1.LVS-DR中的ARP问题和解决方法
1.在LVS-DR负载均衡集群中,负载均衡器与节点服务器都要配置相同的VIP地址
2.对节点服务器进行处理,使其不响应针对VIP的ARP请求
方法:
使用虚接口lo:0承载VIP地址
设置内核参数arp_ignore=1:系统只响应目的IP为ARP请求
3.RealServer返回报文(源IP是VIP)经路由转发,重新封装报文时,需要先获取路由器的MAC地址
发送ARP请求时,Linux默认使用IP包的源IP地址(即IPVIP)作为ARP请求包中的源IP地址,而不使用发送接口的IP地址
4.路由器收到ARP请求后,将更新ARP表项,原有的VIP对应Director的MAC地址会被更新为VIP对应RealServer的MAC地址
5.问题
路由器根据ARP表项,会将新来的请求报文转发给RealServer,导致Director的VIP失效
解决方法
对节点服务器进行处理,设置内核参数arp_announce=2:系统不使用IP包的源地址来设置ARP请求的源地址,而选择发送接口的IP地址
6.解决ARP的两个问题的设置方法
net.ipv4.conf.lo.arp_ignore=1 ## 只回答目标IP地址是来访网络接口本地地址的ARP查询请求
net.ipv4.conf.lo.arp_announce=2 ##对查询目标使用最适当的本地地址.在此模式下将忽略这个IP数据包的源地址并尝试选择与能与该地址通信的本地地址.首要是选择所有的网络接口的子网中外出访问子网中包含该目标IP地址的本地地址. 如果没有合适的地址被发现,将选择当前的发送网络接口或其他的有可能接受到该ARP回应的网络接口来进行发送.
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
2.LVS负载均衡群集案列
服务器的ip地址
服务名称 | IP地址 |
---|---|
LVS | 192.168.106.170 |
web1 | 192.168.106.180 |
web2 | 192.168.106.190 |
nfs | 192.168.106.200 |
1.配置调度服务器
[root@server1 ~]# modprobe ip_vs ##加载ip_vs模块
[root@server1 ~]# cat /proc/net/ip_vs ##查看版本信息
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@server1 ~]# rpm -ivh /mnt/Packages/ipvsadm-1.27-7.el7.x86_64.rpm
[root@server1 ~]# vi dr.sh
#!/bin/bash
#
ifconfig ens33:0 192.168.100.100 broadcast 192.168.100.100 netmask 255.255.255.255 up
route add -host 192.168.100.100 dev ens33:0
ipvsadm -C
ipvsadm -A -t 192.168.100.100:80 -s rr
ipvsadm -a -t 192.168.100.100:80 -r 192.168.106.190:80 -g
ipvsadm -a -t 192.168.100.100:80 -r 192.168.106.180:80 -g
ipvsadm -Ln
[root@server1 ~]# sh dr.sh
2.配置web服务器
web1
[root@server1 ~]# yum -y install httpd
[root@server1 ~]# vi /etc/httpd/conf/httpd.conf
ServerName locahost
[root@server1 ~]# echo "<h1>serveraa</h1>" > /var/www/html/index.html
[root@server1 ~]# systemctl restart httpd.service
[root@server1 ~]# vi web.sh
#!/bin/bash
#web1
ifconfig lo:0 192.168.106.100 broadcast 192.168.106.100 netmask 255.255.255.255 up
route add -host 192.168.106.100 dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p &>/dev/null
[root@server1 ~]# sh web.sh
##nfs服务安装好可挂载nfs里的内容
[root@server1 ~]# mount 192.168.106.200:/opt/web1 /var/www/html/
web2
[root@server1 ~]# yum -y install httpd
[root@server1 ~]# vi /etc/httpd/conf/httpd.conf
ServerName locahost
[root@server1 ~]# echo "<h1>serverab</h1>" > /var/www/html/index.html
[root@server1 ~]# systemctl restart httpd.service
[root@server1 ~]# vi web.sh
#!/bin/bash
#web1
ifconfig lo:0 192.168.106.100 broadcast 192.168.106.100 netmask 255.255.255.255 up
route add -host 192.168.106.100 dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p &>/dev/null
[root@server1 ~]# sh web.sh
##nfs服务安装好可挂载nfs里的内容
[root@server1 ~]# mount 192.168.106.200:/opt/web2 /var/www/html/
3.配置nfs
[root@server1 ~]# yum -y install nfs-utils rpcbind
[root@server1 ~]# systemctl start nfs-utils
[root@server1 ~]# systemctl start rpcbind
[root@server1 ~]# mkdir /opt/web1 /opt/web2
[root@server1 ~]# echo "this is server1" > /opt/web1/index.html
[root@server1 ~]# echo "this is server2" > /opt/web2/index.html
[root@server1 ~]# vi /etc/exports
/opt/web1 192.168.106.180/32(rw,sync)
/opt/web2 192.168.106.190/32(rw,sync)
[root@server1 ~]# showmount -e
Export list for server1:
/opt/web2 192.168.106.190/32
/opt/web1 192.168.106.180/32
验证测试:http://192.168.100.100 (多开几个任务) ,在为挂载nfs是serveraa 和serverab轮询出现
or server1:
/opt/web2 192.168.106.190/32
/opt/web1 192.168.106.180/32
验证测试:http://192.168.100.100 (多开几个任务) ,在为挂载nfs是serveraa 和serverab轮询出现
挂载后this is server1和this is server2轮询出现