一、DR模式
实验环境
Director(DR) : 192.168.143.103 DIP
Director(DR) : 192.168.143.200 VIP
RealServer(RS1) : 192.168.143.104
RealServer(RS2) : 192.168.143.105
首先在两台Real server上安装apache网站服务,并开机自启
在Real server上配置网页文件测试访问
[root@RS2 ~]# echo web2 > /var/www/html/index.html
[root@RS1 ~]# echo web1 > /var/www/html/index.html
关防火墙,加载ip_vs模块
[root@DR ~]# systemctl stop firewalld
[root@DR ~]# setenforce 0
[root@DR ~]# modprobe ip_vs
[root@DR ~]# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP C0A819FA:0050 rr
[root@DR ~]# yum -y install ipvsadm
配置DR
//配置director的ip地址信息(dip,vip)
[root@DR ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.143.103 //DIP
PREFIX0=24
GATEWAY0=192.168.143.2
IPADDR1=192.168.143.200 //VIP
PREFIX1=24
//重启网卡,让配置生效
[root@DR ~]# ifdown ens33;ifup ens33
//在Director上添加并保存规则
[root@DR ~]# ipvsadm -A -t 192.168.143.200:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.143.200:80 -r 192.168.143.104:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.143.200:80 -r 192.168.143.105:80 -g
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.143.200:80 rr
-> 192.168.143.104:80 Route 1 0 0
-> 192.168.143.105:80 Route 1 0 0
//保存配置
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# cat /etc/sysconfig/ipvsadm
配置RS
//修改网卡内核参数,添加以下参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//重读配置
[root@RS1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1 // 将对应网卡设置为只回应目标IP为自身接口地址的ARP请求
net.ipv4.conf.all.arp_announce = 2 // 将ARP请求的源IP设置为ens33上的IP,也就是RIP
[root@RS2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//RS1和RS2需要配置RIP,注意:此处必须先修改网卡内核参数然后再配置vip,因为如果先配vip,vip配好后就会立马通告给别人,而修改内核参数就是为了不通告
[root@RS1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.143.104
PREFIX0=24
IPADDR1=192.168.143.200
PREFIX1=24
GATEWAY0=192.168.143.2 //网关不能指向DR
//增加路由
[root@RS1 ~]# route add -host 192.168.143.200/32 dev ens33 && ifdown ens33 ;ifup ens33
[root@RS2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.143.105
PREFIX0=24
IPADDR1=192.168.143.200
PREFIX1=24
GATEWAY0=192.168.143.2
//增加路由
[root@RS2 ~]# route add -host 192.168.143.200/32 dev ens33 && ifdown ens33 ;ifup ens33
测试
C:\Users\Administrator>curl 192.168.143.200
web2
C:\Users\Administrator>curl 192.168.143.200
web1
C:\Users\Administrator>curl 192.168.143.200
web2
C:\Users\Administrator>curl 192.168.143.200
web1
完整的设置ipvsadm规则,使其重启服务器时服务不会丢失
设置ipvsadm开机自启
// 先将ipvsadm规则保存到其他地方
ipvsadm -Sn > /data/ipvs.log //位置随便定义
// 启动服务
[root@DR ~]# systemctl start ipvsadm
// 将服务设置为开机自启动
[root@DR ~]# systemctl enable --now ipvsadm
[root@DR ~]# systemctl status ipvsadm
● ipvsadm.service - Initialise the Linux Virtual Server
Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; enabled; vendor pre>
Active: active (exited) since Mon 2021-10-18 21:36:18 EDT; 17min ago
Process: 970 ExecStart=/bin/bash -c exec /sbin/ipvsadm-restore < /etc/sysconf>
Main PID: 970 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 49290)
Memory: 0B
CGroup: /system.slice/ipvsadm.service
10月 18 21:36:18 DR systemd[1]: Starting Initialise the Linux Virtual Server...
10月 18 21:36:18 DR systemd[1]: Started Initialise the Linux Virtual Server.
