一、直接路由
1.1.直接路由
直接路由(Direct Routing):简称 DR 模式,采用半开放式的网络结构,与 TUN模式的结构类似,但各节点并不是分散在各地,而是与调度器位于同一个物理网络。
负载调度器与各节点服务器通过本地网络连接,不需要建立专用的 IP 隧道。
直接路由,LVS默认模式,应用最广泛,通过请求报文重新封装一个MAC首部进行转发,源MAC是DIP所在的接口的MAC,目标MAC是某挑选出的RS的RIP所在接口的MAC地址;源IP/PORT,以及目标IP/PORT均保持不变。
1.2.DR模式的特点
-
Director和各RS都配置有VIP
-
确保前端路由器将目标IP为VIP的请求报文发往Director
-
在前端网关做静态绑定VIP和Director的MAC地址
-
在RS上使用arptables工具
arptables -A IN -d $VIP -j DROP (忽略AR广播P)
arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP (关闭无故ARP)
再不关闭ARP广播情况下,使地址不冲突:
绑定ARP,绑定lvs代理服务器
在RS上修改内核参数以限制arp通告及应答级别
/proc/sys/net/ipv4/conf/all/arp_ignore
/proc/sys/net/ipv4/conf/all/arp_announce
RS的RIP可以使用私网地址,也可以是公网地址;RIP与DIP在同一IP网络;RIP的网关不能指向DIP,以确保响应报文不会经由Director。
-
RS和Director要在同一个物理网络
-
请求报文要经由Director,但响应报文不经由Director,而由RS直接发往Client
-
不支持端口映射(端口不能修改)
-
无需开启 ip_forward
-
RS可使用大多数OS系统
1.3.部署DR模式
调度服务器192.168.52.140
NFS服务器192.168.52.110
web1服务器192.168.52.120
web2服务器192.168.52.130
客户端192.168.52.102
VIP192.168.52.188
192168.52.140调度服务器
关闭防火墙与selinux,下载ipvsadm
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install ipvsadm -y
配置虚拟IP地址
[root@localhost network-scripts]# cd /etc/sysconfig/network-scripts
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-ippp ifdown-sit ifup-bnep ifup-plip ifup-Team network-functions-ipv6
ifcfg-lo ifdown-ipv6 ifdown-Team ifup-eth ifup-plusb ifup-TeamPort
ifdown ifdown-isdn ifdown-TeamPort ifup-ib ifup-post ifup-tunnel
ifdown-bnep ifdown-post ifdown-tunnel ifup-ippp ifup-ppp ifup-wireless
ifdown-eth ifdown-ppp ifup ifup-ipv6 ifup-routes init.ipv6-global
ifdown-ib ifdown-routes ifup-aliases ifup-isdn ifup-sit network-functions
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.52.188
NETMASK=255.255.255.0
#GATEWAY=192.168.52.2
#DNS1=8.8.8.8
重启网卡
[root@localhost network-scripts]# ifdown ifcfg-ens33:0
[root@localhost network-scripts]# ifup ifcfg-ens33:0
调整proc响应参数
[root@localhost network-scripts]# vim /etc/sysctl.conf
添加在最后面
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
刷新配置
[root@localhost network-scripts]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
加载模块
[root@localhost network-scripts]# modprobe ip_vs
[root@localhost network-scripts]# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
配置负载分配策略,启动服务
[root@localhost network-scripts]# ipvsadm-save >/etc/sysconfig/ipvsadm
[root@localhost network-scripts]# systemctl start ipvsadm.service
清空ipvsadm
[root@localhost network-scripts]# ipvsadm -C
添加策略
[root@localhost network-scripts]# ipvsadm -A -t 192.168.52.188:80 -s rr
[root@localhost network-scripts]# ipvsadm -a -t 192.168.52.188:80 -r 192.168.52.120:80 -g
[root@localhost network-scripts]# ipvsadm -a -t 192.168.52.188:80 -r 192.168.52.130:80 -g
保存设置
[root@localhost network-scripts]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP localhost.localdomain:http rr
-> 192.168.52.120:http Route 1 0 0
-> 192.168.52.130:http Route 1 0 0
[root@localhost network-scripts]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.52.188:80 rr
-> 192.168.52.120:80 Route 1 0 0
-> 192.168.52.130:80 Route 1 0 0
[root@localhost network-scripts]# ipvsadm-save >/etc/sysconfig/ipvsadm
192.168.52.110NFS服务器
关闭防火墙与selinux,下载nfs
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install nfs-utils rpcbind -y
[root@localhost ~]# cd /opt/
新建目录
[root@localhost opt]# mkdir nfs
[root@localhost opt]# cd nfs/
[root@localhost nfs]# mkdir my qyd
[root@localhost nfs]# ls
my qyd
创建站点文件
[root@localhost nfs]# echo "this is my" >my/index.html
[root@localhost nfs]# echo "this is qyd" >qyd/index.html
设置权限
[root@localhost nfs]# chmod 777 *
[root@localhost nfs]# ll
总用量 0
drwxrwxrwx. 2 root root 24 5月 13 16:30 my
drwxrwxrwx. 2 root root 24 5月 13 16:30 qyd
设置共享策略
[root@localhost nfs]# vim /etc/exports
共享给192.168.52.0/24网段权限 可读可写
/opt/nfs/my 192.168.52.0/24(rw,sync,no_root_squash)
/opt/nfs/qyd 192.168.52.0/24(rw,sync,no_root_squash)
开启服务发布共享
[root@localhost nfs]# systemctl start rpcbind
[root@localhost nfs]# systemctl start nfs
查看共享目录
[root@localhost nfs]# showmount -e
Export list for localhost.localdomain:
