundation14 kiosk]# curl 172.25.14.100
<h1> 172.25.14.3--server3</h1>
[root@foundation14 kiosk]# curl 172.25.14.100
<h1>172.25.14.2--server2</h1>
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值