linux tunl0 ip,Centos7下lvs负载均衡lvs-tun模式配置

一、架构

director:172.28.18.69 vip:172.28.18.70

real server1:172.28.18.71

real server2:172.28.18.78

二、两台real server上安装nginx

配置nginx yum源

[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/centos/7/$basearch/

gpgcheck=0enabled=1

安装

[root@localhost ~]# yum install -y nginx

查看

[root@localhost ~]# whereisnginx

nginx:/usr/sbin/nginx /usr/lib64/nginx /etc/nginx /usr/share/nginx /usr/share/man/man8/nginx.8.gz

[root@localhost~]#

配置文件

查看默认根目录页面地址

[root@localhost ~]# vim /etc/nginx/conf.d/default.conf

server {

listen80;

server_name localhost;

#charset koi8-r;

#access_log/var/log/nginx/host.access.log main;

location/{

root/usr/share/nginx/html;

index index.html index.htm;

}

编辑/usr/share/nginx/html/index.html

加上本机IP地址，在测试负载均衡的时候，才知道分发到了哪台real server上

[root@localhost ~]# vim /usr/share/nginx/html/index.html

Welcome to nginx!

width: 35em;

margin:0auto;

font-family: Tahoma, Verdana, Arial, sans-serif;

}

Welcome to nginx!-71

If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.

For online documentation and support please refer tonginx.org.
Commercial support is available atnginx.com.

Thank you for using nginx.

保存、退出

启动nginx

[root@localhost conf.d]# nginx -c /etc/nginx/nginx.conf

可以显示IP了，同样172.28.18.78的服务器也安装和配置nginx

三、在172.28.18.69上安装ipvsadm

[root@localhost mysql-5.7.26]# yum install -y ipvsadm

已加载插件：fastestmirror

Loading mirror speeds from cached hostfile*base: mirrors.tuna.tsinghua.edu.cn*extras: mirrors.huaweicloud.com*updates: mirrors.tuna.tsinghua.edu.cn

base| 3.6 kB 00:00:00extras| 3.4 kB 00:00:00updates| 3.4 kB 00:00:00正在解决依赖关系-->正在检查事务---> 软件包 ipvsadm.x86_64.0.1.27-7.el7 将被 安装-->解决依赖关系完成

依赖关系解决===========================================================================================================Package 架构 版本 源 大小===========================================================================================================正在安装:

ipvsadm x86_641.27-7.el7 base 45k

事务概要===========================================================================================================安装1软件包

总下载量：45k

安装大小：75k

Downloading packages:

ipvsadm-1.27-7.el7.x86_64.rpm | 45 kB 00:00:00Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

警告：RPM 数据库已被非yum程序修改。** 发现 2 个已存在的 RPM 数据库问题， 'yum check'输出如下：2:postfix-2.10.1-7.el7.x86_64 有缺少的需求 libmysqlclient.so.18()(64bit)2:postfix-2.10.1-7.el7.x86_64 有缺少的需求 libmysqlclient.so.18(libmysqlclient_18)(64bit)

正在安装 : ipvsadm-1.27-7.el7.x86_64 1/1验证中 : ipvsadm-1.27-7.el7.x86_64 1/1已安装:

ipvsadm.x86_640:1.27-7.el7

完毕！

四、配置虚拟服务器

[root@director ~]# ipvsadm -A -t 172.28.18.70:80 -s rr

增加一个虚拟服务器 172.28.18.69, -A:增加一个虚拟服务器  -t:tcp协议 -s：分发算法 rr 轮询

五、增加后端实际服务器

[root@director home]# ipvsadm -a -t 172.28.18.70:80 -r 172.28.18.71:80 -i -w 1[root@director home]# ipvsadm-a -t 172.28.18.70:80 -r 172.28.18.78:80 -i -w 1

-a :增加后端服务器 -t:对应的虚拟服务器IP -r :对应的后端服务器IP -i: lvs-tun模式 -w:权重

六、查看配置规则

[root@director home]# ipvsadm -Ln

IP Virtual Server version1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags->RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP172.28.18.70:80rr-> 172.28.18.71:80 Tunnel 1 0 0

-> 172.28.18.78:80 Tunnel 1 0 0

七、设置director分发器的虚拟IP到设备em1:0

[root@director home]# ip addr add 172.28.18.70 dev em1:0

八、在后端服务器上加载ipip模块

加载ipip模块后，就会有默认的tunl0隧道

1、查看是否有tunl0隧道

[root@localhost conf]# lsmod|grep ipip

[root@localhost conf]#

没有ipip模块，加载ipip模块

[root@localhost conf]# modprobe ipip

再查看，有了

[root@localhost conf]# lsmod|grepipip

ipip13465 0tunnel413252 1ipip

ip_tunnel25163 1 ipip

ip a ,查看tunl0也有了

[root@server-1html]# ip a1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet127.0.0.1/8scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128scope host

valid_lft forever preferred_lft forever2: em1: mtu 1500 qdisc mq state UP group default qlen 1000link/ether 90:b1:1c:15:be:09brd ff:ff:ff:ff:ff:ff

inet172.28.18.78/28 brd 172.28.18.79scope global noprefixroute em1

valid_lft forever preferred_lft forever

inet6 fe80::e6fb:2cb7:2743:4720/64scope link noprefixroute

valid_lft forever preferred_lft forever3: em2: mtu 1500 qdisc mq state DOWN group default qlen 1000link/ether 90:b1:1c:15:be:0a brd ff:ff:ff:ff:ff:ff

inet192.168.18.103/24 brd 192.168.18.255scope global noprefixroute em2

valid_lft forever preferred_lft forever

inet6 fe80::3137:91de:1663:a505/64scope link tentative

valid_lft forever preferred_lft forever4: tunl0@NONE: mtu 1480 qdisc noop state DOWN group default qlen 1000link/ipip 0.0.0.0 brd 0.0.0.0

九、在后端服务器上配置虚拟IP绑定tunl0

[root@localhost conf]# ip addr add 172.28.18.70 dev tunl0

十、在后端服务器上配置关闭ARP转发

net.ipv4.conf.tunl0.arp_ignore = 1net.ipv4.conf.tunl0.arp_announce= 2net.ipv4.conf.all.arp_ignore= 1net.ipv4.conf.all.arp_announce= 2net.ipv4.conf.tunl0.rp_filter= 0net.ipv4.conf.all.rp_filter= 0

[root@localhost conf]# sysctl -p