配置lvs的负载集群
文章目录
一、配置lvs-nat模式的httpd负载集群—http
环境说明:
主机名称 网卡信息(ens33为nat、ens36为仅主机) 安装应用 系统
Client客户端 192.168.89.150(ens33) 无 centos 8
DR DIP:192.168.89.151(ens33)—VIP:192.168.179.10(ens192) ipvsadm centos 8
RS1 RIP:192.168.89.10(ens33)—gw:192.168.89.151 httpd centos 8
RS2 RIP:192.168.89.20(ens33)—gw:192.168.89.151 httpd centos 8
1、DR、RS1、RS2三台主机都关闭防火墙和selinux
[root@DR ~]# systemctl stop firewalld.service
[root@DR ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# vim /etc/selinux/config
[root@DR ~]# setenforce 0
[root@RS1 ~]# systemctl stop firewalld.service
[root@RS1 ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# vim /etc/selinux/config
[root@RS1 ~]# setenforce 0
[root@RS2 ~]# systemctl stop firewalld.service
[root@RS2 ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# vim /etc/selinux/config
[root@RS2 ~]# setenforce 0
2、配置ip信息
添加ens192网卡信息
[root@DR ~]# nmcli connection add con-name ens36 ifname ens36 type ethernet
Connection 'ens36' (9a3a4688-71ad-4548-b951-cc5bed5c0533) successfully added.
[root@DR ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens36
BOOTPROTO=none
...
IPADDR=192.168.179.10
PREFIX=24
DNS1=8.8.8.8
[root@DR ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
...
IPADDR=192.168.89.151
PREFIX=24
DNS1=8.8.8.8
[root@DR ~]# systemctl restart NetworkManager
[root@DR ~]# nmcli connection up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@DR ~]# nmcli connection up ens36
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@DR ~]# ip a
[root@RS1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
...
IPADDR=192.168.89.10
PREFIX=24
GATEWAY=192.168.89.151
[root@RS1 ~]# systemctl restart NetworkManager
[root@RS1 ~]# nmcli connection up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@RS1 ~]#
[root@RS2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
...
IPADDR=192.168.89.20
PREFIX=24
GATEWAY=192.168.89.151
DNS1=8.8.8.8
[root@RS2 ~]# systemctl restart NetworkManager
[root@RS2 ~]# nmcli connection up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@RS2 ~]#
3、后端RS1和RS2部署WEB服务器
RS1:
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# echo RS1 > /var/www/html/index.html
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]#
RS2:
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# echo RS2 > /var/www/html/index.html
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 ~]#
4、配置DR
(1)开启IP转发功能
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
(2)安装ipvsadm并添加规则
[root@DR ~]# yum -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.179.10:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.179.10:80 -r 192.168.89.10:80 -m
[root@DR ~]# ipvsadm -a -t 192.168.179.10:80 -r 192.168.89.20:80 -m
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.179.10:80 rr
-> 192.168.89.10:80 Masq 1 0 0
-> 192.168.89.20:80 Masq 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm.service
[root@DR ~]# systemctl enable ipvsadm.service
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@DR ~]#
5、客户端测试
//配置好ip信息
测试:
[root@client ~]# curl http://192.168.179.10
RS2
[root@client ~]# curl http://192.168.179.10
RS1
[root@client ~]# curl http://192.168.179.10
RS2
[root@client ~]# curl http://192.168.179.10
RS1
[root@client ~]#
二、配置lvs-nat模式的httpd负载集群—https
1、在DR中生成一对密钥
[root@DR ~]# mkdir -p /etc/pki/CA/private
[root@DR ~]# cd /etc/pki/CA/
[root@DR CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.........................+++++
...+++++
e is 65537 (0x010001)
[root@DR CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsphk6ga/k6wIcM/qjD2
8UO2E+Mv+B3jlDhYyAwCe5nFXkss+6BhrZwlu63lzCutKsj1PbaL0meK4HHya/TT
UQPa06elI+MWBUPYAkFhXSsZk5+rliE176Wf17XgHMQltUzpl8yBmCaW7AuKm2Uh
O+TiSCYq9BVUq7wvxpYuowXMb2mJZdTe0TVyZz2Elytz5GZrtXNNy0/9xgGGenaN
oncXxHIu3O8gGxIzZo8b1wGNCg9sBHQ/c/FydYVq1tmV/+6/E9nMScIsGy575Q3v
gswD3cnOl0R2zVS1FAXO4XSmJiHsra6KuJulwt4hplQq3Z5xXFQb+zureeu7Ac+u
JQIDAQAB
-----END PUBLIC KEY-----
[root@DR CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 1024
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:axi
Email Address []:axi@example.com
[root@DR CA]# touch index.txt && echo 01 > serial
[root@DR CA]#
2、在RS1中生成证书签署请求,并发送给CA
[root@RS1 ~]# yum -y install mod_ssl
[root@RS1 ~]# mkdir /etc/httpd/ssl
[root@RS1 ~]# cd /etc/httpd/ssl/
[root@RS1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
....................................................................+++++
.........................+++++
e is 65537 (0x010001)
[root@RS1 ssl]# openssl req -new -key httpd.key -days 1024 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:axi
Email Address []:axi@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@RS1 ssl]#
[root@RS1 ssl]# ls
httpd.csr httpd.key
[root@RS1 ssl]# scp httpd.csr root@192.168.89.151:/root/
The authenticity of host '192.168.89.151 (192.168.89.151)' can't be established.