// 重启、测试服务还是启动的,调度也正常
[root@DR ~]# reboot
[root@DR ~]# systemctl stop --now firewalld
C:\Users\Administrator>curl 192.168.143.200
web2
C:\Users\Administrator>curl 192.168.143.200
web1
将命令加入到启动文件/etc/rc.d/rc.local
[root@DR ~]# vim /etc/rc.d/rc.local
# that this script will be executed during boot.
touch /var/lock/subsys/local
ipvsadm -A -t 192.168.143.200:80 -s rr
ipvsadm -a -t 192.168.143.200:80 -r 192.168.143.104:80 -g
ipvsadm -a -t 192.168.143.200:80 -r 192.168.143.105:80 -g
ipvsadm -Sn > /etc/sysconfig/ipvsadm
// 给/etc/rc.d/rc.local执行权限
[root@DR ~]# chmod +x /etc/rc.d/rc.local
[root@DR ~]# ll /etc/rc.d/rc.local
-rwxr-xr-x. 1 root root 660 10月 19 04:47 /etc/rc.d/rc.local
二、NAT模式
环境
主机名 | DIP | 功能 |
---|---|---|
DR | 192.168.143.102 | 调度器 |
RS1 | 192.168.143.104 | 服务器web1 |
RS2 | 192.168.143.105 | 服务器web2 |
首先三台设备上关闭防火墙
首先在两台Real server上安装apache网站服务
[root@RS2 ~]# echo 192.168.143.105 > /var/www/html/index.html
[root@RS1 ~]# echo 192.168.143.104 > /var/www/html/index.html
配置DR
[root@DR ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.143.102 #DIP
PREFIX0=24
GATEWAY0=192.168.143.2
IPADDR1=192.168.143.200 #VIP,实际情况中VIP应该为公网IP
PREFIX1=24
//重启网卡,让配置生效
[root@DR ~]# ifdown ens33;ifup ens33
[root@DR ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:05:9c:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.143.102/24 brd 192.168.25.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.143.200/24 brd 192.168.25.255 scope global secondary noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe05:9cbb/64 scope link
valid_lft forever preferred_lft forever
配置RS1
[root@RS1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.143.104 //RIP
PREFIX=24
GATEWAY=192.168.143.102 #这里的网关要指向DIP
//重启网卡,让配置生效
[root@RS1 ~]# ifdown ens33;ifup ens33
配置RS2
[root@RS2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168143.105 //RIP
PREFIX=24
GATEWAY=192.168.143.102 #网关需要指向DIP
在Director上添加并保存规则
//开启Director的ip转发功能
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 //在配置文件中追加
//重读配置
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
//添加调度器
[root@DR ~]# ipvsadm -A -t 192.168.143.200:80 -s rr //指向外网的IP
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.143.200:80 rr
//添加RS至调度器
[root@DR ~]# ipvsadm -a -t 192.168.143.200:80 -r 192.168.143.104:80 -m
[root@DR ~]# ipvsadm -a -t 192.168.143.200:80 -r 192.168.143.105:80 -m
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.143.200:80 rr
-> 192.168.143.104:80 Masq 1 0 0
-> 192.168.143.105:80 Masq 1 0 0
//保存配置
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm //系统默认的规则存放位置,重启服务会自动恢复里面的规则
[root@DR ~]# cat /etc/sysconfig/ipvsadm
-A -t 192.168.143.200:80 -s rr
-a -t 192.168.143.200:80 -r 192.168.143.104:80 -m -w 1
-a -t 192.168.143.200:80 -r 192.168.143.105:80 -m -w 1
测试
[root@DR ~]# curl http://192.168.143.200
192.168.143.104
[root@DR ~]# curl http://192.168.143.200
192.168.143.105
[root@DR ~]# curl http://192.168.143.200
192.168.143.104
[root@DR ~]# curl http://192.168.143.200
192.168.143.105
完整的设置ipvsadm规则
// 先将ipvsadm规则保存到其他地方
ipvsadm -Sn > /data/ipvs.log //位置随便定义
// 启动服务
[root@DR ~]# systemctl start ipvsadm
// 将服务设置为开机自启动
[root@DR ~]# systemctl enable --now ipvsadm
[root@DR ~]# systemctl status ipvsadm
● ipvsadm.service - Initialise the Linux Virtual Server
Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; enabled; vendor pre>
Active: active (exited) since Mon 2021-10-18 21:36:18 EDT; 17min ago
Process: 970 ExecStart=/bin/bash -c exec /sbin/ipvsadm-restore < /etc/sysconf>
Main PID: 970 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 49290)
Memory: 0B
CGroup: /system.slice/ipvsadm.service
10月 18 21:36:18 DR systemd[1]: Starting Initialise the Linux Virtual Server...
10月 18 21:36:18 DR systemd[1]: Started Initialise the Linux Virtual Server.
// 重启、测试服务还是启动的,调度也正常
[root@DR ~]# reboot
[root@DR ~]# systemctl stop --now firewalld
[root@DR ~]# curl http://192.168.143.200
192.168.143.104
[root@DR ~]# curl http://192.168.143.200
192.168.143.105```