1、LVS-NAT模式实现
环境:
共四台主机
一台: internet client:192.168.10.6/24 GW:无 仅主机
一台:lvs
eth1 仅主机 192.168.10.100/16
eth0 NAT 10.0.0.8/24
两台RS:
RS1: 10.0.0.7/24 GW:10.0.0.8 NAT
RS2: 10.0.0.17/24 GW:10.0.0.8 NAT
#client网卡配置:
[root@internet ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.10.6
PREFIX=24
ONBOOT=yes
#lvs网卡配置:
[root@lvs network-scripts]#cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.8
PREFIX=24
ONBOOT=yes
[root@lvs network-scripts]#cat ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.10.100
PREFIX=24
ONBOOT=yes
#后端RS1网卡配置:
[root@rs1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.7
PREFIX=24
GATEWAY=10.0.0.8
ONBOOT=yes
#后端RS2网卡配置
[root@rs2 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.8
ONBOOT=yes
#配置RS1的网站,实际生产环境应该配置RS1和RS2网页一样,这里实验方便观察所以配置不一样。
[root@rs1 ~]#curl 10.0.0.7
10.0.0.7 RS1
#配置RS2的网站
[root@rs2 ~]#curl 10.0.0.17
10.0.0.17 RS2
#修改内核参数,开启流量转发
[root@lvs-server ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
#使生效
[root@lvs-server ~]#sysctl -p
net.ipv4.ip_forward = 1
#配置LVS集群及添加RS服务器
[root@lvs-server ~]#ipvsadm -A -t 192.168.10.100:80 -s wrr
[root@lvs-server ~]#ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.7:80 -m
[root@lvs-server ~]#ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.17:80 -m
#查看lvs规则
[root@lvs-server ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 wrr
-> 10.0.0.7:80 Masq 1 1 0
-> 10.0.0.17:80 Masq 1 0 0
[root@internet ~]#while :;do curl 192.168.10.100;sleep 0.5;done
rs1.magedu.org
rs2.magedu.org
rs1.magedu.org
rs2.magedu.org
rs1.magedu.org
rs2.magedu.org
[root@lvs-server ~]#ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.10.100:80 67 405 255 32436 30092
-> 10.0.0.7:80 34 203 128 16244 15072
-> 10.0.0.17:80 33 202 127 16192 15020
[root@lvs-server ~]#cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP C0A80A64:0050 wrr
-> 0A000011:0050 Masq 1 0 98
-> 0A000007:0050 Masq 1 0 97
[root@lvs-server ~]#ipvsadm -Lnc
IPVS connection entries
pro expire state source virtual destination
TCP 01:55 TIME_WAIT 192.168.10.6:43486 192.168.10.100:80 10.0.0.17:80
TCP 00:19 TIME_WAIT 192.168.10.6:43476 192.168.10.100:80 10.0.0.7:80
TCP 01:58 TIME_WAIT 192.168.10.6:43500 192.168.10.100:80 10.0.0.7:80
TCP 01:58 TIME_WAIT 192.168.10.6:43498 192.168.10.100:80 10.0.0.17:80
TCP 01:59 TIME_WAIT 192.168.10.6:43502 192.168.10.100:80 10.0.0.17:80
TCP 01:57 TIME_WAIT 192.168.10.6:43494 192.168.10.100:80 10.0.0.17:80
TCP 01:57 TIME_WAIT 192.168.10.6:43496 192.168.10.100:80 10.0.0.7:80
TCP 01:56 TIME_WAIT 192.168.10.6:43490 192.168.10.100:80 10.0.0.17:80
TCP 00:20 TIME_WAIT 192.168.10.6:43480 192.168.10.100:80 10.0.0.7:80
TCP 01:56 TIME_WAIT 192.168.10.6:43492 192.168.10.100:80 10.0.0.7:80
TCP 01:55 TIME_WAIT 192.168.10.6:43488 192.168.10.100:80 10.0.0.7:80
TCP 00:20 TIME_WAIT 192.168.10.6:43478 192.168.10.100:80 10.0.0.17:80
TCP 01:59 TIME_WAIT 192.168.10.6:43504 192.168.10.100:80 10.0.0.7:80
TCP 01:54 TIME_WAIT 192.168.10.6:43484 192.168.10.100:80 10.0.0.7:80
TCP 01:54 TIME_WAIT 192.168.10.6:43482 192.168.10.100:80 10.0.0.17:80
[root@lvs-server ~]#cat /proc/net/ip_vs_conn
Pro FromIP FPrt ToIP TPrt DestIP DPrt State Expires PEName PEData
TCP C0A80A06 A9DE C0A80A64 0050 0A000011 0050 TIME_WAIT 72
TCP C0A80A06 A9EC C0A80A64 0050 0A000007 0050 TIME_WAIT 76
TCP C0A80A06 AA64 C0A80A64 0050 0A000007 0050 TIME_WAIT 106
TCP C0A80A06 AA0C C0A80A64 0050 0A000007 0050 TIME_WAIT 84
TCP C0A80A06 AA3A C0A80A64 0050 0A000011 0050 TIME_WAIT 95
TCP C0A80A06 AA86 C0A80A64 0050 0A000011 0050 TIME_WAIT 115
TCP C0A80A06 AA78 C0A80A64 0050 0A000007 0050 TIME_WAIT 111
TCP C0A80A06 AA06 C0A80A64 0050 0A000011 0050 TIME_WAIT 82
TCP C0A80A06 AA44 C0A80A64 0050 0A000007 0050 TIME_WAIT 98
TCP C0A80A06 AA2C C0A80A64 0050 0A000007 0050 TIME_WAIT 92
#保存规则
