lvs简介
LVS,是Linux Virtual Server的简称,也就是Linux虚拟服务器, 是一个由章文嵩博士发起的自由软件项目。LVS由用户空间的ipvsadm和内核空间的IPVS组成,ipvsadm用来定义规则,IPVS利用ipvsadm定义的规则工作。现在LVS已经是 Linux标准内核的一部分,在Linux2.4内核以前,使用LVS时必须要重新编译内核以支持LVS功能模块,但是从Linux2.4内核以后,已经完全内置了LVS的各个功能模块,无需给内核打任何补丁,可以直接使用LVS提供的各种功能
lvs工作流程:
当用户发起请求时,lvs 调度器先将请求接收,调度器会根据收到请求的服务和根据自己预设的工作模式和算法来判断哪台服务器的负载较低,然后将此条请求转发给负载较低提供服务的服务器,由这台提供服务的服务器来处理此条请求,最后提供服务的服务器根据预设的工作模式来决定资源返回给客户端的方式。
lvs工具:
ipvsadm:工作在用户空间的命令行工具,用于管理集群服务
ipvs:工作于内核中netfilter INPUT钩子上
支持TCP,UDP,AH,EST,AH_EST,SCTP等多种协议
lvs专业名词:
调度器:director,dispatcher,balancer
RS:Real Server
Client IP:CIP
Director Virutal IP:VIP
Director IP:DIP
Real Server IP:RIP
三种工作模式
-
1、基于NAT的LVS模式负载均衡
NAT(Network Address Translation)即网络地址转换,其作用是通过数据报头的修改,使得位于企业内部的私有IP地址可以访问外网,以及外部用用户可以访问位于公司内部的私有IP主机。VS/NAT工作模式拓扑结构如图2所示,LVS负载调度器可以使用两块网卡配置不同的IP地址,eth0设置为私钥IP与内部网络通过交换设备相互连接,eth1设备为外网IP与外部网络联通。
第一步,用户通过互联网DNS服务器解析到公司负载均衡设备上面的外网地址,相对于真实服务器而言,LVS外网IP又称VIP(Virtual IP Address),用户通过访问VIP,即可连接后端的真实服务器(Real Server),而这一切对用户而言都是透明的,用户以为自己访问的就是真实服务器,但他并不知道自己访问的VIP仅仅是一个调度器,也不清楚后端的真实服务器到底在哪里、有多少真实服务器。第二步,用户将请求发送至124.126.147.168,此时LVS将根据预设的算法选择后端的一台真实服务器(192.168.0.1~192.168.0.3),将数据请求包转发给真实服务器,并且在转发之前LVS会修改数据包中的目标地址以及目标端口,目标地址与目标端口将被修改为选出的真实服务器IP地址以及相应的端口。
第三步,真实的服务器将响应数据包返回给LVS调度器,调度器在得到响应的数据包后会将源地址和源端口修改为VIP及调度器相应的端口,修改完成后,由调度器将响应数据包发送回终端用户,另外,由于LVS调度器有一个连接Hash表,该表中会记录连接请求及转发信息,当同一个连接的下一个数据包发送给调度器时,从该Hash表中可以直接找到之前的连接记录,并根据记录信息选出相同的真实服务器及端口信息。
2、基于TUN的LVS负载均衡
在LVS(NAT)模式的集群环境中,由于所有的数据请求及响应的数据包都需要经过LVS调度器转发,如果后端服务器的数量大于10台,则调度器就会成为整个集群环境的瓶颈。我们知道,数据请求包往往远小于响应数据包的大小。因为响应数据包中包含有客户需要的具体数据,所以LVS(TUN)的思路就是将请求与响应数据分离,让调度器仅处理数据请求,而让真实服务器响应数据包直接返回给客户端。VS/TUN工作模式拓扑结构如图3所示。其中,IP隧道(IP tunning)是一种数据包封装技术,它可以将原始数据包封装并添加新的包头(内容包括新的源地址及端口、目标地址及端口),从而实现将一个目标为调度器的VIP地址的数据包封装,通过隧道转发给后端的真实服务器(Real Server),通过将客户端发往调度器的原始数据包封装,并在其基础上添加新的数据包头(修改目标地址为调度器选择出来的真实服务器的IP地址及对应端口),LVS(TUN)模式要求真实服务器可以直接与外部网络连接,真实服务器在收到请求数据包后直接给客户端主机响应数据。
3.DR模式-直接路由模式 Virtual Server via Direct Routing(VS/DR)
DR模式也就是用直接路由技术实现虚拟服务器。它的连接调度和管理与VS/NAT和VS/TUN中的一样,但它的报文转发方法又有不同,VS/DR通过改写请求报文的MAC地址,将请求发送到Real Server,而Real Server将响应直接返回给客户,免去了VS/TUN中的IP隧道开销。这种方式是三种负载调度机制中性能最高最好的,但是必须要求Director Server与Real Server都有一块网卡连在同一物理网段上。
Director和RealServer必需在物理上有一个网卡通过不间断的局域网相连。 RealServer上绑定的VIP配置在各自Non-ARP的网络设备上(如lo或tunl),Director的VIP地址对外可见,而RealServer的VIP对外是不可见的。RealServer的地址即可以是内部地址,也可以是真实地址。
DR模式是通过改写请求报文的目标MAC地址,将请求发给真实服务器的,而真实服务器响应后的处理结果直接返回给客户端用户。同TUN模式一样,DR模式可以极大的提高集群系统的伸缩性。而且DR模式没有IP隧道的开销,对集群中的真实服务器也没有必要必须支持IP隧道协议的要求。但是要求调度器LB与真实服务器RS都有一块网卡连接到同一物理网段上,必须在同一个局域网环境。
LVS-DR模式特点和注意事项
- 在前端路由器做静态地址路由绑定,将对于VIP的地址仅路由到Director Server
- arptables:在arp的层次上实现在ARP解析时做防火墙规则,过滤RS响应ARP请求。修改RS上内核参数(arp_ignore和arp_announce)将RS上的VIP配置在网卡接口的别名上,并限制其不能响应对VIP地址解析请求。
- RS可以使用私有地址;但也可以使用公网地址,此时可以直接通过互联网连入RS以实现配置、监控等;
- RS的网关一定不能指向DIP;
- RS跟Dirctory要在同一物理网络内(不能由路由器分隔);
- 请求报文经过Directory,但响应报文一定不经过Director
- 不支持端口映射;
- RS可以使用大多数的操作系统
LVS负载均衡调度算法
