一、NAT模式搭建实战
1.给nat机新添加一块网卡
[root@nat ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens36
TYPE="Ethernet"
BOOTPROTO="none"
DEVICE="ens36"
NAME="ens36"
UUID="d0f9b80a-e098-3e1f-9ec3-0a502b1ed00e"
ONBOOT="yes"
IPADDR=192.168.10.69
-A 添加虚拟服务器
-t 设置群集地址(VIP,Virtual IP) tcp/udp
-s 指定负载调度算法(rr|wrr|Ic|w|c|sh...)
-a 添加真实服务器
-d 删除真实服务器
-r 指定真实服务器(Real Server)的地址
-m 使用NAT模式;-g、-i分别对应DR、TUN模式
-w 为节点服务器设置权重,默认为1
2.设置规则
[root@nat ~]# ipvsadm -A -t 192.168.10.69:80 -s rr //rr为轮询
[root@nat ~]# ipvsadm -a -t 192.168.10.69:80 -r 192.168.1.67:80 -m //添加真实服务器web1
[root@nat ~]# ipvsadm -a -t 192.168.10.69:80 -r 192.168.1.68:80 -m //添加真实服务器web2
[root@nat ~]# ipvsadm -Ln //查看集群规则
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.69:80 rr
-> 192.168.1.67:80 Masq 1 0 0
-> 192.168.1.68:80 Masq 1 0 0
[root@nat ~]# vim /etc/sysctl.conf //设置ip转发
net.ipv4.ip_forward=1
[root@nat ~]# sysctl -p //这里显示设置生效
net.ipv4.ip_forward = 1
3.设置rs网关
web1
[root@web1 ~]# route del default //清除
[root@web1 ~]# route add default gw 192.168.1.69 //临时修改网关,重启以后就会失效,网关必须指向dip
web2
[root@web2 ~]# route del default //清除
[root@web2 ~]# route add default gw 192.168.1.69 //临时修改网关
4.客户机访问
[root@client ~]# curl 192.168.10.69
i am web1
[root@client ~]# curl 192.168.10.69
i am web2
二、NAT模式脚本:
1.ds(负载均衡服务器nat)
#!/bin/bash
#配置网卡
echo TYPE="Ethernet" >> /etc/sysconfig/network scripts/ifcfg-ens36
echo BOOTPROTO="none" >> /etc/sysconfig/network scripts/ifcfg-ens36
read -p "router name:" router_name
echo NAME='"$rount_name"' >> /etc/sysconfig/network scripts/ifcfg-ens36
uuidkey=$( uuidgen )
echo UUID='"$uuidkey"' >> /etc/sysconfig/networkscripts/ifcfg-ens36 >> /etc/sysconfig/networkscripts/ifcfg-ens36
echo DEVICE='"$rount_name"' >> /etc/sysconfig/networkscripts/ifcfg-ens36
echo ONBOOT="yes" >> /etc/sysconfig/network-scripts/ifcfgens36
echo IPADDR=192.168.10.100 >> /etc/sysconfig/networkscripts/ifcfg-ens36
systemctl restart network
#安装ipvsadm
yum list installed|grep ipvsadm
if[ $? -ne 0 ];then
yum -y install ipvsadm
fi
#配置规则
read -p "vip:" vip
read -p "port:" port
read -p "rule:" s
ipvsadm -A -t $vip:$port -s $s
# ip forward
echo "net.ipv4.ip_forward=1" >/etc/sysctl.conf
sysctl -p
2.rs(真实服务器web1,web2)
#!/bin/bash
read -p "dip:" dip
# 设置网关
route del default
route add defualt gw $dip
三、DR模式
1.性能更优,回路不再经过ds
2.ds和rs为了保证用户响应,都要求配置统一的vip
3.由于rs是直接响应client,网关一定不能设置为ds 的dip
4.对rs的vip进行抑制,让ds的vip接收请求,rs的vip不接受请求
5.rs的vip绑定点lo回路网卡上
四、DR模式搭建实战
重新创建一台主机作ds,只有一张网卡
1.在ds的ens33上挂一个vip 192.168.1.73
[root@dr ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::b033:7647:1a91:ed98 prefixlen 64 scopeid 0x20<link>
inet6 fe80::c4fe:4bf0:5e0f:f6d7 prefixlen 64 scopeid 0x20<link>
inet6 fe80::83ce:d56f:781b:b691 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ef:c3:2a txqueuelen 1000 (Ethernet)
RX packets 1025 bytes 80625 (78.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 493 bytes 48832 (47.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 base 0x2000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 32 bytes 2592 (2.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 2592 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dr ~]# ifconfig ens33:0 192.168.1.73 broadcast 192.168.1.73 netmask 255.255.255.255 up