/opt/nginx/qyd 192.168.52.0/24
/opt/nginx/my 192.168.52.0/24
192.168.52.120web1服务器
关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
查看nfs服务192.168.52.110的共享目录列表
[root@localhost ~]# showmount -e 192.168.52.110
Export list for 192.168.52.110:
/opt/nfs/qyd 192.168.52.0/24
/opt/nfs/my 192.168.52.0/24
安装apache服务
[root@localhost ~]# yum install httpd -y
挂载
[root@localhost ~]# mount 192.168.52.110:/opt/nfs/my /var/www/html/
[root@localhost ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 20G 3.7G 17G 19% /
devtmpfs 473M 0 473M 0% /dev
tmpfs 489M 0 489M 0% /dev/shm
tmpfs 489M 7.2M 481M 2% /run
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/sda1 1014M 161M 854M 16% /boot
tmpfs 98M 0 98M 0% /run/user/0
tmpfs 98M 12K 98M 1% /run/user/42
192.168.52.110:/opt/nfs/my 10G 3.7G 6.4G 37% /var/www/html
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# ls
index.html
[root@localhost html]# cat index.html
this is my
重启服务并输入IP地址查看
[root@localhost html]# systemctl restart httpd.service
配置网关
重启网卡
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ifconfig
设置路由
[root@localhost network-scripts]# route add -host 192.168.52.188 dev lo:0
[root@localhost network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.52.2 0.0.0.0 UG 100 0 0 ens33
192.168.52.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.52.188 0.0.0.0 255.255.255.255 UH 0 0 0 lo
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
开机执行命令
[root@localhost network-scripts]# vim /etc/rc.d/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
/usr/sbin/route add -host 192.168.52.188 dev lo:0
[root@localhost network-scripts]# chmod +x /etc/rc.d/rc.local
调整proc响应参数
[root@localhost network-scripts]# vim /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
192.168.52.130web2服务器
关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# showmount -e 192.168.52.110
Export list for 192.168.52.110:
/opt/nfs/qyd 192.168.52.0/24
/opt/nfs/my 192.168.52.0/24
安装apache服务
[root@localhost ~]# yum install httpd -y
挂载
[root@localhost ~]# mount 192.168.52.110:/opt/nfs/qyd /var/www/html/
[root@localhost ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 15G 3.7G 12G 25% /
devtmpfs 897M 0 897M 0% /dev
tmpfs 912M 0 912M 0% /dev/shm
tmpfs 912M 9.1M 903M 1% /run
tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 497M 172M 326M 35% /boot
tmpfs 183M 4.0K 183M 1% /run/user/42
tmpfs 183M 44K 183M 1% /run/user/0
192.168.52.110:/opt/nfs/qyd 10G 3.7G 6.4G 37% /var/www/html
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# ls
index.html
[root@localhost html]# cat index.html
this is qyd
重启服务并输入IP地址查看
[root@localhost html]# systemctl restart httpd.service
配置网关
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-ipv6 ifdown-TeamPort ifup-ippp ifup-routes network-functions
ifcfg-lo ifdown-isdn ifdown-tunnel ifup-ipv6 ifup-sit network-functions-ipv6
ifdown ifdown-post ifup ifup-isdn ifup-Team
ifdown-bnep ifdown-ppp ifup-aliases ifup-plip ifup-TeamPort
ifdown-eth ifdown-routes ifup-bnep ifup-plusb ifup-tunnel
ifdown-ib ifdown-sit ifup-eth ifup-post ifup-wireless
ifdown-ippp ifdown-Team ifup-ib ifup-ppp init.ipv6-global
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.52.118
NETMASK=255.255.255.255
重启服务并查看
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ifconfig
设置路由
[root@localhost network-scripts]# route add -host 192.168.52.188 dev lo:0
[root@localhost network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.52.2 0.0.0.0 UG 100 0 0 ens33
192.168.52.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.52.188 0.0.0.0 255.255.255.255 UH 0 0 0 lo
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
开机执行命令
[root@localhost network-scripts]# vim /etc/rc.d/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
/usr/sbin/route add -host 192.168.52.188 dev lo:0
[root@localhost network-scripts]# chmod +x /etc/rc.d/rc.local
调整proc响应参数
[root@localhost network-scripts]# vim /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
客户机测试192.168.52.102
浏览器输入回环lo:0VIP地址:192.168.52.188