VS的调度算法决定了如何在集群节点之间分布工作负荷。当director调度器收到来自客户端访问VIP的上的集群服务的入站请求时,director调度器必须决定哪个集群节点应该
处理请求。
Director调度器用的调度方法基本分为两类 (如下所列, LVS总共有10种调度算法, 常用的也就四种调度算法, 下面会说到):
静态调度算法:rr,wrr,dh,sh
动态调度算法:wlc,lc,lblc,lblcr, sed, nq
静态算法
rr(轮询)
轮询调度:这种是最简单的调度算法,就是将请求A一个,B一个,A一个,B一个 … 循环的发。就算A主机挂掉了,调度器还是会将请求发送到A。十分均衡。
wrr(权重, 即加权轮询)
加权轮询调度:这种算法是在rr基础上实现的,只不过加了权重,权重范围为1-100,假设A的服务器性能好,就给A的权重设置的高一点,设为2,而B主机是1。这样就实现A二个,B一个,A二个,B一个 … 循环的发。这样照顾到了服务器性能。
sh(源地址哈希)
源地址散列:主要是实现将此前的session(会话)绑定。将此前客户的源地址作为散列键,从静态的散列表中找出对应的服务器,只要目标服务器是没有超负荷的就将请求发送过去。就是说某客户访问过A,现在这个客户又来了,所以客户请求会被发送到服务过他的A主机。
dh(目的地址哈希)
目的地址散列:以目的地址为关键字查找一个静态hash表来获得需要的RS。以目标地址为标准挑选。 功能是和sh近似的,但应用场景不同; 举个dh调度算法的例子:假设1号客户访问了web集群的一个动态页面,调度器将请求转发个A服务器,A服务器的PHP将这个动态请求运行了一遍,生成了缓存并回应1号客户。这下2号客户也访问了这个动态页面,调度器应该将请求发给A。毕竟A已经跑过这段程序了,有缓存,对吧。所以这既是dh算法)
动态算法
动态
根据算法及各RS的当前负载状态进行调度,根据指定的算法算出overhead(负载),最终挑选出overhead值最小的则为被选中的RS。
LC:Least Connection,最少连接数,算法如下:
overhead = Active * 256 + Inactive
WLC:Weighted LC,加权的LC,算法如下:
overhead=(Active*256+Inactive)/ weight
SED:Shortest Expection Delay,最短期望延迟,算法如下:
overhead = (Active + 1) * 256 / weight
NQ:Nevel Queue,是SED算法的改进,根据SED算法每台主机第一次至少要均分配一次,然后再按SED算法来挑选。
LBLC:Locality-Based LC,基于本地的最少连接数,即为动态的DH算法。
正向代理情形下的cache server调度。
LBLCR:Locality-Based Least-Connection with Replication,带复制功能的LBLC算法。
lvs配置:
nat模式
要求:
nat模式实现http和https两种负载均衡集群,每个RS都要提供同一个私钥和同一个证书
| ip类型 | ip地址 |
|---|---|
| VIP | 192.168.100.123 |
| DIP | 192.168.98.123 |
| R1IP | 192…168.98.77 |
| R2IP | 192.168.98.88 |
安装过程请找脚本
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..............+++++
.................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ZDJ
Organizational Unit Name (eg, section) []:ZDJ
Common Name (eg, your name or your server's hostname) []:zdj.com
Email Address []:1@2.com
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
...................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ZDJ
Organizational Unit Name (eg, section) []:ZDJ
Common Name (eg, your name or your server's hostname) []:zdj.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
[root@localhost CA]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jun 14 14:32:35 2021 GMT
Not After : Jun 14 14:32:35 2022 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = ZDJ
organizationalUnitName = ZDJ
commonName = zdj.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
2A:55:39:2C:01:07:0A:ED:D2:43:57:0C:65:04:C1:20:A8:F6:E4:53
X509v3 Authority Key Identifier:
keyid:1B:81:BC:B9:AA:11:D6:68:22:5E:D5:C6:33:E4:AB:25:A9:37:4C:31
Certificate is to be certified until Jun 14 14:32:35 2022 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost CA]# mv httpd.key httpd.crt /etc/httpd/
[root@localhost CA]# scp /etc/httpd/httpd.key 192.168.98.88:/etc/httpd/
The authenticity of host '192.168.98.88 (192.168.98.88)' can't be established.
ECDSA key fingerprint is SHA256:z3c/27WLwROrI78hoFgydslIBbisv+qFqoe9llRiKLA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '192.168.98.88' (ECDSA) to the list of known hosts.