[root@lvs-server ~]#ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@lvs-server ~]#systemctl enable --now ipvsadm.service
2、LVS的跨网络DR实现
#环境准备:
5台主机
客户端client vmnet1仅主机网络 eth0:192.169.33.160/24 GW:192.168.33.200
路由器router vmnet1仅主机网络 eth1:192.169.33.200/24
vmnet8 NAT网络 eth0: 10.0.0.200/24 eth0:1: 192.168.0.200/24
负载调度器LVS vip:lo 192.168.0.100/32
DIP:eth0 NAT 10.0.0.150/24 GW:10.0.0.200
后端web服务器RS1 vip:lo 192.168.0.100/32
DIP:eth0 NAT 10.0.0.160/24 GW:10.0.0.200
后端web服务器RS2 vip:lo 192.168.0.100/32
DIP:eth0 NAT 10.0.0.170/24 GW:10.0.0.200
#client:
[root@client ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.33.160
PREFIX=24
GATEWAY=192.168.33.200
[root@client ~]# systemctl restart network
#router:
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.200
PREFIX=24
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.33.200
PREFIX=24
[root@router ~]# systemctl restart network
#添加临时eth0网卡子接口eth0:1配置ip地址。
[root@router ~]# ip a add 192.168.0.200/24 dev eth0
#测试仅主机网络,和客户端正常通信
[root@router ~]# ping 192.168.33.160
PING 192.168.33.160 (192.168.33.160) 56(84) bytes of data.
64 bytes from 192.168.33.160: icmp_seq=1 ttl=64 time=0.490 ms
64 bytes from 192.168.33.160: icmp_seq=2 ttl=64 time=0.859 ms
#配置开启路由转发功能
[root@router ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@router ~]# cat /proc/sys/net/ipv4/ip_forward
1
#LVS:
#网络配置
[root@lvs ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.150
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@lvs ~]#nmcli c reload
[root@lvs ~]#nmcli c up eth0
[root@lvs ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@lvs ~]#ping 192.168.33.160
PING 192.168.33.160 (192.168.33.160) 56(84) bytes of data.
64 bytes from 192.168.33.160: icmp_seq=1 ttl=63 time=0.919 ms
64 bytes from 192.168.33.160: icmp_seq=2 ttl=63 time=4.51 ms
#配置vip
[root@lvs ~]#ifconfig lo:1 192.168.0.100 netmask 255.255.255.255
#RS1:
#网络配置
[root@RS1 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.160
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@RS1 ~]#nmcli c reload
[root@RS1 ~]#nmcli c up eth0
[root@RS1 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
#web服务配置
[root@RS1 ~]#yum install -y httpd
[root@RS1 ~]#echo 10.0.0.160 >> /var/www/html/index.html
[root@RS1 ~]#systemctl restart httpd
[root@RS1 ~]#curl localhost
10.0.0.160
#IPVS配置
[root@RS1 ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS1 ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@RS1 ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS1 ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#配置vip
[root@RS1 ~]#ifconfig lo:1 192.168.0.100 netmask 255.255.255.255
#RS2:
#网络配置
[root@RS2 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.170
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@RS2 ~]#nmcli c reload
[root@RS2 ~]#nmcli c up eth0
#web服务配置
[root@RS2 ~]#yum install -y httpd
[root@RS2 ~]#echo 10.0.0.170 >> /var/www/html/index.html
[root@RS2 ~]#systemctl restart httpd
[root@RS2 ~]#curl localhost
10.0.0.170
#IPVS配置
[root@RS2 ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS2 ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@RS2 ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS2 ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#配置vip
[root@RS2 ~]#ifconfig lo:1 192.168.0.100 netmask 255.255.255.255
#LVS集群配置:
[root@lvs ~]#yum install -y ipvsadm-1.31-1.el8.x86_64.rpm
[root@lvs ~]#ipvsadm -A -t 192.168.0.100:80 -s wrr
[root@lvs ~]#ipvsadm -a -t 192.168.0.100:80 -r 10.0.0.160 -g -w 1
[root@lvs ~]#ipvsadm -a -t 192.168.0.100:80 -r 10.0.0.170 -g -w 1
#测试client:
[root@client ~]# curl 192.168.0.100
10.0.0.170
[root@client ~]# curl 192.168.0.100
10.0.0.160
[root@client ~]# curl 192.168.0.100
10.0.0.170
[root@client ~]# curl 192.168.0.100
10.0.0.160
LVS的NAT、DR模型实现
发布时间 2023-10-08 09:56:10作者: 小糊涂90