LVS之FWM多服务绑定适用场景及实现![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/317d26a64923a6daa4c19ac387235e2a.png)
实现功能:
对外同时发布http以及https服务-----10.35.78.50:80以及10.35.78.50:443,等于配置两组LVS集群
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.35.78.50:80 rr
-> 192.168.18.128:80 Route 1 0 0
-> 192.168.18.129:80 Route 1 0 0
TCP 10.35.78.50:443 rr
-> 192.168.18.128:443 Route 1 0 0
-> 192.168.18.129:443 Route 1 0 0
优化如下
在LVS主机上数据报文头部打标记
iptables -t mangle -A PREROUTING -d vip -p proto -m multiport --dports port1,port2,... -j MARK --set-mark NUMBER
在LVS主机基于报文标记定义集群服务
ipvsadm -A -f NUMBER [options]
[root@lvs ~]# ipvsadm -C #清除LVS规则
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lvs ~]#
[root@lvs ~]# iptables -t mangle -A PREROUTING -d 10.35.78.50 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 10
[root@lvs ~]# iptables -t mangle -nvL ##防火墙规则:目的端口为80,443的报文打上10的标签
Chain PREROUTING (policy ACCEPT 40 packets, 2656 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- * * 0.0.0.0/0 10.35.78.50 multiport dports 80,443 MARK set 0xa
Chain INPUT (policy ACCEPT 40 packets, 2656 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 21 packets, 2028 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 21 packets, 2028 bytes)
pkts bytes target prot opt in out source destination
[root@lvs ~]# ipvsadm -A -f 10 -s rr ##根据报文头部标记10来配置集群
[root@lvs ~]# ipvsadm -a -f 10 -r 192.168.18.128 -g ##-g直接路由端口肯定不能修改
[root@lvs ~]# ipvsadm -a -f 10 -r 192.168.18.129 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 10 rr
-> 192.168.18.128:0 Route 1 0 0
-> 192.168.18.129:0 Route 1 0 0
[root@client ymsk]# while true;do curl http://10.35.78.50; curl -k https://10.35.78.50;sleep 0.5;done
rs2
rs1
rs2
rs1
rs2