root@192.168.98.88's password:
httpd.key 100% 1675 1.3MB/s 00:00
[root@localhost CA]# scp /etc/httpd/httpd.crt 192.168.98.88:/etc/httpd/
root@192.168.98.88's password:
httpd.crt 100% 4495 5.0MB/s 00:00
[root@R1 CA]# echo "R1" >/usr/local/apache/htdocs/index.html
[root@R2 ~]# echo "R2" >/usr/local/apache/htdocs/index.html
关闭三台机子的防火墙
[root@lb ~]# systemctl disable --now firewalld
[root@lb ~]# setenforce 0
[root@R1 CA]# systemctl disable --now firewalld
[root@R1 CA]# setenforce 0
[root@R2 ~]# systemctl disable --now firewalld
[root@R2 ~]# setenforce 0
在调度器上开启IP转发功能
[root@lb ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@lb ~]# sysctl -p
net.ipv4.ip_forward = 1
在调度器上添加并保持规则
[root@lb ~]# ipvsadm -A -t 192.168.100.123:80 -s rr
[root@lb ~]# ipvsadm -a -t 192.168.100.123:80 -r 192.168.98.77:80 -m
[root@lb ~]# ipvsadm -a -t 192.168.100.123:80 -r 192.168.98.88:80 -m
[root@lb ~]# ipvsadm -A -t 192.168.100.123:443 -s rr
[root@lb ~]# ipvsadm -a -t 192.168.100.123:443 -r 192.168.98.77:443 -m
[root@lb ~]# ipvsadm -a -t 192.168.100.123:443 -r 192.168.98.88:443 -m
[root@lb ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@lb ~]# cat /etc/sysconfig/ipvsadm
-A -t 192.168.100.123:80 -s rr
-a -t 192.168.100.123:80 -r 192.168.98.77:80 -m -w 1
-a -t 192.168.100.123:80 -r 192.168.98.88:80 -m -w 1
-A -t 192.168.100.123:443 -s rr
-a -t 192.168.100.123:443 -r 192.168.98.77:443 -m -w 1
-a -t 192.168.100.123:443 -r 192.168.98.88:443 -m -w 1
设置开机自启
[root@lb ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@lb ~]# echo "ipvsadm -R < /etc/sysconfig/ipvsadm" >>/etc/rc.d/rc.local
将RIP的网关都指向DIP
[root@R1 CA]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.98.77
PREFIX=24
GATEWAY=192.168.98.123
DNS1=114.114.114.114
[root@R2 htdocs]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.98.88
PREFIX=24
GATEWAY=192.168.98.123
DNS1=114.114.114.114
测试效果
[root@lb ~]# curl 192.168.100.123
R1
[root@lb ~]# curl 192.168.100.123
R2
[root@lb ~]# curl 192.168.100.123
R1
[root@lb ~]# curl 192.168.100.123
R2
dr模式
要求:
dr模式实现http和https两种负载均衡居群,各RS都要提供通过一个私钥和同一个证书
| IP类型 | IP地址 |
|---|---|
| VIP | 192.168.98.66 |
| DIP | 192.168.98.123 |
| R1IP | 192.168.98.77 |
| R2IP | 192.168.98.88 |
安装完成http后获取证书
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..............+++++
.................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ZDJ
Organizational Unit Name (eg, section) []:ZDJ
Common Name (eg, your name or your server's hostname) []:zdj.com
Email Address []:1@2.com
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
...................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ZDJ
Organizational Unit Name (eg, section) []:ZDJ
Common Name (eg, your name or your server's hostname) []:zdj.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
