实验拓扑,环境和lvs-dr一样。
实验二:pcc
测试ssh22端口和http80端口
-->pcc(persistent client connections) :将同一个用户的请求定向到同一个realserver上,将端口定义为零
[root@slave ~]# ipvsadm -C
[root@slave ~]# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
[root@slave ~]# ipvsadm -A -t 172.16.8.120:0 -s sed -p 1000
[root@slave ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:0 sed persistent 1000
[root@slave ~]# ipvsadm -a -t 172.16.8.120:0 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -a -t 172.16.8.120:0 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:0 sed persistent 1000
-> 172.16.8.7:0 Route 200 0 0
-> 172.16.8.6:0 Route 100 0 0
[root@slave ~]# ipvsadm -lcn
IPVS connection entries
pro expire state source virtual destination
TCP 01:46 FIN_WAIT 172.16.0.1:2521 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2509 172.16.8.120:80 172.16.8.7:80
TCP 01:43 FIN_WAIT 172.16.0.1:2499 172.16.8.120:80 172.16.8.7:80
TCP 01:40 FIN_WAIT 172.16.0.1:2478 172.16.8.120:80 172.16.8.7:80
TCP 16:26 NONE 172.16.0.1:0 172.16.8.120:0 172.16.8.7:0
TCP 01:44 FIN_WAIT 172.16.0.1:2507 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2508 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2512 172.16.8.120:80 172.16.8.7:80
TCP 00:40 SYN_RECV 172.16.0.1:2477 172.16.8.120:80 172.16.8.7:80
TCP 01:42 FIN_WAIT 172.16.0.1:2496 172.16.8.120:80 172.16.8.7:80
.....................找一客服端做测试.......................
# ab -c 10 -n 100 http://172.16.8.120/index.html
............................................................
实验三:ppc
-->ppc:将某一用户某一的特定端口的请求定向到同一特定的realserver上
[root@slave ~]# ipvsadm -C
[root@slave ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@slave ~]# ipvsadm -A -t 172.16.8.120:80 -s wlc -p 1000
[root@slave ~]# ipvsadm -A -t 172.16.8.120:23 -s wlc -p 1000
[root@slave ~]# ipvsadm -a -t 172.16.8.120:80 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -a -t 172.16.8.120:80 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -a -t 172.16.8.120:23 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -a -t 172.16.8.120:23 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:80 wlc persistent 1000
-> 172.16.8.7:80 Route 200 0 0
-> 172.16.8.6:80 Route 100 0 0
TCP 172.16.8.120:23 wlc persistent 1000
-> 172.16.8.6:23 Route 100 0 0
-> 172.16.8.7:23 Route 200 0 0
...........................两个服务器都装上telnet服务并开启,在物理机上测试........................
实验四:端口姻亲关系
将http和https定义为姻亲关系
-->persistent netfilter marked packet persistence(持久防火墙标记(在pre-routing链上打netfilter marked,而且该标记只在防火墙内部有效通常是0-99)--端口殷亲关系http,https--证书应该是同一个证书。):结合iptables让两种或者以上的具有相关联协议的设置一样的标记,定义集群服务的时候,基于-f 1。
实验时候C做ca认证服务器,颁发证书(............过程略............)
A,B装支持http的ssl模块
[root@server75 ~]# yum install mod_ssl
[root@server75 ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html"
ServerName www.magedu.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@server75 ~]# scp !$ 172.16.8.6:/etc/httpd/conf.d/ssl.conf
在C上配置
[root@slave ~]# ipvsadm -C
[root@slave ~]# iptables -t mangle -A PREROUTING -i eth0 -p tcp -d 172.16.8.120 --dport 80 -j MARK --set-mark 80
[root@slave ~]# iptables -t mangle -A PREROUTING -i eth0 -p tcp -d 172.16.8.120 --dport 443 -j MARK --set-mark 80
[root@slave ~]# ipvsadm -A -f 80 -s rr -p 1000
[root@slave ~]# ipvsadm -a -f 80 -r 172.16.100.7 -g
[root@slave ~]# ipvsadm -a -f 80 -r 172.16.100.6 -g
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 80 rr persistent 1000
-> 172.16.100.6:0 Route 1 0 0
-> 172.16.100.7:0 Route 1 0 0
转载于:https://blog.51cto.com/angus717/769577