lvs/NAT的实现及脚本（图）

VS/NAT
LVS-NAT基于cisco的LocalDirector。VS/NAT不需要在RealServer上做任何设置，其只要能提供一个tcp/ip的协议栈即可，甚至其无论基于什么OS。基于VS/NAT，所有的入站数据包均由Director进行目标地址转换后转发至内部的RealServer，RealServer响应的数据包再由Director转换源地址后发回客户端。
VS/NAT模式不能与netfilter兼容，因此，不能将VS/NAT模式的Director运行在netfilter的保护范围之中。现在已经有补丁可以解决此问题，但尚未被整合进ip_vs code。

       ____________
       |                          |
       |  client               |
       |____________|                    
     CIP=192.168.0.253 (eth0)            
              |                          
              |                          
     VIP=192.168.0.220 (eth0)            
        ____________                     
       |            |                    
       |  director  |                    
       |____________|                    
     DIP=192.168.10.10 (eth1)        
              |                          
           (switch)------------------------
              |                           |
     RIP=192.168.10.2 (eth0)       RIP=192.168.10.3 (eth0)
        _____________               _____________
       |                             |              |                            |
       | realserver1        |              | realserver2       |
       |_____________|             |_____________| 


    
设置VS/NAT模式的LVS(这里以web服务为例)
Director:

建立服务
# ipvsadm -A -t VIP:PORT -s rr
如:
# ipvsadm -A -t 192.168.0.220:80 -s rr

设置转发：
# ipvsadm -a -t VIP:PORT -r RIP_N:PORT -m -w N
如：
# ipvsadm -a -t 192.168.0.220:80 -r 192.168.10.2 -m -w 1
# ipvsadm -a -t 192.168.0.220:80 -r 192.168.10.3 -m -w 1

打开路由转发功能
# echo "1" > /proc/sys/net/ipv4/ip_forward

服务控制脚本：

#!/bin/bash
#
# LVS script for VS/NAT
#
. /etc/rc.d/init.d/functions
#
VIP=192.168.0.220
DIP=192.168.10.10
RIP1=192.168.10.2
RIP2=192.168.10.3
#
case "$1" in
start)          

  /sbin/ifconfig eth0:1 $VIP netmask 255.255.255.0 up

# Since this is the Director we must be able to forward packets
  echo 1 > /proc/sys/net/ipv4/ip_forward

# Clear all iptables rules.
  /sbin/iptables -F

# Reset iptables counters.
  /sbin/iptables -Z

# Clear all ipvsadm rules/services.
  /sbin/ipvsadm -C

# Add an IP virtual service for VIP 192.168.0.219 port 80
# In this recipe, we will use the round-robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
  /sbin/ipvsadm -A -t $VIP:80 -s rr

# Now direct packets for this VIP to
# the real server IP (RIP) inside the cluster
  /sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -m
  /sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -m
;;

stop)
# Stop forwarding packets
  echo 0 > /proc/sys/net/ipv4/ip_forward

# Reset ipvsadm
  /sbin/ipvsadm -C

# Bring down the VIP interface
  ifconfig eth0:1 down
;;
*)
  echo "Usage: $0 {start|stop}"
;;
esac

转载于:https://blog.51cto.com/linuxbpm/388233