一.简介及原理
IPv4中IP地址的不足和一些安全原因,越来越多的网络使用内部IP地址,这些内部IP地址是不能够在互联网上使用的,当它们需要访问互联网或者被互联网访问时,就需要一种网络地址转换技术,即NAT。
NAT的基本工作原理是,当私有网主机和公共网主机通信的IP包经过NAT网关时,将IP包中的源IP或目的IP在私有IP和NAT的公共IP之间进行转换。
当IP包经过NAT网关时,NATGateway会将IP包的源IP转换为NATGateway的公共IP并转发到公共网,此时IP包(Dst=202.20.65.4,Src=202.20.65.5)中已经不含任何私有网IP的信息。由于IP包的源IP已经被转换成NATGateway的公共IP,Web Server发出的响应IP包(Dst= 202.20.65.5,Src=202.20.65.4)将被发送到NAT Gateway。
当用户访问由集群服务器提供的服务时,请求地址为互联网的IP地址(external IP address),IP数据包首先到达负载均衡服务器(load balancer),负载均衡服务器检查数据包的目的地址与端口号,并在转发规则列表中查找对应的真实服务器(N个),然后根据调度算法选择出一个真实的服务器(real server)来提供服务,同时这个连接的信息会被记录在负载均衡服务器的哈希表中(因为要保证后续的TCP数据包被发到同一个真实服务器上),这个数据包的【目的IP地址】与【端口port】会被重写为真实服务器的IP地址与端口,然后这个数据包会被转发到真实服务器上。当这个数据包返回到负载均衡服务器时,数据包的【原IP地址】与【端口prot】会被重写为负载均衡服务器的IP地址与端口,然后返回给用户。
二.NAT的配置
1.在server1上添加网卡增加ip
[root@server1 network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE="eth2"
BOOTPROTO="static"
ONBOOT="yes"
IPADDR=172.25.254.1
PREFIX=24
[root@server1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth3
DEVICE="eth3"
BOOTPROTO="static"
ONBOOT="yes"
IPADDR=192.168.0.5
PREFIX=24
[root@server1 network-scripts]# /etc/init.d/network restart
Shutting down interface eth2: [ OK ]
Shutting down interface eth3: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth2: Determining if ip address 172.25.254.1 is already in use for device eth2...
[ OK ]
Bringing up interface eth3: Determining if ip address 192.168.0.5 is already in use for device eth3...
[ OK ]
[root@server1 network-scripts]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:14:52:b7 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.1/24 brd 172.25.254.255 scope global eth2
inet6 fe80::5054:ff:fe14:52b7/64 scope link
valid_lft forever preferred_lft forever
3: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:05:54:99 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.5/24 brd 192.168.0.255 scope global eth3
inet6 fe80::5054:ff:fe05:5499/64 scope link
valid_lft forever preferred_lft forever
2.yum源配置
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.254.61/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[root@server1 network-scripts]# vim /etc/yum.repos.d/rhel-source.repo
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.254.61/rhel6.5/LoadBalancer
gpgcheck=0
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.254.61/rhel6.5/HighAvailability
gpgcheck=0
[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.254.61/rhel6.5/ResilientStorage
gpgcheck=0
[root@server1 network-scripts]# yum install ipvsadm -y
3.创建lvs
[root@server1 network-scripts]# ipvsadm -A -t 172.25.254.1:80 -s rr
[root@server1 network-scripts]# ipvsadm -a -t 172.25.254.1:80 -r 192.168.0.2 -m -w 1
[root@server1 network-scripts]# ipvsadm -a -t 172.25.254.1:80 -r 192.168.0.3 -m -w 1
[root@server1 network-scripts]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP server1:http rr
-> 192.168.0.2:http Masq 1 0 0
-> 192.168.0.3:http Masq 1 0 0
打开ip转发机制
[root@server1 ~]# vim /etc/sysctl.conf
[root@server1 ~]# /etc/init.d/network restart
Shutting down interface eth2: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth2: Determining if ip address 172.25.254.1 is already in use for device eth2...
[ OK ]
[root@server1 ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
配置所有的rs服务器
server2
IPADDR="192.168.0.2"
GATEWAY=192.168.0.5
server3
IPADDR="192.168.0.2"
GATEWAY=192.168.0.5
重启网络
测试:
[root@foundation61 rhel6.5]# curl 172.25.254.1
<h1>www.westos.org-server2</h1>
[root@foundation61 rhel6.5]# curl 172.25.254.1
<h1>bbs.westos.org-server3</h1>
[root@foundation61 rhel6.5]# curl 172.25.254.1
<h1>www.westos.org-server2</h1>
[root@foundation61 rhel6.5]# curl 172.25.254.1
<h1>bbs.westos.org-server3</h1>
[root@server1 network-scripts]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP server1:http rr
-> 192.168.0.2:http Masq 1 0 2
-> 192.168.0.3:http Masq 1 0 3