一、lvs直接路由(TUN)的原理
1.客户端cip访问一个数据包到一个vip,此数据包中包含该客户端的源ip地址和目标ip地址。
2.访问请求到达vip所在的路由中,于是路由器发送arp广播确定要使用的mac地址,这时只要Director回复,于是数据包就被发送到了Director(注意:在dr模式中,Director和realserver是在同一个网络中,它们拥有相同的虚拟vip,它们也是可以响应arp来被当做服务器被直接访问的,但是在RealServer上面配置了忽略请求的协议,所以只有Director会响应arp广播)。
3.当数据包到达Director时,Director将数据包转发给RealServer,源地址和目的地址不变,还是cip和vip,但是此时的mac地址为realserver的mac。
4.数据包通过mac发送到realserver中,realserver在响应信息直接发送给客户端。
协议:
arp广播协议:(addressresolution protocol)
ARP地址解析协议(Address ResolutionProtocol)是获取物理地址的一个TCP/IP协议。
//某节点的IP地址的ARP请求被广播到网络上后,这个节点会收到确认其物理地址的应答,这样的数据包才能被传送出去。RARP(逆向ARP)经常在无盘工作站上使用,以获得它的逻辑IP地址。
二、实验环境
1.准备三台虚拟机:
- Director_server1:
- (DIP) 172.25.71.1/24
- (VIP) 172.25.71.100/24
- Real_server2:
- (RIP) 172.25.71.2/24
- (VIP) 172.25.71.100/24
- Real_server2: (RIP) 172.25.71.2/24
- (VIP) 172.25.71.100/24
2.Iptables -F //清楚规则
3.Selinux=disabled
4.Red hat 6.5版本64位操作系统
三、实验
3.1 配置Director_Server1:
1:配置网络
server1:
[root@server1 ~]# ip addr add 172.25.71.100/24 dev eth0 //添加VIP
[root@server1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:a0:aa:94 brd ff:ff:ff:ff:ff:ff
inet 172.25.71.1/24 brd 172.25.71.255 scope global eth0
inet 172.25.71.100/24 scope global secondary eth0
inet6 fe80::5054:ff:fea0:aa94/64 scope link
valid_lft forever preferred_lft forever
2:打开路由转发功能
[root@server1 ~]# cat /proc/sys/net/ipv4/ip_forward //打开路由转发功能
1 (1表示开启,0关闭)
3:配置 LVS TUN模式
[root@server1 ~]# yum install ipvsadm -y //安装ipvsadm,此处我已经安装
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Package ipvsadm-1.26-2.el6.x86_64 already installed and latest version
Nothing to do
[root@server1 ~]# ipvsadm -A -t 172.25.71.100:80 -s rr //添加VIP,指定算法
[root@server1 ~]# ipvsadm -a -t 172.25.71.100:80 -r 172.25.71.2 -i
//添加Realserver,-i 指隧道模式
[root@server1 ~]# ipvsadm -a -t 172.25.71.100:80 -r 172.25.71.3 -i
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.71.100:80 rr
-> 172.25.71.2:80 Tunnel 1 0 0
-> 172.25.71.3:80 Tunnel 1 0 0
3.2 配置Real_Server2:
1:配置RIP:
[root@server2 network-scripts]# vim ifcfg-eth0 //RIP
[root@server2 ~]# modprobe ipip //加载ipip模块手动加载tunl0隧道
[root@server2 ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 52:54:00:1F:4A:61
inet addr:172.25.71.2 Bcast:172.25.71.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe1f:4a61/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:309 errors:0 dropped:0 overruns:0 frame:0
TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25623 (25.0 KiB) TX bytes:10891 (10.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:344 (344.0 b) TX bytes:344 (344.0 b)
tunl0 Link encap:IPIP Tunnel HWaddr //隧道加载
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
//注:如果没有在此处手动加载,那么使用ifconfig tunl0 时,会自动加载ipip隧道模块。使用 ifconfig -a 查看可以tunl0 。
2:配置VIP: 生成ifcfg-tunl0配置文件:
[root@server2 network-scripts]# vim ifcfg-tunl0 //配置VIP
[root@server2 network-scripts]# /etc/init.d/network restart //重启网络
Shutting down interface eth0: [ OK ]
Shutting down interface tunl0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 172.25.71.2 is already in use for device eth0...
[ OK ]
Bringing up interface tunl0: Determining if ip address 172.25.71.100 is already in use for device tunl0...
[ OK ]
3:关闭arp转发
[root@server2 network-scripts]# vim /etc/sysctl.conf
[root@server3 network-scripts]# sysctl -p //永久生效策略
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
4.关闭路由转发
[root@server2 network-scripts]# echo '0' > /proc/sys/net/ipv4/ip_forward
//关闭路由转发
[root@server2 network-scripts]# cat /proc/sys/net/ipv4/ip_forward
0 //(0为关闭)
5.设置发布网页
[root@server2 network-scripts]# cat /var/www/html/index.html //设置web发布网页
www.westos.com -server2
3.2 配置Real_Server3:
//操作步骤同Real_Server2:
[root@server3 ~]# cat /var/www/html/index.html //设置web发布网页
www.westos.com -server3
四.测试
注:不能在分发器上直接测试,需要去其他机器上测试!!!
物理机:
测试成功!