[root@localhost CA]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jun 14 14:32:35 2021 GMT
Not After : Jun 14 14:32:35 2022 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = ZDJ
organizationalUnitName = ZDJ
commonName = zdj.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
2A:55:39:2C:01:07:0A:ED:D2:43:57:0C:65:04:C1:20:A8:F6:E4:53
X509v3 Authority Key Identifier:
keyid:1B:81:BC:B9:AA:11:D6:68:22:5E:D5:C6:33:E4:AB:25:A9:37:4C:31
Certificate is to be certified until Jun 14 14:32:35 2022 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost CA]# mv httpd.key httpd.crt /etc/httpd/
[root@localhost CA]# scp /etc/httpd/httpd.key 192.168.98.88:/etc/httpd/
The authenticity of host '192.168.98.88 (192.168.98.88)' can't be established.
ECDSA key fingerprint is SHA256:z3c/27WLwROrI78hoFgydslIBbisv+qFqoe9llRiKLA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '192.168.98.88' (ECDSA) to the list of known hosts.
root@192.168.98.88's password:
httpd.key 100% 1675 1.3MB/s 00:00
[root@localhost CA]# scp /etc/httpd/httpd.crt 192.168.98.88:/etc/httpd/
root@192.168.98.88's password:
httpd.crt 100% 4495 5.0MB/s 00:00
[root@R1 CA]# echo "R1" >/usr/local/apache/htdocs/index.html
[root@R2 ~]# echo "R2" >/usr/local/apache/htdocs/index.html
在调度器上配置VIP和DIP
[root@lb ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.98.123
NETMASK0=255.255.255.0
IPADDR1=192.168.98.66
NETMASK1=255.255.255.0
GATEWAY=192.168.98.2
DNS1=114.114.114.114
在RS上关闭arp包的通告和响应然后配置RIP和VIP
[root@R1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@R2 ~]# cat >> /etc/sysctl.conf <<EOF
> net.ipv4.conf.all.arp_ignore=1
> net.ipv4.conf.all.arp_announce=2
> EOF
[root@R2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@R1 ~]# ifconfig lo:0 192.168.98.66/32 broadcast 192.168.98.66 up
[root@R1 ~]# route add -host 192.168.98.66 dev lo:0
[root@R1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.98.77
NETMASK=255.255.255.0
GATEWAY=192.168.98.2
DNS1=114.114.114.114
[root@R2 ~]# ifconfig lo:0 192.168.98.66/32 broadcast 192.168.98.66 up
[root@R2 ~]# route add -host 192.168.98.66 dev lo:0
[root@R2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.98.88
NETMASK=255.255.255.0
GATEWAY=192.168.98.2
DNS1=114.114.114.114
在调度器上添加,保存规则并开机自动读取规则
[root@lb ~]# ipvsadm -A -t 192.168.98.66:80 -s rr
[root@lb ~]# ipvsadm -a -t 192.168.98.66:80 -r 192.168.98.77:80 -g
[root@lb ~]# ipvsadm -a -t 192.168.98.66:80 -r 192.168.98.88:80 -g
[root@lb ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.98.66:80 rr
-> 192.168.98.77:80 Route 1 0 0
-> 192.168.98.88:80 Route 1 0 0
[root@lb ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@lb ~]# echo "ipvsadm -Sn > /etc/sysconfig/ipvsadm" >>/etc/rc.d/rc.local
测试
[root@lb ~]# curl 192.168.98.66
R1
[root@lb ~]# curl 192.168.98.66
R2
[root@lb ~]# curl 192.168.98.66
R1
[root@lb ~]# curl 192.168.98.66
R2
1695
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