ECDSA key fingerprint is SHA256:rZmza1MM6LSOAJTM+zxPXTg0G/IsOma1sxlOgOV2Z5s.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.89.151' (ECDSA) to the list of known hosts.
root@192.168.89.151's password:
httpd.csr 100% 1025 1.1MB/s 00:00
[root@RS1 ssl]#
3、在DR中查看
[root@DR ~]# ls
httpd.csr
//CA签署证书并发给RS1
[root@DR ~]# mkdir /etc/pki/CA/newcerts
[root@DR ~]# touch /etc/pki/CA/index.txt
[root@DR ~]# echo "01" > /etc/pki/CA/serial
[root@DR ~]# openssl ca -in httpd.csr -out httpd.crt -days 1024
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep 26 08:36:20 2022 GMT
Not After : Jul 16 08:36:20 2025 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = runtime
organizationalUnitName = yunwei
commonName = axi
emailAddress = axi@example.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
E3:B3:4C:F2:6F:CA:38:7B:5F:FB:38:06:24:4C:1E:1B:51:E7:CA:58
X509v3 Authority Key Identifier:
keyid:26:6A:F4:10:AA:40:E4:8E:E2:C6:2E:12:96:5F:AA:C1:DA:C8:76:84
Certificate is to be certified until Jul 16 08:36:20 2025 GMT (1024 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@DR ~]# ls
httpd.crt httpd.csr
//将CA签署的证书httpd.crt和服务器的证书cacert.pem发送给RS1
[root@DR ~]# scp httpd.crt root@192.168.89.10:/etc/httpd/ssl
The authenticity of host '192.168.89.10 (192.168.89.10)' can't be established.
ECDSA key fingerprint is SHA256:6+kzhJ+/T95uJ58qUCCiHnt40QnjjqtbDGi1hktqZxI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.89.10' (ECDSA) to the list of known hosts.
root@192.168.89.10's password:
httpd.crt 100% 4545 5.0MB/s 00:00
[root@DR ~]# scp /etc/pki/CA/cacert.pem root@192.168.89.10:/etc/httpd/ssl
root@192.168.89.10's password:
cacert.pem 100% 1383 1.4MB/s 00:00
[root@DR ~]#
4、RS2配置https
[root@RS2 ~]# yum -y install mod_ssl
[root@RS2 ~]# mkdir /etc/httpd/ssl
//RS1中把RS1的证书和密钥发送给RS2
[root@RS1 ssl]# scp cacert.pem httpd.crt httpd.key root@192.168.89.20:/etc/httpd/ssl
root@192.168.89.20's password:
cacert.pem 100% 1383 1.0MB/s 00:00
httpd.crt 100% 4545 7.9MB/s 00:00
httpd.key 100% 1675 3.6MB/s 00:00
[root@RS1 ssl]#
//在RS1中修改https的配置文件
[root@RS1 ssl]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCACertificateFile /etc/httpd/ssl/cacert.pem
[root@RS1 ssl]# systemctl restart httpd
[root@RS1 ssl]# ss -antl|grep 443
LISTEN 0 128 *:443 *:*
[root@RS1 ssl]#
//在RS2中修改https的配置文件
[root@RS2 ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCACertificateFile /etc/httpd/ssl/cacert.pem
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# ss -antl |grep 443
LISTEN 0 128 *:443 *:*
[root@RS2 ~]#
5、在DR中添加规则
[root@DR ~]# ipvsadm -A -t 192.168.179.10:443 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.179.10:443 -r 192.168.89.10 -m
[root@DR ~]# ipvsadm -a -t 192.168.179.10:443 -r 192.168.89.20 -m
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.179.10:80 rr
-> 192.168.89.10:80 Masq 1 0 0
-> 192.168.89.20:80 Masq 1 0 0
TCP 192.168.179.10:443 rr
-> 192.168.89.10:443 Masq 1 0 0
-> 192.168.89.20:443 Masq 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]#
6、客户端测试
[root@client ~]# curl -k https://192.168.179.10:443
RS1
[root@client ~]# curl -k https://192.168.179.10:443
RS2
[root@client ~]# curl -k https://192.168.179.10:443
RS1
[root@client ~]# curl -k https://192.168.179.10:443
RS2
[root@client ~]#
三、lvs-dr模式的httpd负载集群–http协议
LVS上配置ip:
DR:
//添加ip
[root@DR ~]# ip addr add 192.168.89.100/32 dev ens33
[root@DR ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:14:ff:5b brd ff:ff:ff:ff:ff:ff
inet 192.168.89.151/24 brd 192.168.89.255 scope global dynamic noprefixroute ens33
valid_lft 1583sec preferred_lft 1583sec