[root@dr ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::b033:7647:1a91:ed98 prefixlen 64 scopeid 0x20<link>
inet6 fe80::c4fe:4bf0:5e0f:f6d7 prefixlen 64 scopeid 0x20<link>
inet6 fe80::83ce:d56f:781b:b691 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ef:c3:2a txqueuelen 1000 (Ethernet)
RX packets 1275 bytes 104159 (101.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 653 bytes 67306 (65.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 base 0x2000
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.73 netmask 255.255.255.255 broadcast 192.168.1.73
ether 00:0c:29:ef:c3:2a txqueuelen 1000 (Ethernet)
device interrupt 19 base 0x2000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 32 bytes 2592 (2.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 2592 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dr ~]# route add -host 192.168.1.73 dev ens33:0
192.168.1.72 dip
192.168.1.73 vip 在rs上的vip和这个vip相同
2.设置规范
[root@dr ~]# ipvsadm -A -t 192.168.1.73:80 -s rr
[root@dr ~]# ipvsadm -a -t 192.168.1.73:80 -r 192.168.1.67:80 -g
[root@dr ~]# ipvsadm -a -t 192.168.1.73:80 -r 192.168.1.68:80 -g
[root@dr ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.73:80 rr
-> 192.168.1.67:80 Route 1 0 0
-> 192.168.1.68:80 Route 1 0 0
3.设置rs(web1,web2)主机
1)在lo接口上绑定vip
[root@web1 ~]# ifconfig lo:0 192.168.1.73 broadcast 192.168.1.73 netmask 255.255.255.255 up
2)设置主机路由
[root@web1 ~]# route add -host 192.168.1.73 dev lo:0
3)抑制rs接受请求
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web1 ~]# nginx
4)生成脚本,在web2执行
[root@web2 ~]# vim x.sh
#!/bin/bash
ifconfig lo:0 192.168.1.73 broadcast 192.168.1.73 netmask 255.255.255.255 up
route add -host 192.168.1.73 dev lo:0
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web2 ~]# source x.sh
[root@web2 ~]# nginx
4.去ds测试,查看状态
[root@dr ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.1.73:80 0 0 0 0 0
-> 192.168.1.67:80 0 0 0 0 0
-> 192.168.1.68:80 0 0 0 0 0
5.去客户机测试(别忘记开启rs的nginx服务)
[root@client ~]# curl 192.168.1.73
i am web1
[root@client ~]# curl 192.168.1.73
i am web2
6.再次去ds查看状态
[root@dr ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.1.73:80 9 43 0 2412 0
-> 192.168.1.67:80 4 21 0 1176 0
-> 192.168.1.68:80 5 22 0 1236 0
五、dr模式脚本:
1.ds
#!/bin/bash
#在ens33上挂载一个ip地址
read -p "vip:" vip
read -p "mac:" mac
read -p "num" num
ifconfig $mac:$num $vip broadcast $vip netmask
255.255.255.255
# 主机路由
route add -host $vip dev $mac:$num
#安装ipvsadm
yum list installed|grep ipvsadm
if [ $? -ne 0 ] ; then
yum -y install ipvsadm
fi
#配置规则(不需要设置ip_forword)
ipvsadm -C
read -p "rule:" rule
read -p "port:" port
ipvsadm -A -t $vip:$port -s $rule
read -p "rip1:" rip1
ipvsadm -a -t $vip:$port -r $rip1 -g
read -p "rip2:" rip2
ipvsadm -a -t $vip:$port -r $rip2 -g
2.rs
#!/bin/bash
#在ens33上挂载一个ip地址
read -p "vip:" vip
read -p "mac:" mac
read -p "num" num
ifconfig $mac:$num $vip broadcast $vip netmask
255.255.255.255
# 主机路由
route add -host $vip dev $mac:$num
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce