lVS - NAT模式原理及其配置
操作系统版本:rhel6.5
- 原理
注意:真实服务器网关设置为nat的ip地址,保证服务器返回数据包时能够发送到nat上
Nat server配置:
1.ipvsadm安装
配置yum源
vim /etc/yum.repos.d/rhel-source.repo
[rhel6.5]
name=rhel6.5
gpgcheck=0
baseurl=file:///rhel6.5
[HighAvailability]
name=HighAvailability
baseurl=file:///rhel6.5/HighAvailability
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=file:///rhel6.5/LoadBalancer
gpgcheck=0
[ResilientStorage]
name=ResilientStorage
baseurl=file:///rhel6.5/ResilientStorage
gpgcheck=0
[ScalableFileSystem]
name=ScalableFileSystem
baseurl=file:///rhel6.5/ScalableFileSystem
gpgcheck=0
yum install ipvsadm -y
2.开启路由功能
两种方式:
1.永久开启,修改配置文件
[root@server1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@server5 ~]# sysctl -p
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
若有以上报错,将该文件中的这三个模块注释掉再刷新就可以了。
2.临时开启
[root@server1 ~]# echo 1 > !$
echo 1 > /proc/sys/net/ipv4/ip_forward
[root@server1 ~]# cat /proc/sys/net/ipv4/ip_forward
1
临时启动时,在系统重启之后就会关闭。
3.网卡设置
如果有两块网卡时,可以将两块网卡分别设置为内网地址和外网地址,如果只有一块网卡,可以给该网卡上添加一个网址。
[root@server1 ~]# ip addr add 172.25.100.1 dev eth0
[root@server1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:62:f5:f4 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.1/24 brd 172.25.254.255 scope global eth0
inet 172.25.100.1/32 scope global eth0
inet6 fe80::5054:ff:fe62:f5f4/64 scope link
valid_lft forever preferred_lft forever
网卡绑定:
[root@server1 ~]# ifconfig eth0:0 172.25.100.1 netmask 255.255.255.0 up
- ipvsadm设定
[root@server1 ~]# ipvsadm -A -t 172.25.100.1:80 -s rr
# rr为轮询算法
[root@server1 ~]# ipvsadm -a -t 172.25.100.1:80 -r 172.25.254.2:80 -m
# 将访问172.25.100.1:80的数据包发送给172.25.254.2:80
[root@server1 ~]# ipvsadm -a -t 172.25.100.1:80 -r 172.25.254.3:80 -m
# 将访问172.25.100.1:80的数据包发送给172.25.254.3:80
[root@server1 ~]# /etc/init.d/ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [ OK ]
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.100.1:http rr
-> server2:http Masq 1 0 0
-> server3:http Masq 1 0 0
Realserver设置
[root@server2 ~]# echo server2 > /var/www/html/index.html
[root@server2 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.254.2 for ServerName
[ OK ]
[root@server3 ~]# echo server3 > /var/www/html/index.html
[root@server3 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.254.3 for ServerName
[ OK ]
Client测试
Client ip:172.25.100.4
三.优缺点
优点:NAT 的优点是服务器可以运行任何支持 TCP/IP 的操作系统,它只需要一个 IP 地址配置在调度器上,服务器组可以用私有的 IP 地址。
缺点:它的伸缩能力有限, 因为在 VS/NAT 中请求和响应报文都需要通过负载调度器。当服务器结点数目升到 20 时,调度器本身有可能成为系统的新瓶颈。