inet 192.168.89.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe14:ff5b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@DR ~]#
[root@RS1 ~]# dnf -y install net-tools (先安装ifconfig命令)
[root@RS2 ~]# dnf -y install net-tools
//RS上配置arp内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//LVS服务器的ens33网卡的ip:192.168.89.100作为VIP
两台RS都要做
[root@RS1 ~]# ip addr add 192.168.89.100/32 dev ens33
[root@RS1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:af:ba:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.89.10/24 brd 192.168.89.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.89.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feaf:ba33/64 scope link
valid_lft forever preferred_lft forever
[root@RS1 ~]#
[root@RS2 ~]# ip addr add 192.168.89.100/32 dev ens33
[root@RS2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:3c:25:7e brd ff:ff:ff:ff:ff:ff
inet 192.168.89.20/24 brd 192.168.89.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.89.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe3c:257e/64 scope link
valid_lft forever preferred_lft forever
[root@RS2 ~]#
//添加路由信息
[root@RS1 ~]# route add -host 192.168.89.100/32 dev ens33
[root@RS2 ~]# route add -host 192.168.89.100/32 dev ens33
//添加并保存规则
[root@DR ~]# ipvsadm -A -t 192.168.89.100:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.89.100:80 -r 192.168.89.10:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.89.100:80 -r 192.168.89.20:80 -g
[root@DR ~]# ipvsadm -Ln
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
//客户端验证
[root@client ~]# curl http://192.168.89.100
RS2
[root@client ~]# curl http://192.168.89.100
RS1
[root@client ~]# curl http://192.168.89.100
RS2
[root@client ~]# curl http://192.168.89.100
RS1
四、lvs-tun模式的httpd负载集群-http协议
//关闭selinux和防火墙
[root@DR ~]# systemctl disable --now firewalld.service
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//修改内核参数,开启IP转发
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
//配置VIP
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ifconfig tunl0 192.168.89.110 broadcast 192.168.89.110 netmask 255.255.255.255
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.89.110:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.89.110:80 -r 192.168.89.10:80 -i
[root@DR ~]# ipvsadm -a -t 192.168.89.110:80 -r 192.168.89.20:80 -i
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.89.110:80 rr
-> 192.168.89.10:80 Tunnel 1 0 0
-> 192.168.89.20:80 Tunnel 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm.service
[root@DR ~]# systemctl enable ipvsadm.service
//关闭RS1和RS2防火墙
//启用ipip模块,配置VIP
[root@RS1 ~]# dnf -y install net-tools
[root@RS1 ~]# modprobe ipip
[root@RS1 ~]# ifconfig tunl0 192.168.89.110 broadcast 192.168.89.110 netmask 255.255.255.255
//修改内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS1 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd服务,然后配置好网站首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
//启用ipip模块,配置VIP
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# modprobe ipip
[root@RS2 ~]# ifconfig tunl0 192.168.89.110 broadcast 192.168.89.110 netmask 255.255.255.255
//修改内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS2 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd服务,然后配置好网站首页
[root@RS2 ~]# dnf -y install httpd
[root@RS2 ~]# echo "RS1" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
客户端验证:
[root@client ~]# curl http://192.168.100.55
RS2
[root@client ~]# curl http://192.168.100.55
RS1
[root@client ~]# curl http://192.168.100.55
RS2
[root@client ~]# curl http://192.168.89.110
RS1